A host of key provisions in the EU Data Act will come into effect on 12 September, and there’s a lot for businesses to unpack.
The regulation came into force on 11 January 2024 and while a grace period has been running to ensure implementation, rules under the legislation will be applicable across the European Union (EU) from here onward.
At its core, the EU Data Act will introduce sweeping changes with regard to how data from connected devices and cloud services is accessed, managed, and shared across the union. This includes new rules on data access, service portability for organizations, and contractual fairness.
The potential long-term impact of the legislation cannot be understated, according to Soniya Bopache, VP and general manager for data compliance at Arctera.
“The EU Data Act has the potential to foster a more competitive and equitable data economy – largely thanks to its provisions on data access, fair contractual terms, and cloud switching,” she said.
“For businesses governed by the Act, this isn’t just a matter of compliance, it’s an opportunity to build a more transparent, efficient, and innovative digital ecosystem.”
So what can businesses expect with the EU Data Act?
What industries fall under the EU Data Act?
The legislation applies to a broad range of sectors, spanning areas such as manufacturing, cloud computing, transport, and consumer goods.
Moreover, it’s not limited to the private sector, with public sector organizations also expected to benefit from the legislation, according to Peter Grimmond, VP and head of technology at Cohesity.
“The EU Data Act has huge potential to deliver acceleration of both public and private sector innovation, through increased data democratization and access,” he said.
“For all enterprise and public sector organisations that have a robust, compliant, data classification processes already in place, the act will create an environment of collaboration and innovation where innovation can thrive without compromising corporate resilience or individual rights”
Data Access and Transparency
Data access and transparency is a key focus of the legislation, according to official EU materials on the Act.
Fundamentally, the regulations are designed to “enhance the EU’s data economy and foster a competitive data market” by making data more accessible and usable.
The move comes in the wake of an explosion of connected devices across the union in recent years. These IoT products collect vast volumes of data, which the legislation aims to capitalize on for reuse across the region.
To achieve this, new rules under the act will give users of connected devices - including businesses and individuals - greater control over the data they produce.
Similarly, the Act also includes rules on how enterprises can share data with other businesses. According to Grimmond, this aspect of the legislation could deliver positive long-term benefits for both businesses and consumers alike.
“It will speed the ability for data to be shared from more devices across more organisations, and opens the door for the development of new products, services, and ways of doing business,” he explained.
“Crucially, it does this without undermining the robust privacy standards that are the EU’s hallmark regulatory framework: building on GDPR’s global standard for privacy and aligning with DORA’s focus on digital operational resilience.”
Cloud service flexibility
As mentioned, another core aspect of the legislation centers around data portability, particularly with regard to cloud services. The Act aims to provide enterprises more flexibility in how they engage with cloud providers and, crucially, switching or opting for multiple options.
This aspect of the legislation comes in direct response to growing calls for a more fluid and competitive cloud computing industry in the EU, with enterprises having contended with “vendor lock-in” for several years now.
Running parallel to this frustration has been the rise of multi-cloud and hybrid cloud strategies, whereby enterprises host data on multiple providers, or through a combination of on-prem and cloud-based services.
Yet businesses with one particular cloud provider aiming to switch to another have faced significant costs transferring data. These “egress fees” have become a recurring point of contention and even prompted legal action against major industry providers.
With this in mind, the EU Data Act includes measures that ensure customers can switch from one data processing service to another in a more efficient manner.
Notably, the Act doesn’t specifically rule out vendors charging fees for data transfers. However, it obliges cloud providers to pass on these costs to the customer rather than charging excessive payments.
Some providers have taken steps to adhere to the new legislation. Google Cloud, for example, recently announced it would waive data transfer fees for customers switching to another provider.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- DORA and why resilience (once again) matters to the board
- Everything you need to know about the NIS2 Directive
- What businesses need to know about the General-Purpose AI Code of Practice
-
US Senator calls for Microsoft to be investigated over ‘gross cybersecurity negligence’News Ron Wyden, a Democratic senator from Oregon, has written to the chair of the FTC calling for an investigation into Microsoft's cyber practices.
-
LNER warns customers to remain vigilant after personal data exposed in cyber attackNews LNER has warned customers to remain vigilant for social engineering attacks after a cyber attack on the rail operator exposed personal data.
-
The second enforcement deadline for the EU AI Act is approaching – here’s what businesses need to know about the General-Purpose AI Code of PracticeNews General-purpose AI model providers will face heightened scrutiny
-
Meta isn’t playing ball with the EU on the AI ActNews Europe is 'heading down the wrong path on AI', according to Meta, with the company accusing the EU of overreach
-
‘Confusing for developers and bad for users’: Apple launches appeal over ‘unprecedented’ EU fineNews Apple is pushing back against new app store rules imposed by the European Commission, suggesting a €500m fine is a step too far.
-
Apple, Meta hit back at EU after landmark DMA finesNews The European Commission has issued its first penalties under the EU Digital Markets Act (DMA), fining Apple €500 million and Meta €200m.
-
‘Europe could do it, but it's chosen not to do it’: Eric Schmidt thinks EU regulation will stifle AI innovation – but Britain has a huge opportunityNews Former Google CEO Eric Schmidt believes EU AI regulation is hampering innovation in the region and placing enterprises at a disadvantage.
-
The EU just shelved its AI liability directive
News The European Commission has scrapped plans to introduce the AI Liability Directive aimed at protecting consumers from harmful AI systems.
-
A big enforcement deadline for the EU AI Act just passed – here's what you need to know
News The first set of compliance deadlines for the EU AI Act passed on the 2nd of February, and enterprises are urged to ramp up preparations for future deadlines.
-
UK financial services firms are scrambling to comply with DORA regulations
News Lack of prioritization and tight implementation schedules mean many aren’t compliant
