As of 12 September 2025, the Data Act has become fully applicable. With the introduction of this European Regulation, the rules governing data and cloud services have changed. For market participants active in the European data and cloud market, it is therefore essential to translate the Data Act into today’s operational practice.
Although the Data Act has stood somewhat in the shadow of other European legislation, it is no less significant. It is subject to enforcement and imposes obligations that organisations must properly understand.
The Data Act applies to a broad range of market participants within the European data and cloud market. This explains the many questions about its scope and impact. A key question for many organisations is what the Data Act means for their own operations and services.
It is important to determine whether, and if so how, the Data Act applies. On 7 May 2026, our Academy will host a dedicated Data Act training day. During this session, we will explore the practical application of the Data Act in depth and translate the legal obligations into concrete, practical steps to make products, services and organisations Data Act compliant. This helps to mitigate risks and make better use of opportunities.
What does the Data Act regulate?
The Data Act is a European Regulation that sets out rules for accessing, sharing and reusing data within the European Union. Its objective is to create an open and fair data economy.
Among other things, the Data Act contains rules on:
-
access to data generated by connected products and related services, in a specific format;
-
sharing such data with users and, under certain conditions, with third parties;
-
preventing unfair contractual and technical barriers in the data market;
-
the use of and switching between data processing services.
These rules form part of the broader European data strategy and apply directly in all Member States.
Users and businesses must be able to rely on transparent and fair conditions for the use of data. During the training, we provide a clear overview of the consequences of the Data Act, enabling organisations to understand its operation and scope.
Which parties fall within the scope of the Data Act?
To understand the obligations under the Data Act, it is important to identify the different actors distinguished by the Regulation. Broadly speaking, the Data Act consists of two parts.
-
The first part concerns connected products, related services and data holders.
-
The second part sets out obligations for providers of data processing services, such as cloud providers.
The first step is therefore to determine whether your organisation, or your suppliers, fall within one of these categories. This involves assessing whether you offer connected products, related services or data processing services, or act as a data holder on the European market.
During the Data Act training, we will examine this qualification exercise in detail. Once an organisation’s role is clear, it becomes possible to determine which obligations apply. Not every obligation applies to every actor under the Data Act.
Connected products, related services and data holders
The first part of the Data Act applies to connected products, related services and data holders. These products and services must be designed and offered in such a way that users, both consumers and business users, have easy access to the data they generate, in a specified format.
The data holder is the party that has actual access to this data and is able to make it available to the user.
The obligations
The Data Act requires providers of connected products and related services to design and offer them in such a way that users can easily access the data they generate through their use. The data holder, as the party that effectively controls the data, must be able to make it available to the user. Data must not be unnecessarily confined within closed ecosystems, and users must not be restricted in their freedom of choice.
The purpose of the obligations
Greater openness around data, including less visible data generated in the background, enables providers to improve their services, innovate and compete on equal terms. Users, such as consumers and business customers, gain more control and freedom of choice. They are no longer tied to a single provider and may, for example, choose another, potentially more affordable, party for maintenance or repair, or perform such activities themselves.
This stimulates competition and can lead to lower prices and better services. Broader data availability also enhances productivity. The more accessible data becomes, the better providers can optimise their processes.
A practical example is a smart thermostat in a home. When a user purchases a heat pump, it is desirable for the heat pump to be able to read data from the smart thermostat in order to operate as efficiently as possible. In a closed ecosystem, this is often not possible, limiting the number of devices that can work together. This restricts user choice and hampers innovation. Data availability is therefore a core element of the Data Act, which aims to give users greater control over their data and, as a result, greater opportunities.
Data processing services
The second part of the Data Act focuses on data processing services, such as cloud and similar services. While the first part centres on access to data, this part addresses the prevention of lock-in.
Data processing services enable users to work with their own data and digital assets within a digital environment. The Regulation seeks to prevent such data and assets from becoming effectively locked in with a single provider. It therefore introduces switching obligations for providers of, among others, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). These obligations require providers to enable customers to switch smoothly to another provider or to their own infrastructure.
The obligations
For providers of data processing services, the Data Act introduces obligations aimed at preventing lock-in and facilitating switching and interoperability between service providers. Providers must ensure that users can transfer their data and digital assets to another provider or to a self-developed solution. Cloud contracts must therefore meet minimum requirements.
The purpose of the obligations
These obligations are intended to make it easier for users to switch to another service provider or to an on-premise solution. Cloud contracts must comply with minimum requirements, including:
-
the possibility of interim switching;
-
guarantees regarding the portability of data and digital assets;
-
measures to ensure standardisation and interoperability;
-
clear contractual arrangements governing the switching process;
-
the gradual abolition of switching charges.
These measures remove barriers to switching and give users greater control over their data and digital assets.
In this way, the Data Act enables consumers and organisations to move more easily between data processing services, for example to optimise costs or improve performance. This ultimately strengthens the European cloud market as a whole.
The Data Act training
As outlined above, the Data Act is relevant to many organisations, but its impact varies depending on the circumstances. In addition to introducing new obligations, the Regulation also creates opportunities for various actors in the European data market.
To ensure that these obligations are applied correctly in practice and that opportunities are identified, we will address these issues in depth during the Data Act training day. You will learn what the Data Act specifically means for your organisation, from data sharing and contractual arrangements to user rights relating to connected products and obligations for cloud providers. This will enable you to manage the impact of the Data Act effectively, both at organisational level and within the broader European data sharing framework.
Would you like to gain a clearer understanding of the Data Act and what it means for your organisation? Register for our Data Act training on 7 May 2026.
