The Data Act: What is it about?

The Data Act, a proposed regulation of the European Union, establishes a comprehensive legal framework for the sharing of data - personal and non-personal - generated by the use of products and related services (e.g. vehicles, household appliances, consumer goods, medical and health products). In particular, the Data Act regulates the relationship between data owners (mostly product manufacturers), users of the products and data recipients (third parties). Other goals of the Data Act are to simplify the switching of data processing services and to improve the interoperability of data.

The central element of the Data Act is the obligation of the data owner to make generated data available to the user, a third party designated by the user or public bodies. This is flanked by the obligation to design and manufacture products in such a way that the data generated during their use are by default easily, securely and directly accessible to the user, and to inform users before the conclusion of a contract about the type and scope of the data likely to be generated by the product and how to access the data.

Of particular practical relevance is the interplay between the obligation to create data access for users and third parties and its limitation due to data protection and the protection of trade secrets and intellectual property rights.

Current status and timeline

The European Parliament and the Council of the European Union agreed on a common position on the Data Act on June 28, 2023. The regulation entered into force on January 11, 2024 and will be applicable in September 2025.

Who is affected?

The Data Act particularly affects manufacturers of so-called networked products as the addressees of the essential obligations, but also all companies that use such products and are now entitled to access to the data generated by the products. Significant effects are emerging, especially in industry, for example in the automotive sector, as well as in the medical and healthcare sectors.

What are the challenges?

Businesses face a number of challenges that could be difficult to overcome, especially for SMEs:

  • Examination of whether they are affected by the Data Act: Companies must examine whether they fall within the factual and personal scope of application of the Data Act or whether an exception to the obligation to create data access can be justified with reference to trade secrets and/or intellectual property rights.
  • Product design requirements/information obligations: Affected companies must already observe the requirements of the Data Act when designing and creating their products. In the context of sales, additional information obligations must be fulfilled in the future with regard to the data that can be generated by the products and access to it.
  • Draw up additional contractual conditions/data licence agreements: Contractual conditions must be drawn up to regulate data access, which must comply with the requirements of FRAND (Fair, Reasonable and Non-Discriminatory). In addition, the use of the generated non-personal data by the data owner (producer) itself may only take place on the basis of a data licence agreement to be concluded.
  • Reviewing and asserting data access claims: The implementation of new technologies and tools to ensure data protection may be required.
  • Cooperation with supervisory authorities: Closer dialogue with supervisory authorities is necessary to ensure that all requirements of the Data Act (for example, also with regard to the implementation of consumers' and entrepreneurs' right to complain) are met.

Our expertise for your success

SKW Schwarz supports you in navigating the complex landscape of the Data Act and offers a range of advisory services:

  • Compliance management: We support you in the development and implementation of compliance programmes tailored to the requirements of the Data Act.
  • Dealing with breaches of the Data Act: We advise you on how to deal with breaches of the Data Act and how to cooperate with the relevant supervisory authorities.
  • Contract drafting: Our lawyers ensure that the contractual terms and conditions for regulating data access as well as any necessary data licensing agreements comply with the requirements of the Data Act (for example, with regard to abuse control).
  • Training: We train your staff to ensure they understand and can respond to the requirements of the Data Act.
  • Litigation: We represent your company in litigation relating to Data Act claims.

Our 6 Data Act Experts

Jens  Borchardt

Jens Borchardt


Dr. Christoph  Krück

Dr. Christoph Krück


Dr. Daniel  Meßmer

Dr. Daniel Meßmer


Dr. Stefan  Peintinger

Dr. Stefan Peintinger


Martin  Schweinoch

Martin Schweinoch


Benjamin  Spies

Benjamin Spies