As a core regulation under the EU Digital Strategy Framework, the "Data Act" has established an important rule system for regulating data circulation and usage within the EU. It officially came into effect on January 11, 2024, and will be fully enforced on September 12, 2025. It sets clear requirements for data compliance for global enterprises operating in the EU.
The act exists in the form of regulations and does not require individual EU member states to conduct local legislation separately. It directly has legal effect and each member state needs to designate a competent authority to implement it, ensuring the unified implementation of the rules. Its legislative purpose focuses on enhancing individuals' and enterprises' access to and use of data, particularly exploring the value of data generated by connected devices, and complementing the GDPR, which emphasizes the legality of personal data and the minimization of data, by placing greater emphasis on the availability and value release of data.
The act covers the entire life cycle of data generation, storage, access, sharing, and transmission, and its scope of application includes all "connected products" and related services, with a wide range of scenarios. In the B2C sector, this includes consumer-level smart devices such as smart refrigerators, speakers, cleaning robots, fitness trackers, medical equipment, and smart connected vehicles; in the B2B sector, it involves industrial equipment such as factory machines, smart solar panels, elevators, and braking systems.
The act clearly stipulates the requirements for data sharing between enterprises and public institutions, strengthens users' control over personal data, and standardizes key links such as cross-border data transmission and third-party data access. Adhering to compliance adaptation can not only help enterprises meet the EU data governance standards, break market access barriers, but also effectively reduce duplicate compliance costs and lay the foundation for expanding the European digital market.
Nowadays, this act has become an important pillar of the EU's "relaxed internally and strict externally" data governance framework, jointly building a legal system that balances data protection and value utilization with the GDPR, promoting the formation of a fair and innovative European data economic ecosystem.
