What is the European Data Act?
The Regulation on harmonized rules on fair access to and use of data — known simply as the European Data Act — entered into force on 12 September 2025.
This legislation grants individuals and businesses the right to access data generated through the use of smart objects, machines, and connected devices, making it one of the key pillars of the digital economy.
When you buy a traditional product, you naturally own all of its physical components. But connected devices — particularly within the Internet of Things (IoT) ecosystem — continuously generate new data during their operation. That data is no longer a mere accessory; it has become an integral part of the product itself.
The European Data Act addresses this by ensuring a fair right of access between those who produce data and those who use it.
It represents a cornerstone of the EU’s broader data strategy — a plan to build a fair, innovative, and competitive European data economy.
To support its implementation, the European Union has published guidance documents, established dedicated legal support services, and launched ongoing dialogue mechanisms with industry stakeholders.
Why Did the EU Need a Data Act?
In recent years, data-driven technologies have profoundly transformed every economic sector. The rise of connected products has significantly increased the potential value of data.
High-quality and interoperable data from diverse sources not only strengthens competitiveness and innovation but also fuels sustainable economic growth — by enabling data to be reused efficiently, without loss of quality or value.
However, several barriers prevent data from being distributed and used in ways that benefit society as a whole. These include:
- Uncertainty around data rights and obligations,
- The absence of common data-sharing practices, and
- The abuse of contractual imbalances in access to and use of data.
In many industries, particularly among micro, small, and medium-sized enterprises (SMEs), limited digital capacity and analytical skills exacerbate these challenges.
To overcome such obstacles and meet the needs of a cross-border digital economy, the EU recognized the need for a harmonized legal framework — one that ensures clear and transparent data usage rights, encourages innovation, and promotes competition across member states.
As a result, the European Data Act positions the EU as a global leader in the data economy, while remaining firmly anchored in European values.
Its first major step has been the creation of European Data Spaces — sectoral platforms and ecosystems designed to facilitate collaboration and data sharing between public and private stakeholders.
The second step involves setting up a robust legal framework and mechanisms to prevent the exploitation of contractual imbalances that restrict fair access to and use of data.
Importantly, the Data Act does not create new rights that would undermine existing ones. It cannot be interpreted in a way that diminishes or limits the right to privacy, the protection of personal data, or the confidentiality of communications.
What Does the EU Data Act Aim to Achieve?
One of the key objectives of the EU Data Act is to promote a more competitive and balanced data economy by ensuring fair access to data and equitable contractual conditions.
By fostering investment in high-quality data generation and encouraging the drafting and negotiation of fair data-sharing agreements, the Act positions data law as a powerful driver of innovation and employment across the European Union.
The legislation grants users of connected products or related services not only the right but also the obligation to access the data they generate — and, where applicable, to share that data with third parties of their choice.
This must be done under reasonable, non-discriminatory, and transparent terms and conditions.
By placing transparency and accessibility at the heart of the data ecosystem, the Act seeks to make data more available and usable, thereby strengthening the EU’s data economy and creating a fairer, more dynamic market environment.
This initiative responds to the exponential growth of connected devices across Europe and aims to unlock the economic and societal potential of the massive volumes of data they produce.
The new rules grant both businesses and individuals greater control over the data they generate through the use of connected devices.
A notable provision of the Data Act addresses data portability, particularly within cloud services, giving companies more flexibility in how they manage their relationships with providers.
The regulation directly tackles a long-standing challenge in the EU — vendor lock-in, where businesses face high barriers or costs when switching between service providers.
Among the most contentious issues has been the high exit fees imposed when transferring data from one cloud provider to another.
To address this, the Data Act introduces measures that enable customers to move from one data-processing service to another more quickly, efficiently, and transparently.
While it does not impose a blanket ban on transfer fees, it requires providers to avoid excessive charges and to disclose costs in a clear, transparent manner.
In line with these new obligations, Google Cloud became one of the first providers to remove its data transfer fees — a move widely interpreted as an early sign of the market adapting to the new regulatory landscape.
Which Sectors Does the EU Data Act Cover?
The new regulation spans a broad spectrum of industries — from manufacturing and cloud computing services to logistics and consumer goods production — and applies across both the public and private sectors.
For all organizations with robust and harmonized data-classification systems, the Data Act represents an opportunity to create a new environment for collaboration, innovation, and digital transformation — one that strengthens institutional resilience without compromising individual rights.
In the financial sector, companies and banks can use shared data to enhance risk assessment, customer experience, revenue streams, and operational efficiency.
For example, a bank might analyze transaction and travel data to offer personalized services such as travel insurance or currency exchange to clients who frequently travel abroad.
In public services, data collected from public transport systems can be used to improve safety, efficiency, and reliability.
In the energy sector, shared data enables smarter energy consumption and waste reduction.
For instance, a start-up could invite building owners to share sensor data in exchange for a digital platform that monitors and optimizes heating, cooling, and lighting systems — reducing both costs and emissions.
