ARTICLE
7 November 2025

The Impact Of The Data Act On Your Organisation

ML
Monard Law

Contributor

Monard Law logo

Monard Law, an independent business law firm in Belgium with 25+ years of experience. We are a one-stop shop law firm for your business, with a wide variety of expertise in various legal fields.

Our team of professional lawyers provides you with high-quality tailored legal advice and assistance from our offices in Antwerp, Brussels, Ghent and Hasselt. As such, Monard Law combines a broad professional expertise and high end services with a local presence and a philosophy of outspoken approachability.

It is our belief that every company is entitled to high quality counseling and experienced representation. Every single one of our clients, from small or medium sized companies to multinational corporations, non-profit organizations and public authorities, can count on our complete support and dedication.

Explore Firm Details
From this Friday, September 12th 2025, the European Data Act will officially apply.
Belgium Privacy
Dylan Verhulst,Kristof Zadora, and Jade Claessens

From this Friday, September 12th 2025, the European Data Act will officially apply. This Act marks a significant milestone in the European data strategy, which aims to improve data availability and foster a fair, innovative, and competitive data economy within the European Union (EU) for consumers, businesses, and public authorities. According to estimates by the European Commission, nearly 80% of industrial data remains unused. The Data Act seeks to address the underlying issues to ensure optimal use of industrial data across the EU.

The deadline is rapidly approaching, and the impact of the Data Act is substantial, particularly for organisations that share, receive, or store data, and those offering connected products, related services, or data processing services. This includes organisations that exchange or sell industrial data, providers of "Internet of Things" applications, manufacturers of internet-connected machines or tools and cloud service providers. For such organisations, it is high time to act.

In our previous newsletters, we discussed the key provisions of the Data Act (The Data Act in practice – Monard Law and International data transfers under the GDPR, the Data Governance Act and the Data Act – Monard Law). This newsletter delves deeper into the practical application and highlights the main considerations for your organisation.

1. Key principles of the Data Act

The Data Act introduces rules on access to, use of, and sharing of data.What types of data are covered in practice? Some examples include: sensor data from a smart thermostat, data from a smart washing machine, usage patterns of a smart robotic arm, cloud usage statistics from a cloud platform, smart meter data from a household, data from connected medical equipment, operational data from a wind turbine, diagnostic data from an electric vehicle, etc.

The Regulation imposes various obligations on organisations, effective from Friday, September 12th 2025, unless stated otherwise.

The key principles of the Data Act can be summarised as follows:

  • Business-to-business data sharing is promoted by prohibiting certain contractual terms. Clauses that unfairly restrict the use or sharing of data, particularly those that deviate from the principle of good faith, are prohibited. The Data Act introduces an open norm alongside a black and grey list of unfair terms. These provisions apply immediately to contracts concluded on or after September 12th Contracts concluded before or on that date must comply by September 12th 2027 if they are of indefinite duration or expire after January 11th 2034
  • Data holders must grant users, both consumers and organisations, greater control over data generated through their use of a product or service. Users have the right to request that such usage data be shared with third parties of their choice
  • Providers of data processing services must ensure that users can switch providers easily, both technically and contractually. They must also prevent unlawful transfers of non-personal data outside the European Economic Area.
  • Public sector bodies may request access to data where there is a legal obligation or exceptional need, such as in the case of a national cybersecurity incident.
  • Users have the right to access all usage data without organisations imposing additional conditions. This obligation applies to connected products and related services from September 12th 2026 onwards.

2. How can an organisation prepare for the Data Act?

1. Mapping data within the organisation

To determine whether your organisation must comply with the Data Act, it is essential to identify what data is generated by your organisation and whether this data is shared with third parties.

The Regulation defines data as: "any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording". This broad definition encompasses both personal and non-personal data. Importantly, the General Data Protection Regulation (GDPR) takes precedence over the Data Act where personal data is involved in a data pool.

Public and private organisations that market connected products (e.g. "Internet of Things" devices or internet-connected machines) or related services, offer data processing services (e.g. cloud services) or act as data holders or recipients should urgently develop an internal action plan to meet the deadline of September 12th 2025.

2. Reviewing your contracts

If your organisation falls within the scope of the Regulation, it is crucial to review the existing contracts and templates as soon as possible. All contracts concluded after September 12th 2025 must comply immediately with the obligations of the Data Act.

In any case, certain necessary amendments must be made to ensure compliance with the Data Act, especially regarding the new unfair terms (open norm, black and grey list), but also in general regarding clauses on data access, storage, and sharing of data.

All contracts concluded before or on September 12th 2025 that are of indefinite duration or expire after January 11th 2034 must also be revised. To do so, the Data Act provides a longer adjustment period: organisations have until September 12th 2027 to bring these contracts into compliance.

When available, organisations may apply the model clauses for fair data sharing, which are expected to be published by the European Commission by September 2025.

3. Preparing for compliance with the obligations of the Data Act

Your organisation must be ready to comply with the Data Act from September 12th 2025, where applicable. Adequate training and awareness among staff are essential. Therefore, it is possible to draft an internal data policy, which can define how the organisation handles data access or sharing requests by users or third parties, how the organisation meets its information obligations under the Data Act and when data sharing agreements are required. While not mandatory, implementing such a policy is strongly recommended.

It is crucial for organisations to reflect on the new obligations introduced by the Data Act. Untimely compliance may result in significant consequences, including fines.

3. Conclusion

The Data Act is a key component of the European Data Strategy. Given the extensive obligations it introduces, Monard Law can offer you the necessary support.

Naturally, the Data Act does not stand alone. It is part of a broader regulatory framework that includes the Data Governance Act and the Digital Markets Act. It also interacts with other legal frameworks, such as the GDPR and intellectual property law. Therefore, an integrated approach is essential in the rapidly evolving digital landscape.

The Technology, Digital & Data team at Monard Law is available to assist with any questions regarding the Data Act and other questions regarding innovative technologies, the EU digital strategy, and privacy and data protection.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Dylan Verhulst
Dylan Verhulst
Photo of Kristof Zadora
Kristof Zadora
Person photo placeholder
Jade Claessens
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More