1

The Data Act brings new opportunities and models for business

10 September 2025 | Knowledge, News

Today, 12 September 2025, the Data Act comes into force. This regulation establishes uniform rules for access to data generated by connected products (IoT) and related services, including personal, technical, telemetric, and operational data.

The Data Act also regulates access to data by public authorities in emergency situations.

Why is it a landmark regulation?

Thanks to the Data Act, users of devices or related services now have the right to request access to any data generated when using a product.

This information must be provided in a structured, machine-readable format of the same quality as is available to the entity collecting it, free of charge and without undue delay.

Who is affected by the obligations under the Data Act?

The Data Act imposes obligations on data holders. Data holders are entities that have the right or obligation to use and make available data generated when using a product or service, and include, without limitation:

  • Manufacturers
  • Operators
  • Maintenance service providers
  • Digital service providers

Obligations of data holders

Data holders must make data available to users and third parties of their choice, on clear terms and in confidence.

In particular, this includes:

  • Providing the user with ‘readily available data’ – without undue delay, free of charge, with metadata, continuously and in real time, if possible
  • Making data available to a third party designated by the user
  • Protecting trade secrets through appropriate technical and organisational measures (the data holder may only refuse to disclose data if they can demonstrate a serious risk of damage)
  • Being prohibited from practices that hinder the exercise of the right of access (dark patterns)
  • Keeping records of disclosures and handling requests transparently

The obligation to make data available applies to raw and pre-processed data. However, information inferred or derived from such data remains outside the scope of the Regulation.

Data Act timeline

  • 12 September 2025 – Data Act on user rights and access by public authorities
  • 12 September 2026 – ‘access by design’ requirement for new products and services
  • 12 January 2027 – prohibition on charging fees for changing data processing service providers (switching charges)
  • 12 September 2027 – contracts concluded before the Regulation comes into force will also be covered if they are of indefinite duration or long-term

What to consider now

In order to meet the requirements and prepare for access requests, it is advisable to take the following steps as soon as possible:

  • Inventory your data-generating devices and services
  • Determine which data is ‘readily available’ and must be made available, and which is derived and need not be made available
  • Review and adjust B2B contracts, particularly with regard to prohibited clauses affecting SMEs
  • Develop procedures for making data available, prepare registers and anonymisation and pseudonymisation mechanisms
  • Plan the process of switching cloud providers and adapt systems to ensure they are interoperable
  • Integrate Data Act requirements with GDPR processes, including DPIA

The Data Act also brings new opportunities and models for business

The Data Act is not just about obligations.

It also creates new opportunities. Providing access to data for independent websites, integrators, and application providers enables the development of competitive services and new business models, boosting innovation.

Companies that prepare compliance procedures in good time can avoid regulatory risks and take advantage of the opening data market.

We can help you analyse specific cases, review contracts, and develop a plan for implementing the Data Act within your organisation.

If you are interested or have any queries, please contact us.

Latest Knowledge

Length of service now includes periods of self-employment

The length of service no longer depends solely on work carried out under a contract of employment. The amendment to the Labour Code introduces significant changes, as work carried out under civil law contracts or as part of business activity will now also be included when calculating service, which affects employees’ rights. What will this mean for employees and employers?

Banking sector overview | Banking today and tomorrow | February 2026

The Polish banking sector is undergoing intense reshuffling on a scale not seen for years. Large banks are changing owners, foreign players are shifting their strategies and new investors are entering the market. The question is whether these are just temporary shifts in capital or the beginning of lasting change in the industry’s balance of power.

31 January. Don’t forget about the DAC7 Directive

The deadline for meeting the obligations under the DAC7 directive and the Polish regulations implementing it is fast approaching. Online platform operators must fulfil their reporting obligations by 31 January 2026 at the latest with regard to 2025 data. For many, this is the final opportunity not only to prepare the required information, but also to verify whether DAC7 obligations apply to them and, if so, to what extent.

The New Consumer Credit Act – extensive regulation with a broad market impact

In 2025, the Polish financial market entered another phase of adjustments to EU legislation. The draft new Consumer Credit Act implementing the CCD2 Directive, alongside the regulations on distance financial services, represents one of the most comprehensive attempts to standardise the rules for providing finance to consumers. The changes are so extensive that they cover all stages, from advertising and customer acquisition to the assessment of creditworthiness, the structure of agreements, the scope of the lender’s liability, withdrawal rules and the detailed organisation of remote sales.

Energy Radar 2026: Your roadmap to energy transition

Energy is no longer the exclusive domain of engineers and politicians; it is becoming the foundation of the business strategy of any company that wants to remain competitive. And 2026 will see a multitude of legislative changes that will fundamentally alter the current approach to the rules for grid connection, energy trading and reporting obligations.

Banking sector overview | Banking today and tomorrow | January 2026

On 1 January, new regulations came into force that increased the income tax rate paid by banks. The rate will be 30% in 2026. However, entities starting their business, credit and savings unions (SKOKs), small entities, and banks undergoing restructuring will pay less.

2025 in the banking sector: legal and tax changes, and strategic challenges

The Polish banking sector underwent profound reforms and new regulatory obligations in 2025. Despite achieving record financial results, banks were faced with mounting tax pressures and changes in benchmarks, as well as the implementation of EU regulations concerning operational security, anti-money laundering, digital payments, the use of artificial intelligence, environmental issues, ESG reporting and green transformation. Against this backdrop, we also observed market consolidation, partly driven by growing competition from new banks. In this article, we explore how these factors have transformed the Polish financial institution market.

Contact us:

Natalia Kotłowska-Wochna

Natalia Kotłowska-Wochna

Attorney-at-Law / New Tech, IP, Trade & Logistics Practice Group / Head of New Tech M&A

+48 606 689 185

n.kotlowska@kochanski.pl

Monika Maćkowska-Morytz

Monika Maćkowska-Morytz

Advocate / Partner / Head of the Personal Data Protection and Cyber Security Practice

+48 660 765 918

m.mackowska-morytz@kochanski.pl

Marcin Bęben

Marcin Bęben

Partner / Director / Business Advisory & Development

+48 880 438 247

m.beben@kochanski.pl