In the healthcare industry, medical device manufacturers can leverage data to design personalized treatments tailored to pre- or post-diagnostic conditions.
Such data may be securely shared with healthcare professionals in real time, allowing for adaptive dosage plans and individualized patient care.
Users of connected products also have the option to share their data with third parties, such as independent repair or maintenance providers.
This fosters fair competition by enabling after-sales service providers to innovate and offer alternatives to manufacturer-controlled ecosystems.
As a result, users — including consumers, farmers, airlines, construction companies, and building owners — gain access to more cost-effective maintenance and repair solutions.
This not only drives lower market prices but also extends the lifespan of connected products, aligning directly with the goals of the European Green Deal.
Industries such as manufacturing, agriculture, and construction are also expected to benefit significantly through the application of machine learning and data analytics, enabling optimization across operational cycles, production lines, and supply chains.
In agriculture, for instance, IoT-based analytics can integrate data from connected equipment to assess real-time conditions — such as weather, temperature, humidity, market prices, and GPS signals.
This empowers farmers to optimize crop yields, plan more efficiently, and make data-driven decisions about resource allocation.
However, the regulation introduces specific restrictions for Technology, Media, and Telecommunications (TMT) companies that are designated as gatekeepers under EU competition law.
These entities cannot benefit from the data-sharing provisions of the Data Act, in order to prevent market dominance and ensure equitable access to data for all other participants in the ecosystem.
What Are the Benefits of the Data Act?
One of the most significant aspects of the EU Data Act is the transfer of control over data from the manufacturers or suppliers of Internet of Things (IoT) products to their users.
While this shift may increase costs and create technical challenges for producers and suppliers as they comply with new data-sharing obligations, it also opens the door to new business models and innovation opportunities.
Access to data generated by IoT devices is now prioritized. From smart home appliances to industrial machinery, users of these devices will — under appropriate conditions — be granted access to the data generated through their use.
At the same time, the Act introduces safeguards to protect trade secrets and prevent potential misuse of shared information.
Trade secrets may only be disclosed to third parties when necessary and only if sufficient measures are in place to ensure confidentiality.
Furthermore, a data holder may restrict access if it can demonstrate that such access would cause serious and irreparable economic harm.
The Data Act also seeks to correct contractual imbalances arising from unequal bargaining power in data-sharing agreements.
It introduces provisions aimed particularly at supporting small and medium-sized enterprises (SMEs), giving them a fairer negotiating position and creating a more balanced contractual environment.
In addition, in cases of natural disasters or emergencies affecting public order, public authorities — limited to the European Commission, the European Central Bank, and other EU institutions — may gain temporary access to privately held data.
Such access is strictly confined to exceptional circumstances where it is necessary for public response and where comparable data cannot be obtained quickly and effectively through other means.
Another key element of the Act is the introduction of safeguards against unlawful data transfers by cloud service providers.
It also promotes the development of interoperability standards for data that can be reused across sectors, ensuring greater transparency and reliability in digital ecosystems.
The regulation further imposes obligations on smart contract providers, requiring them to offer archiving and audit capabilities.
By introducing preventive measures against unauthorized data transfers and reducing consumer dependency on a single provider, the Act enhances the security, flexibility, and trustworthiness of data processing.
Why Does the Data Act Matter Beyond the EU?
Although the EU Data Act is not directly binding on non-EU countries, it is expected to have a global impact by setting new benchmarks for data management and data-sharing practices worldwide.
1.International Alignment
As the EU’s data protection and governance standards gain worldwide recognition, aligning with these frameworks has become a strategic necessity for third countries.
For example, Turkey’s close monitoring of these developments could strengthen its credibility in international data transfers, enhance its national data protection laws, and bolster the legal security of personal data.
2.Digital Transformation and Competitiveness
The Data Act’s approach to data sharing has the potential to accelerate digital transformation beyond EU borders — particularly in emerging digital economies.
For Turkey, this alignment could empower technology start-ups and the broader innovation ecosystem to gain a competitive edge in international markets, facilitating entry into the European digital economy and contributing to sustainable growth.
Such harmonization would also support the development of data-driven business models and foster long-term digital resilience.
3.Implications for the Public Sector
Public institutions can also draw inspiration from the Data Act to improve data-sharing frameworks and enhance the quality and transparency of public services.
This shift supports more data-driven policymaking, strengthens accountability, and promotes an efficiency-oriented public governance culture.
Conclusion
The EU Data Act provides a blueprint for countries seeking to establish robust and ethical data governance frameworks, accelerate their integration into the digital economy, and align with international standards.
It paves the way for a more transparent, efficient, and innovative digital ecosystem, where data is treated not only as an economic resource but also as a shared social asset.
In the modern world, data is the “digital gold.”
How we use it, protect it, and channel it toward innovation defines not only our economic progress but also our ethical responsibility.
For this reason, data service providers within the EU are required to prevent access to or transfer of non-personal data stored in the EU by foreign governments or third countries.
To comply, they must implement all appropriate technical, legal, and organizational safeguards, including contractual provisions where necessary.
