Access Granted: How the EU Data Act will reshape digital relationships

Introduction

The Act introduces a wide range of obligations and rights that will affect businesses dealing with user-generated or industrial data—whether they design digital products, provide services that rely on data access, or operate cloud and data-sharing platforms. It seeks to empower users, ensure fair contractual relationships, and reduce market barriers for smaller players and new entrants.

At Jiri Legal, we follow these developments closely. In collaboration with Arthur’s Legal, whose director Arthur van der Wees is a member of the European Commission’s Expert Group on B2B data sharing and cloud computing contracts, we bring clients practical insight into the Data Act’s scope, structure, and implementation. Notably, Arthur’s Legal contributed to the drafting of the Act’s model contractual terms, which will guide fair data-sharing agreements across the EU.

In this post, we outline the key provisions of the Data Act, highlight the most significant legal and commercial changes, and offer practical steps for businesses preparing for the September 2025 deadline.

Who is affected – and why it matters

The Data Act applies to a broad range of actors in the data economy, but manufacturers of connected products—such as smart home devices, vehicles, industrial machinery, and wearables—are among the most directly impacted.

Under the new rules, these manufacturers must ensure that users (both consumers and businesses) can access the data generated by their connected products and related services. This is a significant departure from the current legal landscape, where access to such data is often controlled exclusively by the manufacturer or service provider.

From 2025 onwards, users will have the right to access, use, and share this data with third parties of their choice, such as aftermarket service providers, insurance companies, or repair businesses. Manufacturers will need to build access and data portability into their product and service design—and ensure this access is user-friendly, secure, and non-discriminatory.

Key provisions of the Data Act

Here are some of the most notable measures that will affect connected product manufacturers and related service providers:

1. User access to data
   
   • Users must be granted direct access to the data generated by their devices, ideally in real time.
   • This access must be provided free of charge and in a structured, commonly used, machine-readable format.
2. Data sharing with third parties
   
   • Users can authorize third parties to access and use the data on their behalf.
   • Manufacturers must facilitate this sharing and cannot impose unjustified restrictions on third-party access.
3. Fairness in B2B contracts
   
   • To protect smaller businesses from imbalanced contract terms, the Act includes model contractual clausesand principles of fairness.
   • These model terms, developed with input from Arthur’s Legal, will guide companies in drafting fair B2B data-sharing agreements.
4. Public sector data requests
   
   • In certain emergency situations or for public interest purposes, public sector bodies will be able to request access to data held by private companies.
5. Cloud switching and interoperability
   
   • The Act introduces obligations for cloud service providers to facilitate switching between providers and to improve interoperability—though this affects a different set of stakeholders than manufacturers.

Preparing for compliance: Practical steps

Manufacturers of connected products should begin preparing now to ensure compliance by September 2025. Key steps include:

• Mapping the data generated by your devices and determining who currently has access to it.
• Reviewing product design to enable real-time data access and sharing mechanisms.
• Updating terms and conditions to align with the Act’s user rights and data-sharing requirements.
• Reviewing and renegotiating B2B contracts, particularly with third-party service providers or distributors.
• Assessing cybersecurity and privacy measures to ensure secure access and transmission of data.

Legal guidance and technical due diligence will be essential in each of these steps.

Conclusion

The EU Data Act represents a foundational shift in how data is accessed, shared, and governed across sectors in the European Union. By granting users greater control over the data they generate and establishing clear rules for fair and transparent data sharing, the Act is set to have wide-reaching implications for businesses of all sizes—from technology providers and service platforms to insurers, maintenance companies, and cloud providers.

Whether your organisation handles user-generated data, negotiates B2B contracts involving data, or operates in a regulated digital environment, the Data Act is likely to impact your legal and operational frameworks. Early preparation—particularly around data governance, contractual terms, and technical design—will be key to ensuring compliance and staying competitive.

At Jiri Legal, we are actively advising clients on practical implementation strategies for the Data Act. In close collaboration with Arthur’s Legal, which contributed to the drafting of the Act’s model contractual terms, we offer tailored legal and strategic support to help organisations navigate this evolving regulatory landscape with confidence.

Now is the time to assess your data practices, review your contracts, and get ready for the new rules taking effect in September 2025.

Disclaimer: This article has been co-authored with the assistance of generative AI tools and reviewed by our legal team to ensure accuracy and relevance. It is intended for general informational purposes only and does not constitute legal advice. For advice specific to your situation, please contact a qualified solicitor.

‍