Europe is flipping the data game: access beats exclusivity, and collaboration becomes the new power play. The EU’s Data Act redefines digital dynamics, shifting from data ownership to data orchestration. This regulation unlocks industrial data, fostering innovation, competition, and cross-sector collaboration. However, regulatory success ultimately depends on effective implementation and industry adoption. This Viewpoint explores the Data Act’s potential to reshape the digital economy.
The Data Act is one element of the European Commission’s Digital Decade program. It is part of a broader set of initiatives, including the Digital Markets Act (DMA) and the Digital Services Act (DSA), which intends to create a safer, more competitive digital space, and the General Data Protection Regulation (GDPR), which establishes a global standard for data protection, as explained in the Viewpoint “Big Data? Big Security.” Additionally, the proposed AI Act introduces risk-based governance to ensure AI systems are transparent, accountable, and safe.
DEFINING THE DATA ACT
The Data Act’s purposes encompass the following:
Establishing legal and regulatory requirements for data sharing and management
Facilitating access to raw and preprocessed data generated by Internet of Things (IoT) products and services
Promoting the reuse of data
Removing market barriers and exploiting data potential
Inspiring innovation while ensuring digital transformation benefits both individuals and businesses
Encouraging collaboration between involved parties
The Data Act represents a paradigm shift compared to the GDPR; whereas the latter is legislation to preserve personal data on a risk-based approach, the former promotes fair access and transparent sharing of nonpersonal raw data. In recent years, technological and digital advancements, including the expansion of connected devices and the widespread use of cloud solutions, have generated remarkable growth in the data market. According to GlobalData, the global IoT market is projected to reach €1.5 trillion (~US $1.7 trillion) by 2027. Forecasts suggest that the accelerating adoption of AI and other key technology trends, such as 5G and intelligent edge computing, will drive solid growth across all IoT markets. Moreover, the European IoT market is projected to reach €206 billion (~US $234 billion) by 2028.
The public administration sector is expected to grow the most significantly between 2023 and 2028, with a CAGR of approximately 15%. Growth will be propelled primarily by increased IoT adoption for urbanization, resource management, and sustainability, including smart traffic management, environmental-monitoring sensors, and connected public infrastructure. The European Commission estimates that about 80% of European industrial data is unused, and the Data Act will create an additional GDP of €270 billion by 2028.
The data-sharing process within the Data Act can be represented by a structured flow (see Figure 1), which involves the following key stakeholders:
Users — any legal or natural person who owns, rents, or leases connected products and services. Users generate raw data through IoT device interactions (Phase 01). They have the right to access, control, and transfer the data they generate.
Data holders — any legal or natural person that possesses raw and preprocessed data generated by IoT devices. Data holders grant users transparent, secure, and efficient access to data generated by IoT device interactions (Phase 02).
Data recipients — any legal or natural person with the opportunity to extract value from received data. Data recipients, when authorized, gain access to relevant datasets to develop inventive solutions or motivate public sector advancements, whether by businesses or public institutions (Phases 03 and 04).
Service providers — entities, including cloud and edge computing providers, that facilitate intermediary data services and play a crucial role in ensuring data portability and seamless integration between stakeholders (Phase 04).
Public institutions and government agencies — organizations that leverage data to foster innovation and improve policy efficiency; they may access data under specific conditions to serve public interest objectives (Phase 05).
Figure 1. The data-sharing process under the Data Act
The Data Act suggests a structured framework to ensure users, businesses, service providers, and public authorities can access and utilize data under well-defined conditions. At its core, the act embraces three primary data-sharing models:
Business-to-consumer (B2C). Users of connected products, such as IoT devices, have the right to access the data they generate, including nonpersonalized operational data (e.g., a vehicle’s performance metrics during use).
Business-to-business (B2B). Users can share their data with third-party businesses under fair and secure conditions, unlocking benefits such as personalized services, better efficiency, and data-driven innovations.
Business-to-government (B2G). Data holders may provide access to public authorities, allowing them to leverage data for policy improvements, urban planning, and other public interest objectives.
