A decisive step forward in shaping the future of Europe's digital economy has been taken by the regulation of harmonised rules for fair access to and use of data, commonly known as the EU Data Act, which has moved from a legislative text to a binding document. 

The regulation was first adopted into force on the 11th of January 2024 and came into full effect on the 12th of September 2025, and is regarded as the foundation for the EU’s broader data strategy. Its policymakers believe that this is crucial to the Digital Decade's goal of accelerating digital transformation across industries by ensuring that the data generated within the EU can be shared, accessed, and used more equitably, as a cornerstone of the Digital Decade's ambition. 

The Data Act is not only a technical framework for creating a more equitable digital landscape, but it is also meant to rebalance the balance of power in the digital world, giving rise to new opportunities for innovation while maintaining the integrity of the information. With the implementation of the Data Act in place from 12 September 2025, the regulatory landscape will be dramatically transformed for companies that deal with connected products, digital services, or cloud or other data processing solutions within the European Union, regardless of whether the providers are located within its borders or beyond. 

It seems that businesses were underestimating the scope of the regime before it was enforced, but as a result, the law sets forth a profound set of obligations that go well beyond what was previously known. In essence, this regulation grants digital device and service users unprecedented access rights to the data they generate, regardless of whether that data is personal or otherwise. Until recently, the rights were mostly unregulated, which meant users had unmatched access to data. 

The manufacturer, service provider, and data owner will have to revise existing contractual arrangements in order to comply with this regulation. This will be done by creating a framework for data sharing on fair and transparent terms, as well as ensuring that extensive user entitlements are in place. 

It also imposes new obligations on cloud and processing service providers, requiring them to provide standardised contractual provisions that allow for switching between services. A violation of these requirements will result in a regulatory investigation, civil action, or significant financial penalties, which is the same as a stringent enforcement model used by the General Data Protection Regulation (GDPR), which has already changed the way data practices are handled around the world today. 

According to the EU Data Act, the intention is to revolutionise the way information generated by connected devices and cloud-based services is accessed, managed and exchanged within and across the European Union. In addition to establishing clear rules for access to data, the regulations incorporate obligations to guarantee organisations' service portability, and they embed principles of contractual fairness into business agreements as a result. 

The legislation may have profound long-term consequences, according to industry observers. It is not possible to ignore the impact that the law could have on the digital economy, as Soniya Bopache, vice president and general manager for data compliance at Arctera, pointed out, and she expected that the law would change the dynamics of the use and governance of data for a long time to come. 

It is important to note that the EU Data Act has a broader scope than the technology sector, with implications for industries that include manufacturing, transportation, consumer goods, and cloud computing in addition to the technology sector. Additionally, the regulation is expected to benefit both public and private institutions, emphasising how the regulation has a broad impact. 

Cohesity's vice president and head of technology, Peter Grimmond, commented on the law's potential by suggesting that, by democratising and allowing greater access to data, the law could act as a catalyst for innovation. It was suggested that organisations that already maintain strong compliance and classification procedures will benefit from the Act because it will provide an environment where collaboration can thrive without compromising individual rights or resilience. 

Towards the end of the EU regulation, the concept of data access and transparency was framed as a way to strengthen Europe's data economy and increase competitiveness in the market, according to EU policymakers. It is becoming increasingly evident that connected devices generate unprecedented amounts of information. 

As a result of this legislation, businesses and individuals alike are able to use this data more effectively by granting greater control over the information they produce, which is of great importance to businesses and individuals alike. Additionally, Grimmond said that the new frameworks for data sharing between enterprises are an important driver of long-term benefits for the development of new products, services, and business models, and they will contribute to the long-term development of the economy. 

There is also an important point to be made, which is that the law aims to achieve a balance between the openness of the law and the protected standards that Europe has established, aligned with GDPR's global privacy benchmark, and complementing the Digital Operational Resilience Act (DORA), so that the levels of trust and security are maintained. 

In some ways, the EU Data Act will prove to be even more disruptive than the EU Artificial Intelligence Act, as it will be the most significant overhaul of European data laws since the GDPR and will have a fundamental effect on how businesses handle information collected by connected devices and digital services in the future. 

Essentially, the Regulation is a broad-reaching law that covers both personal data about individuals as well as non-personal data, such as technical and usage information that pertains to virtually every business model associated with digital products and services within the European Union. This law creates new sweeping rights for users, who are entitled to access to the data generated by their connected devices at any time, including real-time, where it is technically feasible, as per Articles 4 and 5. 

Additionally, these rights allow users to determine who else may access such data, whether it be repairers, aftermarket service providers, or even direct competitors, while allowing users to limit how such data is distributed by companies. During the years 2026 and 2030, manufacturers will be required to make sure that products have built-in data accessibility at no extra charge, which will force companies to reconsider their product development cycles, IT infrastructure, and customer contracts in light of this requirement. 

Moreover, the legislation provides guidelines for fair data sharing and stipulates that businesses are required to provide access on reasonable, non-discriminatory terms, and prohibits businesses from stating terms in their contracts that impede or overcharge for access in a way that obstructs it. As a result of this, providers of cloud computing and data processing services face the same transformative obligations as other companies, such as mandatory provisions that allow customers to switch services within 30 days, prohibit excessive exit fees, and insist that contracts be transparent so vendors won't get locked into contracts. 

There are several ways in which these measures could transform fixed-term service contracts into rolling, short-term contracts, which could dramatically alter the business model and competitive dynamics in the cloud industry. The regulation also gives local authorities the right to request data access in cases of emergency or when the public interest requires it, extending its scope beyond purely commercial applications. 

In all Member States, enforcement will be entrusted to national authorities who will be able to impose large fines for non-compliance, as well as provide a new path for collective civil litigation, opening doors to the possibility of mass legal actions similar to class actions in the US. Likely, businesses from a broad range of industries, from repair shops to insurers to logistics providers to AI developers, will all be able to benefit from greater access to operational data. 

In the meantime, sectors such as the energy industry, healthcare, agriculture, and transportation need to be prepared to respond to potential government requests. In total, the Data Act constitutes an important landmark law that rebalances power between companies and users, while redrawing the competitive landscape for Europe's digital economy in the process. In the wake of the EU Data Act's compliance deadline, it will not simply be viewed as a regulatory milestone, but also as a strategic turning point for the digital economy as a whole. 

Business owners must now shift from seeing compliance as an obligation to a means of increasing competitiveness, improving customer trust, and unlocking new value through data-driven innovation to strengthen their competitiveness and deepen customer relationships. In the future, businesses that take proactive steps towards redesigning their products, modernising their IT infrastructure, and cultivating transparent data practices are better positioned to stay ahead of the curve and develop stronger relationships with their users, for whom information is now more in their control. 

Aside from that, the regulation has the potential to accelerate the pace of digital innovation across a wide range of sectors by lowering barriers to switching providers and enforcing fairer contractual standards, stimulating a more dynamic and collaborative marketplace. This Act provides the foundation for a robust public-interest data use system in times of need for governments and regulators. 

In the end, the success of this ambitious framework will rest on how quickly the business world adapts and how effective its methods are at developing a fairer, more transparent, and more competitive European data economy, which can be used as a global benchmark in the future.