The EU Data Act: A new era for data access and sharing in Europe

What is the Data Act?

The Data Act aims to unlock the value of industrial data, foster innovation, and ensure fair access to data generated by connected products and related services. It introduces new obligations for manufacturers, service providers, data holders, and users, both in B2B and B2C settings.

At its core, the Data Act establishes:

• User access rights to data generated by connected devices (e.g. sensors, smart machines, wearables);
• Obligations on manufacturers and service providers to make such data accessible — easily, freely, and in a structured, commonly used format;
• Frameworks for B2B and B2G data sharing (e.g., in public emergencies or infrastructure use);
• Rules for switching cloud and edge service providers;
• Provisions to prevent unfair contractual terms in data-sharing agreements;
• And safeguards for trade secrets and cybersecurity.

​​​​​Who is affected?

The Data Act affects a wide range of actors:

• Manufacturers of connected products (IoT, vehicles, equipment)
• Providers of related services (e.g., maintenance, platform services)
• Data holders that process and store usage data
• Data recipients, including public bodies and competing firms
• Cloud and edge service providers

If your business produces or operates with connected devices or platforms that generate data, the Data Act will likely apply to you.

Implementation in the Netherlands

In the Netherlands, the Authority for Consumers and Markets (ACM) has been appointed as the national data coordinator for the Data Act. It will oversee enforcement of obligations and facilitate dispute resolution.

Where the Data Act intersects with personal data, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) will remain responsible for supervision under the GDPR.

The proposed maximum penalty is EUR 1,030,000 or 10% of the annual turnover of the offender, whichever is higher

A Dutch implementation bill is currently under review, mostly dealing with procedural aspects and penalties (e.g. enforcement powers, cooperation between regulators).

Key takeaways for businesses

1. Map your data: Understand what data is generated, who accesses it, and under what legal basis.
2. Review contracts: Data sharing agreements and licensing terms may need to be updated to comply with the Act.
3. Prepare for access requests: Build processes for responding to user and third-party requests under the Act.
4. Secure your data: Consider how trade secrets and cybersecurity are protected when data is shared.
5. Check cloud contracts: Ensure your cloud service agreements comply with the new switching and interoperability rules.

Final thoughts

The Data Act represents a paradigm shift in how data is governed in the EU — moving from a system of exclusive data control toward broader access, sharing and innovation. While it creates compliance obligations, it also opens up new business models and opportunities for collaboration.

Fieldfisher's team in the Netherlands is assisting clients across sectors with their readiness for the Data Act — from data governance audits to contract reviews and strategic advice.

Questions?

Get in touch with our Intellectual Property or Tech & Data team — we’re here to help you navigate this new regulatory landscape.