EU Data Act Enters into Force, Raising Concerns Among Industry Groups and Companies

The European Union’s Data Act took effect on September 12, while the European Commission’s digital simplification package is expected only in December. This timing has raised concerns in the industry, as companies fear receiving contradictory signals from Brussels.

The law was adopted to ensure that users of smart devices, such as connected cars or smart home equipment, have fair access to the data these devices generate. Manufacturers are required to design products that make it easier for users to share their data, except in cases where doing so could expose sensitive business secrets.

In emergency situations, such as floods or cyberattacks, private companies may be obliged to share data with public authorities. However, industry associations warn that businesses must now comply with the Act even though some rules could soon be revised through the simplification package.

The Business Software Alliance (BSA), whose members include Amazon, Microsoft and Cisco, has warned that companies may invest in compliance efforts only to see the obligations modified shortly thereafter.

The Computer & Communications Industry Association (CCIA) echoed this view, with its representative Alexandre Roure stating that reopening the Act now would create even greater uncertainty. The European Commission, meanwhile, insists there is no connection between the simplification measures and the national mechanisms needed to enforce the Data Act. Since September 12, the rules have applied directly across all 27 member states, alongside national measures defining penalties and enforcement.

Violations of the Act can result in fines of up to €20 million or 4% of a company’s global annual turnover, whichever is higher. The Commission says it is working closely with member states to ensure timely and consistent implementation of the law.