Tech sector finds schedulation of upcoming EU data regulations and red tape reduction plan perplexing
The European Data Innovation Board is set to discuss national implementation measures for the Data Act, which is set to apply from September 12, 2025, after entering into force on January 11, 2024. This new legislation imposes broad obligations on tech companies dealing with data-intensive products and services, particularly those involving connected devices and industrial/IoT data.
Under the Act, manufacturers of devices must design their products to make it easy for users to get and share their data. However, exceptions exist to protect important business secrets. The Act also mandates data sharing in exceptional cases like emergencies with government entities.
The rollout timing of the Data Act has caused confusion in the tech sector, as it takes effect three months before the European Commission’s digital simplification package is expected. This future package aims to cut red tape and reduce certain reporting obligations to ease compliance burdens, but details and scope remain uncertain as the Commission collects input for possible policy streamlining.
Potential impacts on compliance include a current need for companies to prepare for immediate compliance with the Data Act’s provisions by mid-September 2025, impacting their product designs, data sharing policies, and user rights management. However, possible adjustments to compliance requirements or relief for certain obligations may come from the upcoming digital simplification package, adding uncertainty to how companies should prioritize compliance investments and operational changes.
The digital simplification package may also affect related legislation, such as the EU AI Act, where amendments aimed at easing burdens on businesses, especially SMEs, are anticipated by late 2025.
The practical application of the Data Act is causing concerns among companies. The Commission has said there is no link between the planned Digital Simplification Omnibus and the national measures needed to give practical effect to the Data Act. However, the Business Data Alliance (BDA) is calling for the application of the law to be deferred to ensure legal clarity.
In an effort to support a timely and consistent implementation of the Data Act, the Commission is working closely with member states. Companies will need to stay agile to comply with current rules while monitoring the Commission’s forthcoming changes and guidance to adapt accordingly.
Certain industry stakeholders, such as the Computer & Communications Industry Association (CCIA) Europe and the Business Software Alliance (BSA), have expressed concerns about the timing of the EU’s digital initiatives, fearing that companies may have to comply with the full obligations of the Data Act, only to see them potentially revised shortly thereafter.
Significant concerns persist among industry stakeholders regarding the Data Act's potential impacts on competition and innovation, potential increases in costs for end users, and the need for clear guidance on issues like protecting businesses' trade secrets and the interaction between the Data Act and the GDPR's data protection framework.
As the implementation of the Data Act approaches, tech companies are faced with the challenge of navigating immediate legal obligations while simultaneously managing uncertainty due to the imminent EU digital simplification measures, which might modify or alleviate some requirements.
- To ensure compliance with the Data Act, tech companies are required to adjust their product designs, data sharing policies, and user rights management, as the Act mandates ease of data access and sharing for users while protecting business secrets.
- The rollout of the Data Act, set to take effect three months before the European Commission’s digital simplification package, introduces uncertainties for tech companies, as potential adjustments to compliance requirements or relief for certain obligations may be included in the future package, affecting product designs, data sharing policies, and operational changes.
