This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

EU’s new Data Act is almost here

The European Parliament and the Council are about to reach a political agreement on the Data Act. The ongoing discussions include data sharing obligations, territorial scope, trade secrets, and the application date.

In this post, we discuss some of the main provisions that are still under negotiation by the European co-legislators.

Data Act

The draft Data Act is part of the EU’s digital regulatory framework and sets out rules to allow users of connected devices to gain access to data generated by them. Such access may be requested by consumers, businesses, and, in certain cases, by public authorities.

They could also share such data with third parties to provide aftermarket or other data-driven innovative services.

Users would also be able to switch between different cloud data-processing services providers.

Material and territorial scope

The Council and the Parliament seem to agree on the material scope of the data access and sharing right, that is confined to raw and sensor-generated data. The Parliament nevertheless introduced a distinction between “product data” that is the data generated by the use of a connected product, and “related service data” that represents the digitalisation of users’ actions.

However, the geographical scope of the Data Act remains open to negotiation. The current version of the draft only allows the exercise of this right to EU-established data recipients. Nevertheless, the Council proposes that the regulation applies to data recipients irrespective of their place of establishment, even outside of the EU.

Trade secret exemption

Another open issue is the trade secret exemption for B2B and B2C data sharing requests. Such an exemption would provide for a stronger protection of trade secrets and intellectual property and allow organisations to refuse access requests.

As discussed in our previous post, the European co-legislators seem to have found middle ground by considering a trade secret exception on an “exceptional basis”.


Another open point is the application date of the Data Act. While the Council proposes that the Data Act applies 24 months after the entry into force, the Parliament suggests an early application date, only 18 months after the entry into force.

Also, the obligation for IoT devices to make data available would apply to products placed on the market after 12 months from the date of application of the Data Act.

Next steps

We expect the trilogue negotiations to finalise next week.

It will be very interesting to see the final text agreed by the legislators. Stay tuned for further updates on this matter!

The Data Act addresses the legal, economic and technical issues that lead to data being under-used. The new rules will make more data available for reuse and are expected to create €270 billion of additional GDP by 2028.


data, data act, eu, digital, iot, trade secrets, data and cyber