Data Act

The European data regulatory framework has changed significantly. The Data Act, which entered into force in January 2024, transforms how data is shared between organizations, government bodies, and end users. It provides much awaited legal clarity regarding who can use what data and under which conditions.

Game changing rules for data access and data utilization

The Data Act sets new fundamental rules for the sharing and use of data across all data-utilizing sectors. One of the Data Act’s most significant obligations is that "connected products" and their "related services" must be designed in a way that primarily gives the user access to the data generated by the product or service, and the right to share the data with third parties.

Connected products are essentially items capable of collecting and transmitting data about their use and surrounding environment, such as industrial machinery and smart home equipment. Related service means a digital service, including software, which provides additional functionalities, enhancements, or maintenance related to that product in such a way, that its absence would prevent the product from performing one of its functions.

Additionally, the Data Act

  • grants public sector authorities access and usage rights to data held by private companies under specifically described conditions in certain exceptional needs;

  • prevents unreasonable contract terms related to data utilization and sharing, and

  • mandates interoperability for data sharing services.

Data Act’s application begins in stages such that a significant number of the Data Act’s provisions will become applicable in September 2025. This means that companies should start to prepare themselves for potential data sharing with customers, businesses, and public institutions.

How to prepare for the requirements?

A blue icon with a display and three circles under it

Data Inventory & Classification

Identify and categorize the data types in scope of Data Act (e.g., trade secrets, sensitive data, personal data)

Decide what data should be directly available or extractable in the future

Decide what data will be extractable and provided to 3rd parties upon request in the future

A blue icon with cogwheels coming outside of the screen

Risk Management

Identify and assess risks related to data access and sharing

Plan and implement appropriate technical and organizational measures for data & cyber risk management ⇾ GDPR and personal data related obligations, how to secure trade secrets

A blue icon with hands holding a tablet and adjusting its view controls.

Design Access

Plan and design how data can be made directly available to users

Plan and design how ’readily available data’ can be made available/provided upon request to user or 3rd parties

Plan and design the request mechanisms and required processes

Icon blue hands holding promise agreemenent

Transparency & Contracts

Draft the necessary transparency information/documentation towards the users

Plan and draft the necessary changes to contracts and contractual safeguards for data sharing ⇾ GDPR and personal data related obligations, how to secure trade secrets

Insta combines expertise in administrative and technical cybersecurity, software development, and data regulation all under one roof. This enables us to offer comprehensive support to our clients in complying with emerging data regulatory requirements.

Example of a Data Act Compliance Project facilitated by Insta

Stay on top of the industry trends and subscribe to our newsletter

The most important news, inspiring articles, and up-to-date insights from our experts across various industries and information about our upcoming events.

Accept the terms and conditions. We handle your information responsibly.
Please review our privacy policy.