Search
Contact
Symbolbild zum Data Act: Viele Menschen auf öffentlichem Platz
12.09.2025 | KPMG Law Insights

The Data Act applies. These are the key points

The EU Data Act will come into force on September 12, 2025. The law is intended to promote innovation through the improved availability of data. However, affected companies fear that the protection of trade secrets and copyrights will be weakened.

The regulation on harmonized rules for fair access to and fair use of data (Data Act) was already adopted on November 27 and has been in force since January 11, 2024.

Like the AI Act and the Digital Services Act, the Data Act is part of the European digital strategy. The aim of the Data Act is to make the EU a pioneer in the data-driven society and to ensure fair access to and fair use of data.

These are the key points:

The Data Act is intended to lay the foundations for an EU-wide data sharing economy

All players in the data economy should have access to industrial data in line with their interests. According to the EU Commission, 80 percent of the industrial data collected is never used. The Data Act is intended to lay the foundations for an EU-wide data sharing economy and leverage untapped potential in the development of innovative business models by improving the utilization of industrial data. The EU Commission’s explicit aim here is also to shift the market power of large companies and platforms, which act as gatekeepers, towards SMEs and consumers.

Data use only on the basis of a contract

If non-personal data is generated when using connected products, the manufacturers of these products require a contract with the users in order to be allowed to process the data. Users can even demand that the provider makes the data available to the user free of charge and without delay and also passes it on to third parties on the user’s instructions. In the latter case, the provider may demand reasonable remuneration, but only the reimbursement of direct costs in the case of SME recipients.

Data sharing – new challenges in the development of smart products

Users should be entitled to access the data they generate when using products or services at any time. The law stipulates an “accessibility by design” obligation for product development, according to which products and services should be designed in such a way that users can directly access user-generated data. If they cannot read the data directly within the product, providers are obliged to make the data available to users free of charge without delay – and in some cases even continuously and in real time.

In addition, manufacturers and providers of connected products will in future have pre-contractual information obligations regarding details of data use and existing user rights, which are similar to those of the GDPR.

The Data Act prohibits unfair contractual clauses in standard contracts

The Data Act contains a ban on unfair contractual clauses in standard contracts for data use and licensing from September 12, 2025. For old contracts, a deadline of September 12, 2027 applies (indefinite term or term ≥10 years from January 11, 2024). The prohibitions are strongly reminiscent of the German law on general terms and conditions and provide for a catalog-like list of contractual contents, the agreement of which can lead to the invalidity of individual clauses or, in extreme cases, the entire contract. In addition to the enumerated clause contents, clauses that grossly deviate from “good commercial practice of data access and data use” are particularly invalid.

Facilitating the change of provider for users

Changing providers in the field of data processing – i.e. cloud and edge services in particular – is to be made much easier for customers in future. In particular, the Data Act stipulates that providers must remove all commercial, technical, contractual and organizational obstacles that prevent customers from terminating the contract with a maximum notice period of two months, concluding a contract with a new provider, transferring the data or applications and other digital assets to another service within a minimum period for data retrieval of at least 30 calendar days. To this end, providers should be obliged to ensure the interoperability of their services by using open standards and interfaces. Switching fees may only be charged for this until January 12, 2027.

Data Act enables data access by public authorities

In exceptional cases, the Data Act also provides for a right of access to data by public bodies. The prerequisite for this, however, is that the public body explicitly requests disclosure from a company and approaches the company on the basis of an “exceptional need”. According to the Data Act, such special needs exist in particular in emergencies or if access is necessary for the fulfillment of the authority’s tasks, for example pandemics.

New products must enable data access

In future, manufacturers must design, manufacture and provide connected products and connected services in such a way that users can access their data easily, securely and free of charge as standard. However, this regulation will only apply to products that are placed on the market from September 12, 2026.

Violations can result in substantial fines

The Data Act provides for significant penalties for violations. Fines can amount to up to 20,000,000 euros or up to 4 percent of annual global turnover. The amount of the fines is reminiscent of the GDPR.

