Overview
The EU Data Act, Regulation (EU) 2023/2854, is EU law on fair access to and use of data generated by connected products and related services — the "Internet of Things". When a device is used, it produces data; the Data Act sets out who may access that data and on what terms, so the value is not locked up by whoever made the device.
The Data Act gives the user of a connected product — and any third party the user authorizes — the right to access and share the data their use generates. It also sets rules on data sharing, fairer contract terms, switching between cloud providers, and interoperability.
Timeline
The regulation became law across the EU.
The bulk of the obligations become applicable.
What it does
It is distinct from the GDPR, which governs personal data. The Data Act mainly concerns non-personal, industrial and product-usage data, though the two regimes can meet where product data is also personal.
How it relates
The Data Act is part of the legal backbone for data spaces and the Digital Product Passport: product, material and compliance data has to be accessible and portable rather than trapped in proprietary systems. The passport itself is introduced mainly through the ESPR, and the access and portability rights that make it work in practice draw on the Data Act.
Note: general educational information from the Pareo team, not legal advice. Check the official source before relying on it.