3

Those who have data have power. The Data Act redistributes this power

20 October 2025 | Knowledge, News

The EU Data Act, which came into force in September 2025, represents a breakthrough in the regulation of data access and use. Data generated by devices, ranging from agricultural tractors and industrial machinery to solar panels and transport fleets, is no longer the sole property of manufacturers. Other market participants now have the opportunity to access and use this data to develop new, innovative products and services. The Data Act marks a departure from business models based on data monopolisation, to one requiring data to be shared in accordance with its rules. We are therefore entering a completely new reality.

Data as a shared resource

The Data Act forms part of the EU’s broader digital strategy, which aims to create a data-driven economy.

Unlike the GDPR, which focuses on protecting personal data, the Data Act addresses access to and use of both personal and non-personal data generated by internet-connected devices and related services.

The regulation’s main premise is the balanced distribution of access to data among all those who generate and use it.

Data goes beyond manufacturers

The central element of the Data Act is the strengthening of the position of device users and data recipients, i.e. businesses in practice.

Device users are the owners, renters or lessees of connected products, as well as the recipients of related services.

Data recipients are any companies that users allow to use the data, such as insurers, technology start-ups or agricultural advisors. Based on the collected data, they can develop their own services, applications and analyses, which were previously the sole domain of the manufacturer.

The regulation has introduced three key mechanisms:

  • Users now have the right to access data generated by the products they use, including vehicles, interactive toys, home appliances, and industrial machinery. This data must be made available default, free of charge, in a structured and machine-readable format
  • Users may request that their data be transferred to third parties (data recipients) of their choice, which enables them to use independent services such as alternative vehicle repair services
  • Users are protected against unfair contractual terms – any terms that are imposed unilaterally and deemed unfair will not be binding on small and medium-sized enterprises

Manufacturers lose exclusivity and face new obligations

A data holder can be a manufacturer, service provider, distributor, or platform operator — in other words, anyone who has the right or obligation to use and share data from a product or service.

The Data Act imposes several demanding obligations on them:

  • Data must be shared with third parties on fair, reasonable and non-discriminatory terms, which excludes favouring one’s own services. Therefore, it is necessary to review standard data agreements and policies to eliminate any clauses that could be considered unfair
  • Products and services should be designed with data availability in mind, and users should be able to retrieve data by default and without undue delay
  • The mechanism for public sector bodies to access data in cases of ‘exceptional need’ is particularly important. In emergency situations, or when such bodies are carrying out tasks in the public interest, data holders (including manufacturers) must provide the necessary information without undue delay and cannot invoke trade secrets to withhold it

International dimension

Although the Data Act is an EU regulation, its effects will be felt worldwide.

In fact, companies based outside the EU that offer products or services to EU clients must comply with the new rules. The regulation also contains safeguards against illegal access by foreign governments to data stored in the EU and, like the GDPR, protects personal data exported outside the Union.

Summary

The Data Act marks the next stage in the transformation of data law.

By strengthening the rights to access and share information generated by devices, the regulation aims to unlock economic value that has previously been inaccessible.

For those who store data, this means facing compliance challenges and having to remodel existing business strategies.

For data recipients — essentially all businesses — this opens up opportunities to develop new services and sources of revenue that were previously beyond their reach.

Source: Contact Online

Date: 16.10.2025

Any questions? Contact us

Latest Knowledge

Contractual practices prohibited under the Data Act 

One of the key aspects of the Data Act is the introduction of provisions on prohibited contractual practices. These provisions are intended to protect businesses operating within the broadly understood digital industry that have a weaker contractual position.

KSeF and transfer pricing: a new era of transparency and operational challenges

The introduction of the National e-Invoice System (KSeF) represents one of the most significant challenges for group companies in recent years. Although the KSeF is intended to simplify the invoicing process and reduce tax abuse, it also has a significant impact on transfer pricing, particularly with regard to the documentation and settlement of TP adjustments.

Contributing assets to a family foundation – what to keep in mind

A family foundation is a legal entity whose purpose is to manage wealth effectively and ensure its succession without the risk of dispersing assets accumulated over generations. Therefore, a key issue related to the activities of such an organisation is the contribution of this wealth to the foundation in the form of various types of assets that will work for the beneficiaries. Let’s take a look at what this process involves in practice.

Cloud migration after the Data Act: new rights, lower costs and greater freedom

The Data Act requires a significant change in approach to cloud services. Companies should review their contracts and start planning updates immediately. It is crucial to introduce appropriate switching provisions and remove or renegotiate exit fees. Companies must also prepare their infrastructure, both technically and organisationally, for interoperability and migration in accordance with the new regulations.

A decade of sustainable development

Ten years ago, the international community adopted the 2030 Agenda for Sustainable Development with 17 Sustainable Development Goals (SDGs). As a signatory, Poland committed itself to implementing measures in the areas of economy, society and the environment. A decade on, and it is a good time to summarise our achievements and the key ESG regulations that have shaped the legal landscape in Poland and throughout the European Union.

Banking sector overview | Banking today and tomorrow | October 2025

According to estimates by the Polish Bank Association (ZBP), the last four months of 2025 may bring banks operating in Poland another PLN 10 billion in profits. This would set a new record, probably marking the last such good year. Forecasts for 2026 suggest that bank profits will decline to PLN 35 billion.

New tax limits for company cars

From 1 January 2026, new limits will come into force regarding the inclusion of depreciation charges and lease payments for passenger cars in tax-deductible costs.

Foreign investments in companies from strategic sectors under state protection

On 24 July 2025, amendments to the Act on the control of certain investments came into force, including the removal of the time limitation of the provisions relating to the control of certain investments prior to foreign acquisition. These regulations were introduced during the COVID-19 pandemic and were valid for a specific period.

Contact us:

Robert Brodzik

Robert Brodzik

Advocate / Counsel / NewTech / Data Protection and Cybersecurity

+48 532 206 479

r.brodzik@kochanski.pl