The Data Act regulates fair data access and use and is intended to improve the economic usability of data within the EU. The new EU regulation contains far-reaching legal requirements, especially for providers of networked products and services. The fact that the Data Act also brings non-personal data into the regulatory focus is a novelty. The requirements of the Data Act will gradually be applied from 12 September 2025.
Data access for users
Networked products and services may only be placed on the market if they provide the user with simple and free access to product or service data as standard (access by design). The Data Act therefore requires adjustments to numerous products and services from a wide variety of areas and, in view of the growing number of IoT devices, already poses challenges for companies in the product or service design. Data to which the user does not have direct access must be available in real time and in a machine-readable form. As a rule, the provision will be made via an online platform or an app. In addition to the right to access data, users can also request that their data be passed on to third parties. In this case, the Data Act contains strict requirements for the relationship between user and data recipient in addition to regulations on the relationship between the user and data owner. The latter must also comply with new obligations.
Required contract adjustments
The Data Act requires new contractual regulations for a company. Providers of networked products and services must conclude a data usage agreement with their users if they want to use data that is not personal data. When concluding a purchase, rental or leasing contract for a networked product or service, at least the following three aspects must therefore be considered:
- main contract for the product, i.e., purchase, rental or leasing contract;
- legal basis for processing personal data;
- contract for the use of non-personal data.
In particular, the question of whether the data is personal data now takes on additional relevance. Whereas in the past it was possible to treat data as personal data in case of doubt and obtain consent for this data, a data usage agreement must now be concluded, especially for non-personal data. In order to ensure transparency, including the use of non-personal data, the applicability of the Data Act also requires extensive information on the use of data before the conclusion of the contract.
Conclusion
In order to ensure transparency, including the use of non-personal data, the applicability of the Data Act also requires extensive information on the use of data before the conclusion of the contract. Adaptations of one’s own products or services can be time-consuming and require a longer lead time. The same applies to the review and adaptation of existing contract and information documents as well as compliance in the supply chain. Companies should therefore prepare themselves at an early stage and develop appropriate contracts and processes. Existing regulations, such as general terms and conditions, must also be reviewed for the new requirements of the Data Act and the prohibition of unfair contract terms, and general consumer law must be taken into account.
You can find our one-pager on the Data Act here.
back