EU Data Act – Regulation on Harmonized Rules for Fair Access to and Use of Data

The EU Data Act (EUDA), formally known as the Regulation on Harmonized Rules for Fair Access to and Use of Data, introduces key rules for data sharing, management, and protection within the EU. Proper preparation is essential to comply with its requirements. Our team, specializing in technology and cyber risk management, provides comprehensive assessments of applicability and readiness in relation to EUDA. We help organizations meet the requirements set forth by this legislation, which affects all entities involved in collecting, processing, and sharing data generated through connected products and related services.

The EUDA is an EU regulation that came into force on January 11, 2024, focusing on access to data within the EU while ensuring proper personal data protection. Together with the Data Governance Act (DGA), EUDA forms a fundamental pillar of the European Data Strategy, aiming to create a unified data market and strengthen Europe’s competitiveness and sovereignty in the data economy.

The regulation sets out rules for access to and use of data within the European economy, including the requirement to design and manufacture affected connected products and related digital services in a way that enables their users to have easy and secure access to the generated data, its usage, and sharing. The regulation introduces specific requirements in the following areas:

• Ensuring access to relevant information about the rights and obligations of users utilizing connected products and related services through which data is generated.
• Providing access to data and ensuring its seamless transfer from the data holder to the user, covering B2C (business-to-customer), B2B (business-to-business), and B2G (business-to-government) interactions. This must be enabled through an automated or manual mechanism (by September 2025) and direct access from the connected product (by September 2026).
• Aligning the conditions governing data access and preventing the misuse of contractual imbalances, ensuring fair terms for all stakeholders.
• Establishing transparent pricing for data and datasets.
• Identifying sensitive data requiring additional protection.
• Defining technical and organizational measures to secure data transfers.

The regulation applies to products that, through their components or operating systems, acquire, generate, or collect data about their performance, usage, or surrounding environment while also being capable of transmitting this data via electronic communications, physical connections, or device access – with the exception of prototypes.

Such connected products are present across various sectors of the economy and society, including private, public, and commercial infrastructure. These include vehicles, medical devices, lifestyle equipment, ships, aircraft, home appliances, consumer electronics, and agricultural and industrial machinery. Related services can take the form of connected applications, which are directly linked to connected products and utilize, process, or provide access to the data generated by these products.

The EUDA requirements therefore apply to a broad range of entities, including designers and manufacturers of connected products, providers of related services, and entities that sell or lease connected products.

Our team of regulatory compliance, legal, and risk management experts provides end-to-end support to help you comply with the EUDA. Our services include

• Portfolio analysis to identify affected products and services.
• Comprehensive readiness assessments and gap analysis against EUDA requirements.
• Remediation planning and implementation roadmaps with prioritized actions.
• Target operating model design and data platform architecture development.
• Data protection measures, including GDPR compliance support.
• Data policy development and process setup for regulatory compliance.
• Data strategy definition, consent management, and monetization opportunities.
• Cybersecurity measures for secure data access and sharing.
• Creation of new data products and data valuation.
• Benchmarking against industry best practices.

Prepare for the EUDA in a timely manner. Ensure that your products and services are fully compliant with regulatory requirements and that your technology enables secure access and sharing of all data that must be provided to users. We will conduct an applicability analysis and gap analysis for you or assist with ensuring technological readiness for collecting and transmitting data requests.