The Data Act – New Obligations Effective September 2025

Regulation (EU) 2023/2854 of the European Parliament and of the Council of December 13, 2023 (“the Data Act”) is directly applicable in all Member States as of September 12, 2025.

This Regulation aims to harmonize a legal framework that encourages interoperability and the free flow of data.

On the one hand, the Regulation establishes a right of access to data relating to connected products (e.g., vehicles) or related services, and the conditions under which the holders of this right may demand access from service providers and product suppliers.

On the other hand, the Data Act imposes obligations on data processing services, including cloud computing. Specifically, it requires contractual clauses relating to switching data processing service providers to be included in contracts.

If you are a manufacturer/seller/rentor/lessor of a connected product, or a provider of a related service, have you prepared the mandatory pre-contractual information regarding the data that will be generated from the use of the product or service? Have you outlined an internal procedure for responding to requests for access to non-personal data under the Data Act?
If you are a data processing service provider, have you implemented a customer exit strategy that complies with the Data Act’s requirements regarding switching providers?

These are just some of the obligations that will apply from September 12.

For more information, please contact the Intellectual Property and Information Technology Practice Area at Abreu Advogados.

DOWNLOAD PDF