What is the EU Data Act?
The EU Data Act (Regulation (EU) 2023/2854) is the EU’s regulation establishing harmonised rules on fair access to and use of industrial and IoT data. It complements the GDPR (which covers personal data) by addressing non-personal and mixed datasets generated by connected products and related services. Entered into force January 2024; main obligations apply from 12 September 2025.
Core Data Act provisions
- Chapter II — User access: users of connected products (cars, machines, smart devices) gain rights to access data they generate and to share it with third parties.
- Chapter III — B2B data sharing: fair, reasonable, non-discriminatory access terms for businesses.
- Chapter IV — Unfair contract terms: blacklist and grey list of clauses void or presumed unfair in B2B data contracts.
- Chapter V — Public-sector access: mandatory data provision to public bodies in exceptional situations (emergencies, public-interest research).
- Chapter VI — Cloud switching: data portability, interoperability, removal of switching fees by 2027.
- Chapter VII — International transfers: safeguards against non-EU government access requests for non-personal data.
Türk şirketleri için
AB pazarına IoT cihaz veya bağlantılı hizmet satan Türk şirketleri için Data Act, kullanıcı veri erişim hakkı tasarımını ürün roadmap’ine alma gereği yaratır. AB bulut sağlayıcı seçen Türk SaaS’lar için switching cost kaldırma (2027) önemli — provider lock-in riskinin yapısal azalması.
Do: design data-export and portability into IoT products from architecture; review B2B contracts for unfair-clause blacklist.
Don’t: assume Data Act overlaps with GDPR cover the same thing — Data Act addresses non-personal data and contractual rights separately.