Data Act 2025: Whose data will it be in the future?

Smart machines, vehicles, and devices generate valuable data. That data is worth gold. But after 12 September 2025—the day the European Data Act enters into force—the question is: who will then own this data?

This new law fundamentally changes the playing field for data ownership and access. Do you use smart products? Or do you supply them to clients? Then your legal position is about to shift. And possibly your entire business model. Time to take action.

What does the Data Act regulate?
The Data Act obliges suppliers of smart equipment (IoT) and related digital services to provide users access to the data that they themselves generate through use of these devices and services. Consider:

• Sensor and usage data from vehicles, machines, agricultural equipment, medical devices, or smart thermostats;
• Data from cloud services, platforms, or business software;
• Users gain access to the data generated by the smart device, allowing them to share this data with a third party of their choice.

As a result, users can more easily switch between providers of data-related services. With access to more data, businesses can develop new services and stimulate innovation. The Data Act 2025 applies to all sectors in the EU.
Note: This does not concern personal data, but industrial data, such as machine performance, failure data, and usage patterns.

What does this mean for your organization?
If you supply or use smart devices or software, you must consider three core obligations:

1. You must make data available
   You are legally required to make data accessible—including to third parties if your client requests this.
2. Restrictions in your terms are invalid
   Clauses that exclude data sharing? These will be null and void. You therefore run a risk if you do not amend your contracts in time.
3. Cloud providers must facilitate switching
   Do you offer cloud or platform services? Then you must ensure that users can easily switch providers, including smooth data migration.

What are the risks of the Data Act?
Many businesses will face:

• Loss of control over strategic data. Customers may share data with competitors or other parties.
• Legal non-compliance. Provisions in general terms, SLAs, or license agreements regarding data sharing may conflict with the Data Act 2025—and therefore become unenforceable.
• Commercial risks. Without a clear data strategy or investment in data infrastructure, valuable information may be shared, or you may miss opportunities yourself.

What must your company arrange before 12 September 2025?

1. Map your data flows and dependencies
   What data is generated? By whom? And on what (contractual) basis?
2. Review your contracts, general terms and SLAs
   Are your contracts aligned with the Data Act? Or do they contain prohibited exclusions?
3. Develop a data and innovation strategy
   Which data is strategic for you? How do you protect it legally and technically?
4. Claim access to data from suppliers
   Do you use smart equipment or associated services from others? Check whether you will soon be entitled to access data in accordance with the Data Act 2025. This avoids dependence on a single party.

What our specialists do
We assist you with:

• An impact analysis of this new legislation: what does the Data Act 2025 mean for your company?
• A legal review of your contracts, general terms, SLAs, and other documents.
• Advice on data strategy and data security.
• Assistance with agreements and negotiations with customers, suppliers, and software partners.

Would you like to know how the Data Act affects your company? Call us for a strategic data scan. The ICT specialists at Blue Legal are here to help.