Prepare for the EU Data Act today
The EU Data Act introduces binding obligations by 12th September 2025 for manufacturers of connected products, giving end users control over product-generated usage data. Rethink your data architecture, product design, and business models to ensure compliance, address security risks, and unlock significant new opportunities in data monetization.
EU Data Act
The EU Data Act is a landmark European regulation transforming how data from connected products & services is accessed, shared and managed. Its phased approach fundamentally shifts the power over usage data from manufacturers to end users, creating new strategic, business, and technical imperatives.
For manufacturers, this means a complete re-evaluation of how data is collected, stored, and shared. Product design, data governance & architecture, APIs, and security protocols must be rethought to allow access by design. The regulation opens the door to cross-industry data-driven business models, such as value-added services and third-party partnerships, and can help unlock an estimated €270 billion in potential GDP across the EU by 2028. Today, 80% of industrial data in Europe remains unused, which is a massive untapped resource.
Article 3 – Access by design
Connected products must be designed to allow easy user access to readily-available data by default, including export tools and clear user instructions.
Article 4 – User right to access
Users of connected products & services must retrieve their data free of charge in a structured, machine-readable format, incl. meta data.
Article 5 – Third-party sharing
Users are entitled to authorize third parties to access their product-generated data. Data holders must enable this on fair, reasonable, and non-discriminatory (FRAND) terms.
The EU Data Act requires manufacturers to rethink data, design, and business models, putting users at the center. Strategic preparation is vital for compliance and competitive advantage.
Who will be affected
The EU Data Act applies to all manufacturers of connected products made available on the EU market. All such products that generate usage data, whether for consumer or industrial markets, are covered. If you manufacture, distribute, or sell connected products in the EU, this legislation affects you directly, regardless of your market segment or physical location.
When will it apply
- By 12 September 2025, users must be able to access their data and share it with third parties.
- By 12 September 2026, all products must support user data access by design.
The transition period is designed to give manufacturers time to adapt, review products, update architectures, design new governance frameworks, realign internal teams, and create clear user pathways for data access and sharing.
Why should you comply
Not complying with the EU Data Act comes with substantial risks:
- Penalties: Fines of up to €20 million or 4% of global annual turnover (Article 33).
- Market exclusion: Non-compliant products may not be sold in the EU from September 2026.
- Revenue impact: Delayed compliance can hinder new product launches and block data-driven services.
- Reputational risk: Lack of transparency can erode the trust of customers and business partners.
- Operational risk: Rushed last-minute projects can result in technical debt, system failures, or security vulnerabilities.
Passive or unprepared compliance can also undermine your business:
- Security threats due to inadequate authentication, testing, or monitoring exposing customer data
- Loss of competitive edge to companies that move faster to build integration capabilities and ecosystems.
- One-sided value extraction, with third parties capturing value if you do not build your own data services.
- Erosion of brand and market relevance if your products are seen as “just hardware”.
- Strategic leakage or misuse of sensitive data lacking proper governance.
The EU Data Act is a catalyst for modernizing product strategy, technical foundations, and business models.
Discover your Data Act readiness
Is your organization prepared for the EU Data Act? Understanding your current capabilities in data access, sharing, and security is the first step. Contact us for a tailored assessment to identify compliance gaps and opportunities, build robust data governance, and chart your path to regulatory compliance and market leadership.
Effects of new regulation
The EU Data Act transforms the way connected product data is managed, placing data access and control into the hands of end users, and setting rigorous new requirements for manufacturers. We’ve outlined the key impact areas and requirements for manufacturers below:
Products must support user access to product-generated data by default. This includes integrating data provisioning, export tools, and providing clear access instructions.
Users must be able to retrieve their data at no cost, in a structured, machine-readable format.
Users can authorize third parties to access their data. Manufacturers must enable this on FRAND (Fair, Reasonable, and Non-Discriminatory) terms.
Non-compliance can result in fines up to €20 million/4% of global turnover at the same level as GDPR, market exclusion, loss of competitive position, security incidents, or reputational risk.
Manufacturers can establish advanced data management, get data governance straight, enable third-party ecosystems, provide value-added services (like analytics and monitoring), and unlock the value of previously unused data.
Automotive
For an automotive OEM, we identified and designed customer journeys to meet regulatory requirements, refined the implementation plan from high level to continuous delivery with stakeholder groups from Legal, Data Protection, IT, and Vehicle R&D, acted as proxy Product Owner during delivery, and continually optimized incremental product delivery.
Automotive
For an automotive OEM, we helped setting up the project structure to achieve EU Data Act based on PMO best practices combining classic project management and agile product development with a special focus on immediate measures, ensuring communication between stakeholder groups as well as consolidating requirements between business, IT, data and legal teams.
Automotive
OEMs have embraced data sharing since 2019 through portals, remote diagnostics, and APIs, integrating third parties such as insurers and fleet services. Eraneos is a long standing partner for companies aiming to create or improve their data business offerings and third-party ecosystems.
