EU Data Act

Comply with the Data Act and turn your data into secure, actionable assets

The European Data Regulation establishes new rules on who can access, use, and share data generated by connected products and related services, affecting both manufacturers and digital platforms operating in the EU.

Contact us Book a call

Understand which Data Act obligations apply to your business and act before they become a problem

Adapt your contracts and data agreements to the new access and portability requirements set out by the regulation

Turn compliance into a competitive advantage: show your clients and partners that you manage data with transparency and accountability

Trusted by established companies and fast-growing startups

Benefits of adapting to the Data Act with PrivaLex

Complying with the Data Act is not just about avoiding penalties. It is an opportunity to organise your data governance, strengthen client trust, and position yourself more competitively in an increasingly regulated market.

Legal certainty in the face of a new and complex regulation

The Data Act introduces obligations that many companies have yet to assess. We help you understand exactly what applies to you, reducing uncertainty and the risk of non-compliance.

Contracts and data agreements fully adapted

The regulation imposes new conditions on data access, portability, and reuse. We review and update your contracts with clients, suppliers, and partners to meet the new requirements without commercial friction.

Stronger and more transparent data governance

Adapting to the Data Act is an opportunity to review how your company generates, stores, and shares data. The result is an organisation with greater control over its data assets and better prepared for future regulations.

How we help you comply with the Data Act

Our approach combines legal and technical analysis so that your company understands its obligations and implements them in a practical and sustainable way.

1

Applicability and scope analysis

We assess whether your company falls within the scope of the Data Act: as a manufacturer of connected products, a provider of related services, or a data intermediation platform. We define which specific obligations apply to you.

2

Data mapping and information flows

We identify what data your company or product generates, who holds it, who can access it, and under what conditions, the essential foundation for any informed compliance decision.

3

Gap analysis and action plan

We compare your current situation against the Data Act requirements and produce a prioritised gap map, with concrete recommendations and realistic timelines to address them.

4

Contractual and technical adaptation

We support your team in reviewing and updating contracts, data access policies, and technical mechanisms for portability and interoperability, aligned with the regulation's requirements.

5

Regulatory monitoring and updates

The Data Act is an evolving regulation. We keep your organisation up to date on new guidelines, authority decisions, and regulatory changes that may affect your obligations.

Data Act Training for Employees

We train your legal, technical, and product teams on Data Act obligations, so they understand its day-to-day impact and actively contribute to compliance.

Contact us

Frequently Asked Questions (FAQs)

What is the Data Act and when does it apply?

The European Data Regulation (Data Act, EU Regulation 2023/2854) establishes rules on the access and use of data generated by connected products, such as IoT devices, and related services. It has been applicable since 12 September 2025 and affects manufacturers, service providers, and data platforms operating in the EU.

Which companies does the Data Act affect?

It primarily affects manufacturers of connected products (IoT, machinery, vehicles, smart devices), providers of services related to those products, and data intermediation platforms. It also has implications for cloud companies and data processing service providers.

What are the main obligations under the Data Act?

The most relevant obligations include: enabling users to access data generated by their products or services, ensuring data portability and interoperability, adapting data use and sharing contracts to the new requirements, and in some cases sharing data with public authorities in situations of exceptional need.

How does the Data Act relate to the GDPR?

They are complementary frameworks. The GDPR regulates personal data; the Data Act regulates access to and use of data in general, including non-personal data generated by products and services. Many situations will involve both regulations simultaneously, making a joint analysis necessary.

What happens if my company does not comply with the Data Act?

Non-compliance may result in administrative sanctions imposed by the competent national authorities. Beyond the risk of penalties, non-compliance can also lead to contractual disputes with clients and partners who demand data access under the regulation.

Do I need to update my existing contracts?

Yes, in most cases. The Data Act imposes conditions on how data access, use, and sharing agreements must be structured. Contracts that do not reflect these requirements may be considered invalid or unenforceable in certain clauses.