The EU Data Act: What It Means for Your Business — and How Intrusti Can Help

1. What is the EU Data Act?

The EU Data Act (Regulation (EU) 2023/2854) is the centre-piece of Europe’s data-economy strategy. It entered into force on 11 January 2024 and most provisions start to apply on 12 September 2025. digital-strategy.ec.europa.eu

Unlike the GDPR, which governs personal data, the Data Act covers all industrial and IoT data. Its objectives are to

• give users of connected products a right to the data those products generate,
• ensure fair, reasonable and non-discriminatory terms when one business needs data from another,
• slash the costs of switching cloud providers or running multi-cloud setups, and
• create clear procedures for mandatory data disclosures requested by public bodies in exceptional circumstances.

2. Key Obligations and Deadlines

• Connected products & related services
  • From 12 September 2026, manufacturers must make product-generated data directly accessible to the user — or to a third party the user designates — in real time and in a usable format. cooley.com
• B2B contracts
  • Any term that unilaterally restricts access, use or sharing of data can be struck down as “unfair” for contracts concluded after 12 September 2025. Long-running contracts face the same scrutiny from 2027 onward. lexology.com
• Cloud switching & multi-cloud
  • By 12 September 2025 providers must publish detailed roadmaps for switching.
  • By 12 January 2027 they must abolish all extraction or egress fees except very limited cost-based charges. digital-strategy.ec.europa.eukennedyslaw.com
• Data requests by public authorities
  • From September 2025, businesses in data-rich sectors must comply with strict turnaround times and compensation rules when authorities request data in emergencies or for specific public-interest purposes. deloitte.com

Ignoring these timelines risks contractual disputes, delayed product launches, loss of customers who demand their data — and ultimately fines from national authorities empowered to enforce the Act.

3. Challenges Companies Are Already Reporting

1. Data-mapping at scale
   Teams must catalogue every dataset tied to a connected product, label ownership and usage rights, and surface that information in legal terms.
2. Trade secrets vs. disclosure
   OEMs fear that raw telemetry might reveal performance curves, usage patterns or AI models. The law allows only narrow refusals. deloitte.com
3. Contract remediation
   Boiler-plate licences, royalties and liability clauses rarely survive the Act’s unfair-terms test; legal teams face a rewrite marathon. twobirds.com
4. Interoperable formats & APIs
   “Same quality and usability” means re-engineering schemas, building stable APIs and documenting them for third parties. cliffordchance.com
5. Cloud-exit logistics
   Multi-terabyte workloads now need automated run-books for extraction, checksum validation and redeployment — something most IT teams have never scripted end-to-end.

4. How Intrusti Turns Compliance Into Opportunity

Intrusti was designed from day one around the Data Act’s articles, annexes and deadlines. Here is how our Alpha tackles the pain points:

• Data Atlas™ — automatically discovers telemetry streams, databases and object stores, tags them with Data-Act-relevant metadata (origin, holder, user rights) and draws lineage graphs your lawyers can understand.
• Contract Builder — uses clause libraries aligned with the Act’s Annex on unfair terms; compares legacy agreements, flags offending language and suggests redlines in plain English (or German).
• Secure Access Gateway — issues time-boxed, scope-controlled API tokens so users or nominated third parties can pull live data without exposing the whole backend; every request is immutably logged.
• Trade-Secret Guardrails — a rules engine that enforces field-level redaction, masking or aggregation before data leaves your environment, balancing legal duties with IP protection.
• Portability Orchestrator — generates a step-by-step switching plan, exports datasets in open formats, validates integrity and hands off Terraform-ready bundles for re-deployment on the destination cloud.

Early adopters are already using these modules to transform compliance projects into new revenue streams (monetised data-sharing APIs), faster vendor onboarding, and reduced lock-in risk.

5. Your Next Steps

1. Plot your dates. If your roadmap includes connected-device launches after September 2026, the real-time data-access requirement is already on the critical path.
2. Audit your contracts. Identify clauses that may be void in a few months.
3. Test drive Intrusti. Join our Alpha, see the modules in action, and steer the roadmap with your feedback.

The EU Data Act isn’t just another compliance box to tick; it is the blueprint for the European data economy. With Intrusti, you can turn that blueprint into a competitive edge — starting today.