Predicting the Data Act’s impact
The following examples highlight opportunities and illustrate possible outcomes of the Data Act across industries:
Energy and utilities may benefit from the data sharing regulated by the Data Act, fostering industry digitalization and usage optimization. For instance, users can access data recorded by their smart meter and grant access to third parties through a practical application of a B2C model. Energy providers can leverage data to offer tailored solutions, including personalized energy plans that optimize consumption, and support users who seek to reduce their energy footprint and costs. Data collected from IoT technologies monitoring the line conditions of power transmission networks could be shared with weather forecasting companies or meteorological governmental organizations to enhance the accuracy of predictive maintenance. This data could increase the reliability of meteorological forecasting services.
Healthcare, particularly the Internet of Medical Things and connected medical devices, will experience changes under the Data Act. For instance, B2B data sharing from connected devices (e.g., MRI scanners and X-ray scanners) could provide valuable insights into usage patterns, overall performance, and equipment status, thus preventing potential failures. Based on this information, providers can optimize maintenance schedules by addressing issues proactively and creating incentive models to assist healthcare facilities in managing their equipment more efficiently.
Agriculture may get a boost from the Data Act. Installing IoT sensors in fields allows farmers to gain valuable environmental data, including soil moisture, temperature, and humidity, to manage crops more efficiently. This practical application of a B2G data-sharing model could help public administrations monitor environmental conditions and respond to issues like droughts or water shortages. With these insights, public entities can make informed, proactive decisions that support farmers and expand sustainable and resilient agricultural practices.
Automotive manufacturers hold data from sensors and steering devices within the vehicle. The Data Act promotes interoperability; manufacturers could, upon request and with user approval, share data with insurance companies, as data recipients. Insurance companies could use the acquired data to optimize risk calculations, strengthen policies, and develop tailored products.
The Data Act will take effect in September 2025, when data holders will be required to share data with users upon request. Moreover, IoT devices must comply with “by default” data accessibility requirements by September 2026. Noncompliance will result in penalties similar to GDPR fines, which range from 2% to 6% of a company’s annual revenue. Therefore, CTOs, CIOs, and CDOs should prepare to adapt to the Data Act requirements by assessing current data-sharing models and processes, performing a study on costs and opportunities deriving from Data Act adoption, and defining a roadmap for implementing an adequate data-sharing model.
In the meantime, EU policymakers are working to enact measures to clarify outstanding issues and sector-specific regulations. Some ambiguity remains regarding the Data Act and its scope of applicability; data eligibility, in particular, is receiving significant attention.
The Data Act applies to raw and preprocessed data generated through connected product usage or related services that are readily available to the data holder without disproportionate effort. This includes data such as sensor readings and excludes data processed by complex proprietary algorithms, which are considered out of scope. However, “readily available without disproportionate effort” requires further clarification, as does the distinction between preprocessed data (within scope) and processed data (out of scope).
In addition, the design of the proposed compensation mechanisms needs to be studied and understood to ensure the data-sharing model is fair and transparent. Whereas the Data Act stipulates that compensation should be “reasonable and nondiscriminatory,” it doesn’t define what constitutes reasonable or specify whether compensation models will be monetary or service-based. The legislation provides no guidance on how to quantify the factors outlined in the Data Act when determining compensation, resulting in ambiguity and potential inconsistencies in compensation calculations.
NAVIGATING RISKS, UNLOCKING POTENTIAL
The Data Act presents both opportunities and challenges for organizations. As highlighted in the Prism article “How Data Sharing Is Essential to Deliver Industry-Wide Transformation,” some industries (e.g., the energy sector) have successfully leveraged regulatory frameworks to spark digital transformation. Previously, the absence of transparent regulatory incentives discouraged companies from sharing their data, but a clear legal framework can activate new business models, foster cross-industry collaboration, and drive digital transformation (see the Viewpoint “Harnessing External Data Sharing to Unlock Transformative Collaboration”).
Emerging opportunities from the Data Act include:
Data accessibility and governance. The Data Act will increase access to data and create greater transparency and fairness in data access and sharing. It will also establish standardized data-sharing rules that will enhance interoperability across sectors and ensure that users have greater control over their data to better inform decision-making. Public authorities can harness data to improve public safety and resource efficiency and support endeavors like urban planning, environmental monitoring, and smart city development.
