The EU Data Act, which is effective as of today (12 September 2025), empowers citizens to have control over the data generated by their connected devices, such as smartwatches and cars. The European Commission highlights that this act also presents opportunities for small businesses to utilize this data for developing innovative after-sale services.
Users of connected devices, both in business and consumer sectors, can now access, utilize, and share the raw data produced by their devices.
One of the key provisions of the EU Data Act is that it allows manufacturing and agriculture companies to access data regarding the performance of industrial equipment, which can enhance their efficiency and operations. It also enables cloud users to switch between providers or utilize services from multiple providers simultaneously. Moreover, it prohibits unfair contracts that could hinder data-sharing.
Chris Gow, the senior director for EU public policy and head of the Brussels office for government affairs at Cisco, emphasized the uniqueness of the act, stating, “There are lots of types of data governance stores, but this is unique in that it is about sharing private sector data. Companies and enforcement agencies are still figuring out how this will work in practice.”
Linzi Penman, head of the UK technology practice at DLA Piper, expressed concerns about regulatory fatigue and the complexity of the EU Data Act, noting the challenges faced by organizations in managing the regulatory environment.
Complex and nuanced scope
Penman highlighted the complexity of the act and the extension of data accessibility rights beyond personal data, which poses significant compliance challenges for companies.
Brenton O’Callaghan, chief product officer at Avantra, acknowledged the benefits of allowing cost-effective data transfer between clouds but cautioned about potential complexities and requirements from major cloud providers.
Regarding the regulatory impact on AI systems, O’Callaghan emphasized the importance of maintaining a risk-based approach to prevent excessive compliance measures from hindering innovation.
The act, although not directly applicable in the UK, impacts UK businesses operating in the EU and dealing with connected devices. The UK’s Data Use and Access Act 2025, implemented in June 2025, aims to streamline data processing and sharing for organizations.
Peter Kyle, former technology secretary, expressed the government’s ambition to leverage data similar to the European Commission, stating, “These new laws will finally unleash that power.”
