# Data Act

The [EU Data Act](https://eur-lex.europa.eu/eli/reg/2023/2854/oj) is one of the key building blocks of the European data economy. Applicable since 12 September 2025, it creates harmonised rules on access to and use of data generated by connected products and related services.

In practice, the Data Act gives users greater control over the data they help generate. It enables individuals and organisations using connected products,  such as vehicles, industrial machinery, smart appliances, medical devices, or agricultural equipment, to access that data and, where relevant, share it with third parties of their choice.

For businesses, the Data Act is not only a legal compliance topic. It is also a practical data-sharing challenge. Once an organisation has the right to access data, the next question becomes: how can that data be shared securely, transparently, and under agreed conditions?

This is where trusted data-sharing frameworks become relevant. iSHARE Trust Framework helps organisations move from legal permission to operational trust by supporting clear agreements, roles, identification, authorisation, and controlled data access across ecosystems.

<figure><img src="/files/TaRAfBUF5eBsVs9sZM7Q" alt="" width="439"><figcaption></figcaption></figure>

### 1. Why the Data Act matters

Data has become a strategic resource for innovation, competitiveness, and better decision-making. Connected products and digital services generate large volumes of data every day, yet much of this data remains locked within closed systems or controlled by a limited number of actors.

This creates several challenges:

* users often cannot access the data generated by the products they own, rent, or lease;
* businesses may struggle to obtain data needed to offer repair, maintenance, optimisation, or other data-driven services;
* smaller companies may face unfair contractual terms when negotiating access to data;
* cloud customers may find it difficult or costly to switch providers;
* data spaces need interoperability and trusted governance to scale.

The Data Act addresses these challenges by creating clearer rules for who can access data, under what conditions, and with which safeguards.

### 2. What the Data Act does in simple terms

The Data Act introduces rules for fair access to and use of data. It focuses especially on data generated by connected products and related services, but it also covers other important areas of the data economy.

In simple terms, the Data Act:

* gives users of connected products access to data generated through their use of those products;
* allows users to request that this data is shared with third parties;
* defines conditions for mandatory business-to-business data sharing;
* protects businesses, especially SMEs, from unfair contractual terms;
* allows public sector bodies to request data from businesses in exceptional situations;
* makes it easier for customers to switch between cloud and edge service providers;
* introduces safeguards against unlawful access to non-personal data by foreign governments;
* supports interoperability for data spaces, data processing services, and smart contracts.

The regulation therefore combines legal rights, market fairness, technical interoperability, and data governance principles.

### 3. Who is affected by the Data Act?

The Data Act affects a broad group of actors across the data economy.

<figure><img src="/files/BeqpsFAnZgZnhXQL8kND" alt=""><figcaption></figcaption></figure>

This broad scope means the Data Act is relevant not only for legal teams, but also for product designers, data strategists, IT providers, cloud service providers, data space operators, and ecosystem coordinators.

### 4. What data is covered?

The Data Act mainly focuses on data generated by connected products and related services.

A connected product is a physical item that obtains, generates, or collects data about its use, performance, or environment and can communicate that data. Examples include connected vehicles, industrial machines, smart home devices, medical devices, energy systems, and agricultural equipment.

A related service is a digital service connected to the functioning of the product. For example, an app that controls, monitors, or adapts a connected product may qualify as a related service.

<figure><img src="/files/9CxTIpjnFmDTlYfhiOQN" alt="" width="563"><figcaption></figcaption></figure>

This distinction is important. The Data Act is not designed to transfer every possible insight from a data holder to a user. It focuses on making accessible the data generated by the use of connected products and related services, while preserving incentives to invest in data-driven innovation.

### 5. Main rights and obligations under the Data Act

#### 5.1 Users gain access to connected-product data

The Data Act gives users the right to access data generated by connected products and related services. This access should be provided in a clear, secure, timely, and usable way.

Users may also ask that the data be shared with a third party of their choice. This can help create more competitive markets for repair, maintenance, insurance, optimisation, energy management, logistics, and other data-driven services.

For example, a company using connected industrial equipment may be able to request access to performance data and share it with a third-party maintenance provider. This can support predictive maintenance, reduce downtime, and improve operational efficiency.

#### 5.2 Data holders must share data under fair conditions

Where a data holder is legally required to make data available, the terms must be fair, reasonable, non-discriminatory, and transparent.

