Symbolbild zum Data Act: Viele Menschen auf öffentlichem Platz
29.11.2023 | KPMG Law Insights, KPMG Law Insights

Key Facts about the new draft of the “Data Act

On February 23, 2022, the EU Commission presented the new draft of the so-called Data Act, the “Regulation on harmonized rules for fair access to and use of data”.
The aim of the Data Act is to ensure access to industrial data that is in the interests of all players in the data economy. According to the EU Commission, 80% of the industrial data collected is never used. The Data Act is intended to lay the foundation for an EU-wide data sharing economy and to leverage untapped potential in the development of innovative business models through improved harnessing of industrial data. The EU Commission’s goal here is also explicitly to shift the market power of large companies and platforms that act as gatekeepers to SMEs and consumers. Here you will find a brief summary of the most important contents:

Data use only on the basis of a contract

Non-personal data generated by the use of networked products should only be processed by the manufacturers of the products on the basis of a contract with the users. The user should even be able to demand that the provider make the data available to third parties free of charge and without delay.

Data Sharing – New Challenges in the Development of Smart Products

Users should be given a right to access data generated by them in their dealings with products or services at any time. In this context, the law provides for an “accessibility by design” obligation for product development, according to which products and services are to be designed in such a way that users can directly access user-generated data. If this data cannot be read out directly within the product by the user, providers are obliged to make the data available to the user immediately free of charge – and in individual cases even continuously and in real time.

In addition, manufacturers and providers of relevant products will in future be subject to pre-contractual obligations to provide information regarding details of data use and existing user rights similar to those under the GDPR.

Prohibition of unfair contract clauses in standard contracts with SMEs

The Data Act includes a prohibition on unfair contract terms in standard data use and licensing contracts. The prohibitions are strongly reminiscent of the German law on general terms and conditions and provide for a catalog-like list of contractual contents, the agreement of which can lead to the invalidity of individual clauses or, in extreme cases, the entire contract. In addition to the enumerated clause contents, clauses that grossly deviate from “good commercial practice of data access and data use” are particularly invalid.

Facilitating the change of provider for users

Switching providers in the area of data processing – i.e., cloud and edge services in particular – is to be made much easier for customers in the future. Specifically, the Data Act requires providers to remove all commercial, technical, contractual, and organizational barriers that prevent customers from terminating the contract with 30 days or less notice, contracting with a new provider, transferring the data, applications, and other “digital assets” to another service. To this end, corresponding providers are to be obliged to ensure the interoperability of their services by using open standards and interfaces.

Data access by public authorities

In exceptional cases, the Data Act also provides for a right of access to data by public bodies. The prerequisite for this, however, is that the public body explicitly requests disclosure from a company and approaches the company on the basis of an “exceptional need”. Under the Data Act, such special needs exist in particular in the event of emergencies or insofar as access is necessary for the fulfillment of the authority’s tasks (e.g., pandemics).


The drafting of the Data Act shows that the EU has recognized the relevance of data as a driver of innovation and wants to promote it. However, it seems questionable whether the Data Act in its present form can actually achieve the goal of promoting innovation through decentralization. In addition to desirable approaches to promoting the interoperability of data-processing systems, it contains numerous obligations for companies that are likely to hinder the harnessing of industrial data or reduce investments in corresponding products. This applies in particular to the obligations with regard to the design of new products and services.
It is striking that the Data Act brings the processing of industrial data closer to the processing of personal data in regulatory terms by assigning the right to use the data originally to the user and granting users far-reaching decision-making powers regarding its use. However, no concrete statement has been made on the subject of “data ownership”.

Finally, the Data Act represents a significant encroachment on the contractual freedom of the affected actors in data use contracts, the consequences of which cannot yet be conclusively assessed.
Companies should closely follow the development of the draft law and start implementing the requirements of the Data Act early, especially as it potentially provides for fines of up to EUR 20,000,000 or up to 4% of global annual turnover as under the GDPR.

Explore #more

21.02.2024 | KPMG Law Insights, KPMG Law Insights

The Digital Services Act – what does it mean for companies?

The Digital Services Act (DSA) is a key component of the EU’s digital strategy and came into force on November 16, 2022. As a regulation,…

15.02.2024 | KPMG Law Insights

Data compliance management: How to implement it in practice

Part 3 of the article series “Professional tips for data compliance management”   The third part of this series of articles deals with data compliance

14.02.2024 | PR Publications

Guest article in ZURe: Monitoring the implementation of the LkSG

The current issue of ZURe (p. 20 ff.) contains a guest article by KPMG Law Partner Thomas Uhlig (Head of General Business and Commercial Law),…

14.02.2024 | KPMG Law Insights

The AI Act is coming: EU wants to get a grip on AI risks

For many people, artificial intelligence (AI) is the great hope for business, healthcare and science. But there are also plenty of critics who fear the…

09.02.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: The employment law function

In almost all German companies, the employment law function is located in the HR department and not in the legal department. One of the reasons…

02.02.2024 | KPMG Law Insights

CSDDD: Provisional agreement on the EU Supply Chain Directive

On December 14, 2023, the Council and the European Parliament reached a provisional political agreement on the EU Corporate Sustainability Due Diligence Directive (CSDDD). This…

01.02.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: Fair play in eSports

eSports is a billion-dollar market that is growing rapidly. This makes it all the more important for the economic players involved to comply with applicable…

24.01.2024 | KPMG Law Insights

How the new unitary patent works – ten facts

The new unitary patent can be applied for at the European Patent Office (EPO) from June 1, 2023. The Implementing Regulations and the Schedule of

22.01.2024 | PR Publications

Guest article in the Börsen-Zeitung on the subject of EU antitrust regulations

Agreements with competitors on sustainability efforts may violate antitrust law. Which legal interest should then take precedence? KPMG Law expert Jonas Brueckner discusses this question…

18.01.2024 | KPMG Law Insights

AI and copyright – what is permitted when using LLMs?

A few months ago, new players entered the legal scene and have since caused numerous legal discussions: Large Language Models (LLM), better known as…


Francois Heynike, LL.M. (Stellenbosch)

Head of Technology Law

THE SQUAIRE Am Flughafen
60549 Frankfurt am Main

tel: +49-69-951195770

Leonie Schoenhagen


THE SQUAIRE Am Flughafen
60549 Frankfurt am Main

tel: +4969951195923

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.