One of the European Union’s flagship digital economy laws, the EU Data Act, has now come into effect. The law comes with a core purpose of ensuring fair access and sharing of data generated by connected products to a broader ecosystem of firms. Together with the EU AI Act setting the rules for AI engagement, the Data Act encourages a broader digital policy package aimed at shaping Europe’s data-driven economy. On one hand, this opens up opportunities for innovation, new services, and fairer competition. On the other hand, it imposes new compliance burdens that might pose implementation challenges.  

Crucially, smaller businesses and SMEs see the law as a chance to compete on a more level playing field. Larger companies, however, often view the obligations as costly, complex, and risky to implement quickly and are demanding simplification or streamlining of certain provisions. In this blog, let us understand what benefits the law actually brings and what implementation it poses that requires the watering down of certain provisions.  

Fair Access to Data Rights 

A coalition of 14 European business associations, including the European Digital SME Alliance and Insurance Europe, published a joint statement urging the European Commission and Member States to uphold the regulation and resist pressures to weaken its core provisions. The act is being deemed essential for SMEs as it offers them the ability to port industrial data and shield themselves from unfair contractual terms. 

• Data Access: The act gives users explicit rights to access the data generated by connected products and to share it with third parties. It also requires data holders to make product and service data available on request and to allow users to pass that data to other service providers. This way it removes a legal barrier and makes it practical for smaller firms to compete in markets like predictive maintenance, telematics-based insurance, and fleet analytics. 
• Vendor Lock-In: One of the most concrete ways the Data Act weakens lock-in is by imposing switching and portability obligations on data processing service providers. The law requires providers to support mechanisms that enable customers to port exportable data and digital assets within a defined transition period. When switching is quick, predictable and affordable, smaller suppliers can credibly offer alternative cloud analytics, IoT platforms, or data-processing services. 
• Competitive Fairness: The Data Act contains explicit measures to protect downstream data recipients from unfair B2B contract clauses that would otherwise lock them out of data use. This means SMEs no longer need to accept restrictive default contracts that block innovation, and they have a path to remediation if a counterparty refuses to comply.  
• Foundation for Responsible AI: By ensuring fair access, portability, and contractual balance around data, the Data Act also lays groundwork for compliance with the EU AI Act. High-quality, traceable, and shareable datasets are essential for building and deploying AI systems that meet the AI Act’s requirements on transparency, fairness, and accountability. In this sense, the Data Act doesn’t just level the playing field for SMEs — it also provides the raw material needed for Europe’s vision of trustworthy AI. 

Why Industry Wanted a Softer Data Act 

Trade groups representing Big Tech and other data-heavy sectors have argued for delayed enforcement and softer obligations, citing concerns over technical feasibility, cost, and international competitiveness. 

• Technical redesign of products: Device manufacturers must re-engineer hardware and software to allow user-friendly data access and sharing. For complex products such as connected vehicles or industrial machinery, this requires significant adjustments to data architectures, APIs, and interoperability standards. 
• High compliance costs: Building new interfaces, upgrading IT systems, and reinforcing cybersecurity controls all come with steep upfront expenses. For large firms managing millions of connected devices worldwide, the scale of investment is immense. 
• Risks to intellectual property and trade secrets: Although the Act includes exceptions, companies must prove that withholding data is necessary to protect sensitive business information. The fear is that in practice, disputes will arise about where the line is drawn, exposing businesses to both legal and competitive risks. 
• Complexity of cross-border enforcement: With many national regulators still not fully equipped or legally empowered to enforce the Act, multinational firms worry about inconsistent application across the EU. This patchwork creates uncertainty in designing uniform compliance strategies. 
• Uncertainty around evolving rules: The European Commission is simultaneously reviewing opportunities to simplify or streamline digital regulations. For companies, this raises the risk that obligations could change even after major compliance investments, creating wasted costs. 

Compliance Meets Opportunity 

In many ways, the Data Act and AI Act are two sides of the same coin. While one guarantees access to data, the other ensures that this data powers AI in a safe and ethical way. The EU Data Act’s journey highlights the push-and-pull between regulators, SMEs, and Big Tech. While the act reflects certain concessions in the face of genuine industry concerns, it resists any demands for unfair B2B contracts with robust cloud switching provisions and stronger rights for users to access and share their raw data. Those who prepare early, balancing risk management with strategic opportunity, will be best positioned to turn compliance into a competitive advantage.