This is especially important in business-to-business relationships where one party depends on another party’s data to provide a service or compete in a market.

The Data Act also allows data holders to request reasonable compensation in some cases. However, safeguards exist to prevent excessive charges, particularly for SMEs and not-for-profit research organisations.

#### 5.3 SMEs are protected against unfair contractual terms

The Data Act addresses situations where a stronger party imposes unfair “take-it-or-leave-it” contractual terms on another business.

This protection applies to contractual terms related to data access and use, liability, remedies, or termination of data-related obligations.

The aim is to make data-sharing contracts more balanced and prevent larger actors from using their bargaining power to block fair access to data.

#### 5.4 Public bodies can request data in exceptional cases

The Data Act allows public sector bodies, the European Commission, the European Central Bank, or Union bodies to request data from businesses where there is an exceptional need.

This can include public emergencies such as natural disasters, public health emergencies, or major cybersecurity incidents. In certain non-emergency situations, public bodies may request non-personal data where it is necessary for a specific public-interest task provided by law.

These requests must be specific, proportionate, transparent, and limited to what is necessary.

#### 5.5 Cloud switching becomes easier

The Data Act introduces rules to reduce lock-in in cloud and edge computing services. Customers should be able to switch between data processing service providers more easily, with fewer commercial, technical, contractual, and organisational obstacles.

This supports competition, resilience, and multi-cloud strategies. It also helps organisations avoid excessive dependence on a single provider.

#### 5.6 Non-personal data receives protection from unlawful foreign government access

The Data Act includes safeguards to prevent unlawful access to non-personal data stored in the EU by third-country governments.

This does not prohibit international data transfers. Instead, it creates conditions and protections to ensure that access requests from non-EU authorities do not undermine EU law, fundamental rights, national security interests, trade secrets, or commercially sensitive information.

#### 5.7 Interoperability becomes a legal priority

The Data Act recognises that access rights are only useful if data can actually flow between systems. It therefore introduces requirements and expectations around interoperability for data spaces, data processing services, data-sharing mechanisms, and smart contracts.

This is particularly relevant for Common European Data Spaces, where many organisations need to share data across sectors, borders, platforms, and trust domains.

### 6. From legal access to trusted data sharing

The Data Act creates rights and obligations. However, rights and obligations alone do not make data sharing operational.

For data sharing to work in practice, organisations need answers to practical questions:

* Who is requesting access to the data?
* What role does that organisation or person have?
* Is the request based on a valid agreement?
* What data is the requester allowed to access?
* For what purpose may the data be used?
* How is consent, authorisation, or delegation managed?
* How can access be audited, verified, and revoked?
* How are trust and compliance maintained across multiple participants?

This is the bridge between the Data Act and trust frameworks.

The Data Act says that data should be accessible under certain conditions. iSHARE Trust Framework helps ecosystems define and enforce those conditions in a trusted, scalable, and interoperable way.

### 7. Where iSHARE Trust Framework fits

The Data Act strengthens the legal foundation for data access and use. iSHARE Trust Framework supports the operational foundation for trusted data sharing.

In a data-sharing ecosystem, it is not enough to know that a party has requested access. Participants need a reliable way to verify identities, roles, authorisations, agreements, and policies. This is especially important when data is shared across organisational boundaries, sectors, or countries.

<figure><img src="/files/3cUZpgk08uolZK7D90IH" alt=""><figcaption></figcaption></figure>

In this sense, the Data Act and iSHARE Trust Framework are complementary.

The Data Act clarifies when access to data should be possible. iSHARE Trust Framework helps make that access trustworthy, controlled, and operational.

### 9. Conclusion

The Data Act is an important step toward a fairer and more competitive European data economy. It gives users stronger rights to access and share data generated by connected products and related services. It also introduces rules for fair business-to-business data sharing, public-sector access in exceptional cases, cloud switching, third-country access safeguards, and interoperability.

For organisations, the Data Act should not be seen only as a compliance obligation. It is also an opportunity to rethink how data is shared, accessed, governed, and trusted.

This is where iSHARE Trust Framework can play a meaningful role. By supporting trusted identification, authorisation, agreement-based access, and scalable ecosystem governance, it can help organisations turn the Data Act’s legal framework into practical, secure, and interoperable data sharing.

The future of the European data economy will not depend only on whether data can be accessed. It will depend on whether data can be shared with trust.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://trustbok.ishare.eu/enable-ishare/data-act.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.