The European Data Act
Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act)
The Regulation (EU) 2023/2854, also known as the Data Act, sets out harmonized rules on fair access to and use of data within the European Union. This regulation is a key part of the EU’s broader strategy to create a single market for data, ensuring that data can be accessed and utilized in a manner that fosters innovation and economic growth while safeguarding user rights.
Structure and Key Sections
- Objectives and Scope: The regulation aims to remove barriers to data sharing, ensuring that data generated by connected products and related services can be accessed and used by users, including sharing with third parties of their choice. It defines the conditions under which data holders must make data available to users and third parties in a fair, reasonable, and non-discriminatory manner.
- Rights and Obligations: The regulation establishes clear rights for users to access data generated by their use of connected products and related services. It also imposes obligations on data holders to provide access to this data, particularly to ensure interoperability and prevent monopolistic control over data.
- Contractual Fairness: The regulation introduces private law rules to ensure that contracts involving data sharing are fair and do not exploit imbalances between parties. This section is critical for protecting smaller businesses and consumers from unfair terms imposed by more powerful data holders.
- Access by Public Sector Bodies: In exceptional circumstances, the regulation allows for the public sector, including the European Commission and other Union bodies, to access necessary data to perform tasks in the public interest, such as during emergencies.
- Interoperability and Standards: The regulation emphasizes the need for interoperability between different data systems and sets out requirements for technical standards to facilitate seamless data sharing across different platforms and services.
- Amendments to Existing Legislation: The Data Act also amends Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 to align them with the new rules on data access and use.
This regulation is pivotal in shaping the digital landscape in the EU, enabling a more competitive and innovative economy while ensuring that data is used responsibly and equitably across different sectors.
Get NIS 2 Supply Chain RiskRisk Means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident. - Definition according Article 6 Directive (EU) 2022/2555 (NIS2 Directive) Checklist
Download our free NIS2 Supply Chain Risk Checklist to ensure your organization meets the latest cybersecurityCybersecurity ‘cybersecurity’ means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881;
- Definition according Article 6 Directive (EU) 2022/2555 (NIS2 Directive)
'cybersecurity’ means the activities necessary to protect network and information systems, the users of such systems,
and other persons affected by cyber threats;
- Definition according Article 2, point (1), of Regulation (EU) 2019/881; compliance standards effortlessly.