The highly anticipated EU Data Act came into force on 11 January 2024, with most provisions applying from 12 September 2025. Yet despite this long lead time, many businesses remain unaware of how the Act will reshape the EU’s data economy and impact foreign companies operating in the region.

Today, businesses cannot escape the importance of data, and the legislation will put a clear emphasis on fairness, innovation and accessibility in real-time data usage. The Act presents an opportunity to access valuable data and develop innovative services, while also necessitating urgent actions to protect trade secrets and update contractual agreements.

In order to take advantage of this, business leaders must first be aware of its importance, its impact on their organisations and how they can respond.

Why businesses must consider the EU Data Act

As part of the legislation, users now legally have the right to access, control and share data generated by their usage, which fundamentally changes how businesses can store, manage and use data.

Organisations providing connected devices and services must also revise their contracts in line with the Act and emphasise transparency. To ensure data access is properly enabled, certain Internet-of-Things devices and services must follow the “access by design” model. This approach supports data access by embedding accessibility and security into product development, ensuring data is readily available from design to deployment.

Businesses must specify exactly what kinds of data their connected devices collect—like usage, location, and interactions—how and where it is stored, the security measures protecting it, and how long it is retained. This presents an immediate change in how businesses should handle data, which comes with clear legislative expectations.

At its core, the Act has been introduced to adapt to the rapid evolution of data-driven technologies and digital services. Compliance and fairness are the building blocks of trust, and businesses must recognise this and work within these parameters to stay ahead of the curve.

The impact of the EU Data Act on businesses

First, businesses should assess their position in the data ecosystem, whether they use or receive data, provide services or process data, the Act will affect businesses in different ways. For manufacturers and service providers, it’s important to take stock of devices, services, data flows and agreements, then put efficient processes in place for sharing data with authorised parties. Sensitive information should be protected, with trade secrets clearly tagged and competitive advantages secured.

Starting in September 2026, all new connected products should be designed with data accessibility in mind, and customers should be informed upfront about the data collected and how they can access it. This is aimed at ensuring data can flow seamlessly between sectors and Member States, while enabling faster data transfers between cloud services and supporting businesses in meeting the 30-day transfer timeframe required when customers switch cloud providers. The relatively short turnaround for migrations to take place puts pressure on businesses to be better prepared and tighten up their operations for faster migrations.

Data holders and cloud or edge processors should focus on aligning leadership, updating policies, training and documenting data handling practices. Contracts should ensure fair dealing and include safeguards against unauthorised access, including by foreign governments. By January 2027, technical and financial barriers that restrict switching providers must be removed, as many exit fees will no longer be allowed.

Businesses that operate with complex data and integrated digital ecosystems will face greater demands to invest in their data compliance policies and processes. Implementing appropriate training for employees and funding technology capable of supporting the new processes will also be key drivers to achieving successful adaptation and mitigating the risk of compensation claims.

Businesses must act quickly, turning strategy into implementation as they reshape their data approaches in real-time. The EU Data Act’s conditions around data sharing, transparency and fair access require organisations to roll out updated procedures imminently. Failure to adapt promptly risks violating regulations, increasing operational costs and damaging customer trust – but there is a much bigger opportunity for those who get ahead of the legislation.