EU Data Act Enters into Force: What It Means for Business

September 2025 – The EU Data Act (Regulation (EU) 2023/2854) officially came into effect on 11 January 2024. Most of its provisions, however, become applicable as of 12 September 2025, with certain product design obligations deferred until 12 September 2026.

Unlike directives, the Data Act is a regulation — it applies directly across all 27 EU Member States without requiring national transposition. Its reach also extends beyond Europe, applying to any company outside the EU that offers connected products or digital services to EU users.

What Does the EU Data Act Cover?

• Access to Data – Users must be able to access the data generated by connected products and services, and share it with third parties.

• Data Portability – Customers and businesses can transfer their data easily between providers.

• Cloud Switching – Cloud providers must enable customers to move data and workloads without artificial barriers or “lock-in.”

• Trade Secret Protection – Safeguards prevent misuse of sensitive business information when data is shared.

• Public Sector Access – In exceptional circumstances (e.g., public emergencies), government bodies may request access to private sector data.

Why It Matters for Business Leaders

For CISOs, Risk Managers, CFOs, and IT Directors, the Data Act represents both a compliance obligation and a strategic shift in data governance:

1. Compliance Complexity – Alignment with GDPR, NIS2, and ISO 27001 is critical.
2. Operational Readiness – IT and OT systems must be re-architected for data portability and interoperability.
3. Risk Exposure – Wider data access rights increase the attack surface.
4. Opportunity – Secure and transparent data sharing can create new business models.

The DIAMATIX Perspective

At DIAMATIX, we see the EU Data Act as more than compliance — it is an opportunity to strengthen trust, drive innovation, and reinforce vigilance:

• Trusted – Compliance demonstrates responsibility and builds confidence.

• Innovative – Data accessibility can fuel new services and collaborations.

• Vigilant – Broader access requires stronger monitoring, incident readiness, and cyber resilience.

Conclusion

The EU Data Act signals a new era for data governance in Europe. Businesses that adapt early — embedding compliance into governance while investing in cybersecurity — will stay secure, compliant, and competitive.

At DIAMATIX, our mission is to help organizations navigate this landscape with clarity and confidence.

Source

• EU PRESS RELEASE

• Regulation (EU) 2023/2854 (EU Data Act) – EUR-Lex Official Text