What does the EU Data Act regulate?

It governs access to and sharing of data generated by connected products and related services. Users gain rights to access the data their devices generate and to direct it to third parties, while manufacturers and data holders gain matching obligations to make that data available.

What is access by design?

Manufacturers must design connected products and related services so that the data they generate is, where relevant, directly accessible to the user by default. They must also tell the user before purchase what data is generated and how to get it.

What does a data holder have to do?

A data holder must make the data available to the user or a third party the user nominates on fair, reasonable, and non-discriminatory terms. It cannot use readily available data to compete with the user's own product, and abusive contract terms are prohibited.

How does the cloud-switching part work?

Cloud and edge providers must let customers switch to another provider with data and application portability, provide functional equivalence and assistance, and progressively remove data egress and switching charges. These duties apply to any cloud service, connected product or not.

When does the Data Act apply?

Most obligations apply from 12 September 2025. The access-by-design requirement for newly designed connected products applies from 12 September 2026. Confirm the exact dates and any sectoral interactions for your case.

EU Data Act Applicability Checker

The EU Data Act unlocks the data that IoT devices and connected products generate, giving users access rights and imposing sharing duties on the firms that hold the data. Because the obligations depend on your role, this checker pairs your product type with your position in the data value chain.

How it works

The Data Act assigns duties by role against data generated through product use:

manufacturer  → access by design + pre-sale transparency + data on request
data holder   → FRAND sharing + no competing use of the data
data recipient → use only for the agreed purpose, no competing product
user          → right to access and to redirect the data to a third party
cloud provider → portability + functional equivalence + remove egress fees

The tool first checks whether your product is a connected product or related service (in scope) versus standalone software or a non-connected product (largely out of scope), then lists the obligations for the role you select.

Notes and example

A smart-appliance maker is both the manufacturer and, usually, the data holder. As manufacturer it must build access by design and tell buyers what data is generated; as data holder it must share that data on FRAND terms with the user or a repair company the user nominates, and it must not use the same data to compete with the user. A user, meanwhile, gains the right to pull that data and redirect it. Roles frequently overlap, and trade-secret protection, GDPR, and gatekeeper rules all interact with these duties, so treat this as orientation and confirm the detail for your specific arrangement.