Those who have data have power. The Data Act redistributes this power

20 October 2025 | Knowledge, News

The EU Data Act, which came into force in September 2025, represents a breakthrough in the regulation of data access and use. Data generated by devices, ranging from agricultural tractors and industrial machinery to solar panels and transport fleets, is no longer the sole property of manufacturers. Other market participants now have the opportunity to access and use this data to develop new, innovative products and services. The Data Act marks a departure from business models based on data monopolisation, to one requiring data to be shared in accordance with its rules. We are therefore entering a completely new reality.

Data as a shared resource

The Data Act forms part of the EU’s broader digital strategy, which aims to create a data-driven economy.

Unlike the GDPR, which focuses on protecting personal data, the Data Act addresses access to and use of both personal and non-personal data generated by internet-connected devices and related services.

The regulation’s main premise is the balanced distribution of access to data among all those who generate and use it.

Data goes beyond manufacturers

The central element of the Data Act is the strengthening of the position of device users and data recipients, i.e. businesses in practice.

Device users are the owners, renters or lessees of connected products, as well as the recipients of related services.

Data recipients are any companies that users allow to use the data, such as insurers, technology start-ups or agricultural advisors. Based on the collected data, they can develop their own services, applications and analyses, which were previously the sole domain of the manufacturer.

The regulation has introduced three key mechanisms:

Users now have the right to access data generated by the products they use, including vehicles, interactive toys, home appliances, and industrial machinery. This data must be made available default, free of charge, in a structured and machine-readable format
Users may request that their data be transferred to third parties (data recipients) of their choice, which enables them to use independent services such as alternative vehicle repair services
Users are protected against unfair contractual terms – any terms that are imposed unilaterally and deemed unfair will not be binding on small and medium-sized enterprises

Manufacturers lose exclusivity and face new obligations

A data holder can be a manufacturer, service provider, distributor, or platform operator — in other words, anyone who has the right or obligation to use and share data from a product or service.

The Data Act imposes several demanding obligations on them:

Data must be shared with third parties on fair, reasonable and non-discriminatory terms, which excludes favouring one’s own services. Therefore, it is necessary to review standard data agreements and policies to eliminate any clauses that could be considered unfair
Products and services should be designed with data availability in mind, and users should be able to retrieve data by default and without undue delay
The mechanism for public sector bodies to access data in cases of ‘exceptional need’ is particularly important. In emergency situations, or when such bodies are carrying out tasks in the public interest, data holders (including manufacturers) must provide the necessary information without undue delay and cannot invoke trade secrets to withhold it

International dimension

Although the Data Act is an EU regulation, its effects will be felt worldwide.

In fact, companies based outside the EU that offer products or services to EU clients must comply with the new rules. The regulation also contains safeguards against illegal access by foreign governments to data stored in the EU and, like the GDPR, protects personal data exported outside the Union.

Summary

The Data Act marks the next stage in the transformation of data law.

By strengthening the rights to access and share information generated by devices, the regulation aims to unlock economic value that has previously been inaccessible.

For those who store data, this means facing compliance challenges and having to remodel existing business strategies.

For data recipients — essentially all businesses — this opens up opportunities to develop new services and sources of revenue that were previously beyond their reach.

Source: Contact Online

Date: 16.10.2025

Any questions? Contact us

Latest Knowledge

Protecting yourself against tax risks in the deposit-return system

The deposit-return system has been in place since October 2025, raising significant tax concerns from the outset. Although the regulations came into force, it was unclear for a long time how to apply them in practice. Some of the regulations needed clarification, some solutions were missing and the published explanations did not cover all the key issues. Consequently, the market began to develop its own operating standards.

Banking sector overview | Banking today and tomorrow | March 2026

On 12 February 2026, the Court of Justice of the European Union (CJEU) issued a judgment concerning the use of the WIBOR index in loan agreements. The CJEU judges confirmed that, in consumer cases, courts cannot examine the correctness of the WIBOR calculation. The banks had correctly informed their clients about the reference rate in accordance with national and EU law.

The issue of the National Labour Inspectorate reform has resurfaced

A new draft law proposing changes to the way the National Labour Inspectorate operates has been submitted to the Sejm. During its first reading on 25 February, the draft was not rejected and was therefore referred to the Social Policy and Family Committee for further consideration. Despite the concerns and controversies raised so far, including by businesses, the legislature continues to pursue the thorough modernisation of Poland’s employment model, which involves increased supervision of the labour market and curbing the abuse of civil law contracts. In this article, we will take a look at the proposals included in the new draft and explain what they mean for businesses.

Energy Radar 2026: Unlocking connection capacity thanks to connections reform – draft UC84 / Sejm print no. 2150

The Polish power system has reached a turning point. While the energy transition is gaining momentum and technological limitations are no longer an issue, connection capacity has become a problem. The UC84[1] draft law, commonly referred to as the Connections Reform, is the response to this crisis.

Polish AI boom

According to the latest data, nearly 15,000 companies dealing with artificial intelligence were registered in Poland in 2025.[1] This testifies to an undoubted boom in AI, as well as to the dynamic changes related to the development of this technology. However, amid the rush to implement AI, do companies consider the most important issue: securing the outcomes of their work and protecting themselves against competitors? In this article, we explore this issue and suggest ways to avoid costly problems.

Length of service now includes periods of self-employment

The length of service no longer depends solely on work carried out under a contract of employment. The amendment to the Labour Code introduces significant changes, as work carried out under civil law contracts or as part of business activity will now also be included when calculating service, which affects employees’ rights. What will this mean for employees and employers?

The Energy Regulatory Office is embracing innovation – submit your project by 20 February!

Regulatory sandboxes support the implementation of the European Green Deal and accelerate the energy transition and development of smart, secure and sustainable energy networks.

Banking sector overview | Banking today and tomorrow | February 2026

The Polish banking sector is undergoing intense reshuffling on a scale not seen for years. Large banks are changing owners, foreign players are shifting their strategies and new investors are entering the market. The question is whether these are just temporary shifts in capital or the beginning of lasting change in the industry’s balance of power.

31 January. Don’t forget about the DAC7 Directive

The deadline for meeting the obligations under the DAC7 directive and the Polish regulations implementing it is fast approaching. Online platform operators must fulfil their reporting obligations by 31 January 2026 at the latest with regard to 2025 data. For many, this is the final opportunity not only to prepare the required information, but also to verify whether DAC7 obligations apply to them and, if so, to what extent.

Can an employer seek reimbursement of remuneration paid under a contractor agreement?

Although claims for the restitution of undue performance are generally dismissed, exceptions are allowed in certain circumstances. Let’s look at some situations in which the restitution of remuneration is feasible and instances when the courts do rule in favour of employees.

Contact us:

Robert Brodzik

Advocate / Counsel / NewTech / Data Protection and Cybersecurity

+48 532 206 479

r.brodzik@kochanski.pl