Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Data Act

2022/0047(COD)

PURPOSE: to ensure fairness in the allocation of value from data among actors in the data economy and fostering fair access to and use of data in order to contribute to establishing a genuine internal market for data.

LEGISLATIVE ACT: Regulation (EU) 2023/2854 of the European Parliament and of the Council on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act).

CONTENT: in recent years, data-driven technologies have had transformative effects on all sectors of the economy. The proliferation of products connected to the internet in particular has increased the volume and potential value of data for consumers, businesses and society. Barriers to data sharing prevent an optimal allocation of data for the benefit of society.

Subject matter

In order to respond to the needs of the digital economy and to remove barriers to a well-functioning internal market for data, the regulation lays down a harmonised framework specifying who is entitled to use product data or related service data, under which conditions and on what basis. It puts obligations on manufacturers and service providers to let their users, be they companies or individuals, access and reuse the data generated by the use of their products or services. It also allows users to share that data with third parties.

The new regulation also aims to ease the switching between providers of data processing services, puts in place safeguards against unlawful data transfer and provides for the development of interoperability standards for data to be reused between sectors. The regulation will give both individuals and businesses more control over their data through a reinforced portability right.

Scope of the legislation

The new regulation will allow users of connected devices, ranging from smart household appliances to intelligent industrial machines, to gain access to data generated by their use which is often exclusively harvested by manufacturers and service providers.

Connected products that obtain, generate or collect, by means of their components or operating systems, data concerning their performance, use or environment and that are able to communicate those data via an electronic communications service, a physical connection, or on-device access, often referred to as the Internet of Things, should fall within the scope of this Regulation, with the exception of prototypes.

Regarding Internet of Things (IoT) data, the new law focuses, in particular, on the functionalities of the data collected by connected products instead of the products themselves.

Data sharing, compensation and dispute settlement

The regulation contains measures to prevent abuse of contractual imbalances in data sharing contracts due to unfair contractual terms imposed by a party with significantly stronger bargaining position. The regulation contains the principle that in business-to-business relations data holders may request reasonable compensation when obliged pursuant to Union law or national legislation adopted in accordance with Union law to make data available to a data recipient. The Commission should adopt guidelines on the calculation of reasonable compensation in the data economy.

Trade secrets

The regulation ensures an adequate level of protection of trade secrets and intellectual property rights, accompanied by relevant safeguards against possible abusive behaviour. In this context, data holders will require users, or third parties of a user’s choice, to preserve the confidentiality of data considered to be trade secrets. Where there is no agreement on the necessary measures or where a user, or third parties of the user’s choice, fail to implement agreed measures or undermine the confidentiality of the trade secrets, the data holder should be able to withhold or suspend the sharing of data identified as trade secrets.

Public sector bodies

The regulation provides the means for public sector bodies, the Commission, the European Central Bank and EU bodies to access and use data held by the private sector that is necessary in exceptional circumstances, particularly in case of a public emergency, such as floods and wildfires, or to fulfil a task in the public interest.

Switching

The new rules also aim to ease the switching between providers of data processing services. From 12 January 2027, providers of data processing services will not impose any switching charges on the customer for the switching process. From 11 January 2024 to 12 January 2027, providers of data processing services may impose reduced switching charges on the customer for the switching process.

Unlawful international access and transfer of data

Providers of data processing services will take all adequate technical, organisational and legal measures, including contracts, in order to prevent international and third-country governmental access and transfer of non-personal data held in the Union where such transfer or access would create a conflict with Union law or with the national law of the relevant Member State.

ENTRY INTO FORCE: 11.1.2024.

APPLICATION: from 12.9.2025.