Business and market growth. Seamless data exchange creates a more open and competitive digital environment. Individual users and businesses will be able to strengthen their market power by utilizing data-driven insights for competitive advantage. For businesses in particular, such capabilities can strengthen market position through data-driven strategies. Collaboration between data holders and data recipients is encouraged and may facilitate the development of new partnerships and business models.
Data intermediaries could establish themselves as new market players by operating data platforms, merging data pools, and offering companies structured access to useful information. Nevertheless, the Data Act unlocks new economic opportunities by enabling businesses to develop personalized services, optimize customer engagement, and establish new revenue streams through fair access to data.
Innovation. Better access to data can help organizations make advancements in analytics, AI, and service delivery; it can inform customized solutions and push technological innovation across multiple industries. Indeed, this regulation aims to facilitate interoperability and promote the adoption of more intelligent, automated, and predictive technologies across industries.
As organizations prepare to explore opportunities presented by the Data Act, they must also carefully assess the associated costs and threats (see Figure 2). These costs can primarily be associated with three categories:
Technology. Companies may need to implement advanced tools and infrastructure to support data storage, processing, and analytics. Adding the necessary interoperable and secure data-sharing frameworks will demand significant investments. This includes acquiring or developing state-of-the-art software and platforms and ensuring these systems are scalable and secure enough to handle the vast volumes of IoT-generated data.
Compliance. The stringent legal and regulatory requirements for data sharing and management will increase compliance-related costs. Compliance efforts will require investments in monitoring, auditing, and reporting systems to ensure alignment with regulatory standards. To meet these standards, organizations might need to develop or acquire new capabilities, such as legal expertise in data governance, robust cybersecurity measures, and automated compliance tools.
Operating and business model. The Data Act enforces open data-sharing models, which will disrupt traditional business strategies, especially for organizations that currently benefit from exclusive data control. To capture revenue opportunities, organizations must align their operating models, resources, skills, and processes to effectively manage the implications of the Data Act. This could involve strategic decisions about whether to insource or outsource data-related activities, hire specialized talent, or upskill existing teams. Additionally, reshaping workflows and processes to optimize the integration of new data strategies is vital for achieving operational efficiency and maximizing value creation. Some players might need to rethink their data monetization strategies.
Figure 2. Opportunities and threats from the Data Act
Adapting to the new data-sharing requirements represents increased financial and administrative burdens for small and medium-sized enterprises. Another threat posed by the Data Act is the possible exposure of trade secrets and proprietary business data, potentially undermining competitive advantages.
The Data Act’s influence extends beyond Europe, as it applies to any company offering connected products or related services within the EU, regardless of where the company is based. Non-EU companies, such as US tech giants and cloud providers, must adapt to these new standards to maintain their operations within the EU. The Data Act imposes restrictions on transferring nonpersonal data outside the EU; hence, providers must take all reasonable steps to prevent such transfers if they conflict with EU or member state laws.
Conclusion
A SHIFT IN THE DIGITAL LANDSCAPE
The Data Act balances greater data accessibility with fair market competition and creativity, creating opportunities and encouraging cross-industry collaboration, data-driven innovation, and economic growth.
Outcomes will depend on effective implementation, industry adoption, and regulatory clarity. Companies that proactively align their strategies, infrastructure, and compliance frameworks will be well-positioned to capture value. Moreover, the journey toward a data-driven transformation requires organizations to encourage a data-centric culture and adopt a shift in mindset, behaviors, and organizational norms.
Organizations should carefully navigate the complexities:
Review the Data Act requirements, rights, and obligations pertaining to data sharing and usage.
Integrate data sharing into business strategy to leverage data as a core asset.
Evaluate investments to enable secure and interoperable data sharing.
Assess current data practices, including collection, storage, and sharing to ensure alignment with the Data Act.
Develop or improve data governance frameworks to empower people to define and manage processes for data access and sharing and ensure data security, privacy, and interoperability (see the Viewpoint “Managing Data in an AI-Driven World”).
Invest in training and upskilling programs to enhance data literacy across all organizational levels, fostering a culture that values data-driven decision-making.
Implement change management strategies to promote cultural shifts toward data openness.
