EU Data Act

The EU Data Act (Regulation (EU) 2023/2854) introduces harmonised rules on fair access to and use of data. It focuses on data generated by connected products (IoT) and related services, as well as fair contracting.

Who should care?

• Manufacturers of connected products and providers of related services.
• Companies that receive/reuse product or service data (third parties).
• Cloud/data processing service providers (switching & interoperability duties).
• Public sector bodies in exceptional-need scenarios (data requests).

Key concepts (terminology)

• User: the party using the product/service who can request access.
• Data holder: the party obliged/able to make data available.
• Data recipient: the third party receiving data at the user’s request.
• FRAND-like terms: fair, reasonable, non-discriminatory (context-dependent).

What changes in practice?

• Stronger access/portability expectations for users.
• Unfair contract terms and imbalances are addressed explicitly.
• For cloud/data processing services: switching/exit and interoperability become more concrete.

How Compliance-nu uses this

We structure primary sources and recurring violation patterns so audits and scans can link quickly to the relevant legal basis and enforcement context.

Sources

• EUR-Lex — Regulation (EU) 2023/2854 (Data Act)

For related sources, definitions and datasets: see Sources.