The EU Data Act establishes rules on fair access to and use of data generated by connected products and related services, empowering users and enabling data sharing.
Focus: IoT data sharing, data access rights, cloud switching, interoperability, B2B data sharing
Article 1 — Subject Matter and Scope
Article 3 — Obligation to Make Data Accessible
Article 4 — Right of Users to Access Data
Article 5 — Right to Share Data with Third Parties
Article 8 — Unfair Contractual Terms
Article 14 — B2B Data Sharing Obligations
Article 23 — Cloud Switching
Article 28 — Interoperability
Article 32 — International Data Transfers
GET /v1/frameworks/data-act/articles → 200 OK · structured JSON · official source
The EU Data Act (Regulation EU 2023/2854) establishes harmonised rules on fair access to and use of data generated by connected products (IoT devices) and related services. It empowers users — both individuals and businesses — to access and share data generated by their use of connected products. The Data Act also sets rules on B2B data sharing, cloud switching, interoperability, and safeguards against unlawful data transfers. It entered into force in January 2024 and applies from September 2025.
The Data Act applies to manufacturers of connected products (IoT devices, smart appliances, industrial machinery), providers of related services, data holders who make data available, data recipients, cloud and edge service providers, and users of connected products. It covers any product that obtains, generates, or collects data concerning its use or environment and can communicate that data. Public sector bodies can also request data from private holders in cases of exceptional need.
Manufacturers must design products to make data easily accessible to users. Data holders must share data with users and third parties designated by users on fair, reasonable, and non-discriminatory terms. Cloud providers must remove barriers to switching and ensure interoperability. The regulation applies from 12 September 2025. No specific maximum fine is set at EU level, but Member States must lay down rules on penalties that are effective, proportionate, and dissuasive.
Law4Devs provides the full Data Act text as structured JSON via API. Query by obligation type (data access, sharing, cloud switching), affected party (manufacturer, data holder, cloud provider), or product category. Access provisions on contractual fairness, trade secret protection, and public sector data requests. Cross-reference with GDPR, DGA, and other data governance frameworks.