Symbolbild zum Data Act: Viele Menschen auf öffentlichem Platz
29.11.2023 | KPMG Law Insights, KPMG Law Insights

Key Facts about the new draft of the “Data Act

On February 23, 2022, the EU Commission presented the new draft of the so-called Data Act, the “Regulation on harmonized rules for fair access to and use of data”.
The aim of the Data Act is to ensure access to industrial data that is in the interests of all players in the data economy. According to the EU Commission, 80% of the industrial data collected is never used. The Data Act is intended to lay the foundation for an EU-wide data sharing economy and to leverage untapped potential in the development of innovative business models through improved harnessing of industrial data. The EU Commission’s goal here is also explicitly to shift the market power of large companies and platforms that act as gatekeepers to SMEs and consumers. Here you will find a brief summary of the most important contents:

Data use only on the basis of a contract

Non-personal data generated by the use of networked products should only be processed by the manufacturers of the products on the basis of a contract with the users. The user should even be able to demand that the provider make the data available to third parties free of charge and without delay.

Data Sharing – New Challenges in the Development of Smart Products

Users should be given a right to access data generated by them in their dealings with products or services at any time. In this context, the law provides for an “accessibility by design” obligation for product development, according to which products and services are to be designed in such a way that users can directly access user-generated data. If this data cannot be read out directly within the product by the user, providers are obliged to make the data available to the user immediately free of charge – and in individual cases even continuously and in real time.

In addition, manufacturers and providers of relevant products will in future be subject to pre-contractual obligations to provide information regarding details of data use and existing user rights similar to those under the GDPR.

Prohibition of unfair contract clauses in standard contracts with SMEs

The Data Act includes a prohibition on unfair contract terms in standard data use and licensing contracts. The prohibitions are strongly reminiscent of the German law on general terms and conditions and provide for a catalog-like list of contractual contents, the agreement of which can lead to the invalidity of individual clauses or, in extreme cases, the entire contract. In addition to the enumerated clause contents, clauses that grossly deviate from “good commercial practice of data access and data use” are particularly invalid.

Facilitating the change of provider for users

Switching providers in the area of data processing – i.e., cloud and edge services in particular – is to be made much easier for customers in the future. Specifically, the Data Act requires providers to remove all commercial, technical, contractual, and organizational barriers that prevent customers from terminating the contract with 30 days or less notice, contracting with a new provider, transferring the data, applications, and other “digital assets” to another service. To this end, corresponding providers are to be obliged to ensure the interoperability of their services by using open standards and interfaces.

Data access by public authorities

In exceptional cases, the Data Act also provides for a right of access to data by public bodies. The prerequisite for this, however, is that the public body explicitly requests disclosure from a company and approaches the company on the basis of an “exceptional need”. Under the Data Act, such special needs exist in particular in the event of emergencies or insofar as access is necessary for the fulfillment of the authority’s tasks (e.g., pandemics).


The drafting of the Data Act shows that the EU has recognized the relevance of data as a driver of innovation and wants to promote it. However, it seems questionable whether the Data Act in its present form can actually achieve the goal of promoting innovation through decentralization. In addition to desirable approaches to promoting the interoperability of data-processing systems, it contains numerous obligations for companies that are likely to hinder the harnessing of industrial data or reduce investments in corresponding products. This applies in particular to the obligations with regard to the design of new products and services.
It is striking that the Data Act brings the processing of industrial data closer to the processing of personal data in regulatory terms by assigning the right to use the data originally to the user and granting users far-reaching decision-making powers regarding its use. However, no concrete statement has been made on the subject of “data ownership”.

Finally, the Data Act represents a significant encroachment on the contractual freedom of the affected actors in data use contracts, the consequences of which cannot yet be conclusively assessed.
Companies should closely follow the development of the draft law and start implementing the requirements of the Data Act early, especially as it potentially provides for fines of up to EUR 20,000,000 or up to 4% of global annual turnover as under the GDPR.

Explore #more

13.06.2024 | Press releases

Handelsblatt and Best Lawyers honor KPMG Law Experts

Best Lawyers has once again identified the best commercial lawyers in Germany for 2024 exclusively for Handelsblatt. A total of 28 lawyers were honored by…

27.05.2024 | KPMG Law Insights

Agreement on ecodesign regulation: products to become more sustainable

After lengthy negotiations, the Council and Parliament of the European Union reached a provisional agreement on the Ecodesign Regulation on the night of December 5,…

22.05.2024 | KPMG Law Insights

The AI Act is coming: EU wants to get a grip on AI risks

For many people, artificial intelligence (AI) is the great hope for business, healthcare and science. But there are also plenty of critics who fear the…

17.05.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: When the family business is to be sold

Around 38,000 family businesses are currently handed over each year. In most cases, the change of ownership takes place within the family. But more and…

03.05.2024 | KPMG Law Insights

Doubts about inability to work? What employers can do

The certificate of incapacity for work (AU certificate) serves as proof of incapacity for work due to illness. However, only if the certificate meets certain…

27.03.2024 | KPMG Law Insights

EU Buildings Directive: life cycle greenhouse potential becomes relevant

On March 12, 2024, the EU Parliament approved the amendment to the EU Buildings Directive. The directive obliges member states and, indirectly, building owners and…

19.03.2024 | Business Performance & Resilience, KPMG Law Insights

CSDDD: Provisional agreement on the EU Supply Chain Directive

The EU member states agreed on the CSDDD, the EU Supply Chain Directive, on March 15, 2024. Germany abstained from the vote. Negotiators from the…

21.02.2024 | KPMG Law Insights, KPMG Law Insights

The Digital Services Act – what does it mean for companies?

The Digital Services Act (DSA) is a key component of the EU’s digital strategy and came into force on November 16, 2022. As a regulation,…

15.02.2024 | KPMG Law Insights

Data compliance management: How to implement it in practice

Part 3 of the article series “Professional tips for data compliance management”   The third part of this series of articles deals with data compliance

14.02.2024 | Business Performance & Resilience, PR Publications

Guest article in ZURe: Monitoring the implementation of the LkSG

The current issue of ZURe (p. 20 ff.) contains a guest article by KPMG Law Partner Thomas Uhlig (Head of General Business and Commercial Law),…


Francois Heynike, LL.M. (Stellenbosch)

Head of Technology Law

THE SQUAIRE Am Flughafen
60549 Frankfurt am Main

tel: +49-69-951195770

Leonie Troost-Schoenhagen


THE SQUAIRE Am Flughafen
60549 Frankfurt am Main

tel: +4969951195923

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.