The EU’s Data Act took effect on Thursday, setting new rules that could reshape how businesses in Europe and beyond the bloc handle industrial, consumer and cloud data.
The legislation, first proposed in 2022, requires manufacturers of connected devices and providers of related services to make data generated by those products accessible to users – whether individuals or enterprises – and to enable onward sharing with third parties. It also introduces provisions aimed at curbing cloud vendor lock-in, with obligations on interoperability and a phased ban on data egress fees (the charges that providers impose when customers move their data out of their infrastructure) by 2027.
For enterprise technology professionals outside the EU, the law is likely to have an indirect but significant impact, given the scale of Europe’s market and the global operations of many technology suppliers.
Data access and sharing
Grace Carter, government affairs counsel at search and data analytics firm Elastic, said the act “is a shift towards user empowerment, particularly when it comes to how data is shared and used.”
She added: “It gives consumers and businesses in the EU meaningful rights to access, share and move the data they generate, under clear rules on when and how data must be shared.”
She argued that the changes will drive “agility, choice, and innovation,” by allowing organisations to switch cloud providers without any hassle and to “unlock the value of data from connected products and services.”
Grace Carter, government affairs counsel, Elastic
In practice, that could mean a logistics company using telematics data from its EU vehicle fleet with multiple analytics providers, or a factory operator sharing sensor data with a third-party maintenance partner – activities that were previously limited by proprietary systems.
But Carter also noted that “data today is scattered – structured and unstructured, across cloud, on-premises, and hybrid systems.” To seize the opportunity, she said, “organisations need a way to unify and analyse this data in near real time.”
Anita Hodea, associate at law firm Katten Muchin Rosenman UK LLP also points out that the introduction of new terms, such as “data holder”, and limited guidance on their application mean organisations must carefully define roles, governance and responsibilities to comply with both frameworks.
Compliance burdens
Others strike a more cautious note. Chris Gow, senior director of EU Public Policy at Cisco, said the Data Act and its companion, the Data Governance Act, “introduce overlapping and complex requirements for transferring non-personal data, especially for companies handling mixed data sets.”
He argued that following GDPR rules on cross-border transfers “should be enough, without needing to meet requirements from the Data Act on top,” warning that “these added layers of regulation impose significant administrative burdens without a corresponding increase in security or risk management.”
Gow said that “by focusing on regulatory simplification and targeted reform, the Commission can strengthen Europe’s position in AI and digital innovation,” adding that streamlined rules would allow European firms to “compete globally, boost innovation, and ensure that the benefits of the digital economy are shared by all.”
Market responses
Cloud providers are already adjusting. Google announced this week it would waive fees for customers moving data between its cloud and rivals in Europe and the UK, unveiling a service called Data Transfer Essentials.
“Built in response to the principles of cloud interoperability and choice outlined in the EU Data Act, Data Transfer Essentials is a new, simple solution for data transfers between Google Cloud and other cloud service providers,” Jeanette Manfra, senior director of global risk and compliance at Google Cloud wrote in a blog on the hyperscaler’s site.
She emphasised the offer would be available “at no cost to customers,” even though the legislation allows providers to pass on costs until 2027.
Such moves may set new expectations for enterprise customers globally. Firms negotiating cloud contracts in Asia or the US, for example, may seek similar concessions, pointing to Europe as precedent.
Strategic implications
The Data Act reflects Brussels’ ambition to build a “data-driven economy.” Advocates say it could stimulate competition, encourage reuse of industrial data for AI and analytics, and give businesses greater freedom of choice in digital infrastructure.
Yet there are trade-offs. A US-based device manufacturer selling into the EU may need to redesign systems to give customers access to usage data, with implications for intellectual property. In theory a global SaaS provider could be forced to adjust contractual models to align with Europe’s interoperability rules.
For enterprises outside the EU, the immediate impact will depend on whether they operate in Europe or partner with suppliers who do. But given the size of the EU market and its regulatory influence, the act may shape global norms for data access, portability and cloud competition in the years ahead.
Key provisions of EU Data Act:
– User data access: Businesses and consumers must be able to access and share data from connected devices and services
– Cloud switching: Providers must remove contractual and technical barriers that lock in customers, improving interoperability
– Ban on fees: From January 2027, cloud providers will no longer be allowed to charge egress or switching fees