Conclusion

It is striking that the Data Act brings the processing of industrial data closer to the processing of personal data in regulatory terms by assigning the right to use the data originally to the users and granting them far-reaching decision-making powers with regard to its use. However, no specific statement has been made on the subject of data ownership.

The Data Act represents a significant encroachment on the contractual freedom of the parties involved in data usage contracts. It remains to be seen what consequences this will have.

Companies should start implementing the requirements of the Data Act now at the latest, as it is clear that the Data Act brings with it numerous obligations for digital companies, some of which can only be guaranteed through long-term and extensive process adjustments.

 

Explore #more

17.07.2026 | KPMG Law Insights

Action Plan Against Tax Crime: Voluntary Disclosure Allowing for Immunity from Prosecution to Be Abolished

Tax and financial crime will be prosecuted more rigorously in Germany going forward. On July 16, 2026, Federal Minister of Finance Lars Klingbeil and Federal…

15.07.2026 | In the media

KPMG Law Guest Post on the DVNW Procurement Blog: Section 97a of the German Act Against Restraints of Competition (GWB): Slight Relief for Lump-Sum Contracts

On July 1, 2026, the Act on Accelerating the Award of Public Contracts—the Public Procurement Acceleration Act, for short—entered into force. A key change is…

15.07.2026 | In the media

KPMG Law Statement on “tagesschau”: Recycled Building Materials Rarely Used Despite Shortages

Gravel, sand, and crushed stone are becoming scarce and more expensive. Recycled construction materials could help. But despite advanced technology, there are major hurdles, especially…

15.07.2026 | In the media

KPMG Law Statement in *Private Banking* Magazine: How the ECB Plans to Launch the Digital Euro

The banking industry is awaiting the ECB’s decision on which institutions will be selected for the digital euro pilot project. From Germany, Deutsche Bank, Helaba,…

10.07.2026 | KPMG Law Insights

New Packaging Implementation Act tightens obligations for companies

  Co-author: Séverine Sieprath, Director of Audit, KPMG AG Wirtschaftsprüfungsgesellschaft   The Packaging Implementation Act (VerpackDG),…

09.07.2026 | In the media

Op-Ed in *Versicherungsmagazin*: D&O Insurance—A Legal Safety Net in Turbulent Times

Liability risks for executives are increasing significantly: New regulatory requirements such as NIS-2, CSRD, and the Supply Chain Act are expanding the responsibilities of managing

02.07.2026 | KPMG Law Insights

Registered mail with return receipt no longer provides proof of delivery—here are some alternatives

Registered mail with return receipt, when used as part of electronic documentation, no longer constitutes prima facie evidence of a…

02.07.2026 | Deal Notifications

KPMG Law advises the Prinzhorn Group on the acquisition of Stora Enso’s German facilities

KPMG Law has advised Mosburger GmbH, a subsidiary of Dunapack Packaging and part of the Austrian Prinzhorn Group, on the acquisition of Stora Enso’s German…

02.07.2026 | In the media

KPMG Law Interview in Focus Business: EmpCo Is Coming: Sustainability Marketing Becomes a Top Priority

Stricter EU rules set clearer boundaries for climate pledges and social claims. KPMG Law expert Manuela Meyer explains which claims must be verified and how…

29.06.2026 | KPMG Law Insights

Embedding Digital Sovereignty in the Enterprise – Legal Requirements for IT Systems

Digital sovereignty is an important strategic success factor, and many measures are also required by law. Through legislation such as the Data Act, NIS-2, the…

Contact

Francois Heynike, LL.M. (Stellenbosch)

Partner
Head of Technology Law

THE SQUAIRE Am Flughafen
60549 Frankfurt am Main

Tel.: +49-69-951195770
fheynike@kpmg-law.com

Leonie Troost-Schönhagen

Senior Manager

THE SQUAIRE Am Flughafen
60549 Frankfurt am Main

Tel.: +4969951195923
lschoenhagen@kpmg-law.com

© 2026 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll