Complete guide to the Data Act — IoT data sharing rights, cloud switching, B2B data sharing, and interoperability in the EU.
The EU Data Act (Regulation 2023/2854) establishes harmonised rules on fair access to and use of data generated by connected products (IoT devices) and related services. It empowers users — both individuals and businesses — to access and share data generated by their use of connected products. The Act also sets rules on B2B data sharing, cloud switching, interoperability, and safeguards against unlawful data transfers. It entered into force in January 2024 and applies from 12 September 2025.
Manufacturers of connected products (IoT devices, smart appliances, industrial machinery), providers of related services, data holders and data recipients, cloud and edge service providers, and users of connected products.
Article 1
Article 3
Article 4
Article 5
Article 8
Article 14
Article 23
Article 28
Article 32
Entered into force
11 Jan 2024Data Act became EU law.
Application date
12 Sept 2025All Data Act obligations become enforceable.
No specific maximum fine set at EU level. Member States must lay down rules on penalties that are effective, proportionate, and dissuasive.
The Data Act gives users of connected products the right to access and share data generated by their use of those products.
The Data Act introduces rules to reduce vendor lock-in for cloud and edge computing services.
Law4Devs provides the full Data Act as structured JSON. Query by obligation type, affected party, or product category. Cross-reference with GDPR and the Data Governance Act.
GET /v1/frameworks/data-act/articles → 200 OK · structured JSON · official EUR-Lex source
The EU Data Act (Regulation EU 2023/2854) establishes harmonised rules on fair access to and use of data generated by connected products (IoT devices) and related services. It empowers users — both individuals and businesses — to access and share data generated by their use of connected products. The Data Act also sets rules on B2B data sharing, cloud switching, interoperability, and safeguards against unlawful data transfers. It entered into force in January 2024 and applies from September 2025.
The Data Act applies to manufacturers of connected products (IoT devices, smart appliances, industrial machinery), providers of related services, data holders who make data available, data recipients, cloud and edge service providers, and users of connected products. It covers any product that obtains, generates, or collects data concerning its use or environment and can communicate that data. Public sector bodies can also request data from private holders in cases of exceptional need.
Manufacturers must design products to make data easily accessible to users. Data holders must share data with users and third parties designated by users on fair, reasonable, and non-discriminatory terms. Cloud providers must remove barriers to switching and ensure interoperability. The regulation applies from 12 September 2025. No specific maximum fine is set at EU level, but Member States must lay down rules on penalties that are effective, proportionate, and dissuasive.
Law4Devs provides the full Data Act text as structured JSON via API. Query by obligation type (data access, sharing, cloud switching), affected party (manufacturer, data holder, cloud provider), or product category. Access provisions on contractual fairness, trade secret protection, and public sector data requests. Cross-reference with GDPR, DGA, and other data governance frameworks.
All articles, recitals, and amendments — queryable, filterable, and always up to date.