EU Data Act
Siemens Advanta Consulting

Compliance with EU Data Act

EU Data Act

To foster the data economy in the European Union, EU legislators have reshaped the business landscape with new laws that enable fair and simple access to and use of data. The latest of these legislations is the EU Data Act, which has been in force since September.

With this legislation in place, manufacturers of connected devices and others are required to act. The timeline for full implementation remains tight, the obligations and requirements are still being clarified, and fundamental business questions need to be addressed.

What is EU Data Act?

The EU Data Act grants users of connected products the right to access the generated machine data. In addition, the Data Act allows users to grant access to that data to third parties, which may be, for instance, independent service providers, AI startups and potentially also competitors.

Users and third parties may use the data for their own purposes, including providing third party service (as an alternative to manufacturer provided services) or analytics offers.

Manufacturers that fail to provide data access risk facing substantial financial penalties. The penalties are effective, proportionate, and dissuasive and may have retroactive effect; if personal data is concerned, fines shall be according to the GDPR, which means the higher of EUR 20 million or 4% of the annual global revenue.

eu data act privacy people icons

What is required and when?

With the EU Data Act now active, what exactly does this mean for your organization in terms of concrete actions and deadlines?

The legislation introduces several key requirements that demand immediate attention and strategic planning. While the full implementation timeline remains tight and some details are still being clarified, manufacturers of connected devices and other data holders must prepare to address fundamental business questions.

Beside other obligations, manufacturers of connected products need to fulfill three key obligations by two deadlines:

  • Information obligation
    Manufacturers of connected products are required to inform users at point of sales about the data that the connected product generates during usage.
     
  • Data sharing obligation
    The data holder (usually the manufacturer, if it chooses to collect the machine data) is required to share available data with the user of the connected product as well as with third parties authorized by the user.
     
  • Design obligation
    Manufacturers must design new products in a way that the data is directly accessible to the user.

What do these obligations imply? They signify that companies selling connected products are now actively engaged in designing and implementing response strategies for sharing the relevant data. Yet, as is often the case, the details are where the real challenges lie.

Who does the law apply to?

The above-mentioned obligations under the EU Data Act apply to all manufacturers of connected products that make their products available in the EU, irrespective of their industry and place of establishment.

The right to access data is restricted to users within the EU. Third parties that were granted access by users must have a legal representation in the EU to be eligible for data access.

How can you become compliant?

The path to compliance is individual for each company, yet based on our experience, there are four key tips to make this journey a smoother one.

  1. Setting up a cross-functional team
    Due to the complexity of this topic, different functions and experts from within the clients’ organization and from external need to be mobilized, including legal, government affairs, R&D, product management and IT. It is advised to involve all experts and concerned business units from day 1 to form a joint response strategy moving forward.
     
  2. 80/20 and risk-based approach
    The Data Act applies not only to new products, but also to the existing installed base in many cases. Companies with a large variety of product families need to carefully plan their approach to balance the need of being compliant and the effort to implement.
     
  3. Close collaboration between legal and technology experts
    Companies usually need to develop a new technical solution to fulfill the obligations under the Data Act. It is neither a pure technical nor an entire legal decision. Technical feasibility/effort and legal compliance risks need to be evaluated jointly to come up with an optimal solution. In addition, sales and customer service teams need to be involved as well to ensure a smooth customer experience.
     
  4. Treat this as a business opportunity rather than a pure compliance burden
    Despite being a compliance topic from the first glance, the EU Data Act also provides vast opportunities for companies to capture. Creating new revenue streams of providing data, offering third party maintenance services for other companies’ products, or conducting AI analytics on competitors’ machine data, the opportunities seem endless.

How can Siemens Advanta help?

With our footprint in various industries and specifically our experience with the EU Data Act, we can support our clients on their way to become compliant with the obligations. Our project management services span from hands-on project management office support for urgent content issues, to developing comprehensive data strategies designed to meet future digital challenges. Siemens Advanta tailors its offerings and strategies to align with the unique needs and stages of development in areas, e.g. system architecture and data literacy, ensuring that our services are well-suited to each client's specific circumstances and objectives.

If you want to learn more about our offerings regarding the EU Data Act, please download the detailed presentation on the topic here:

Industry experts

Please reach out to our experts for more information.
Dr. Ulli Waltinger
Ulli Waltinger is the Vice President for Artificial Intelligence & IoT at Siemens Advanta and a Fellow of the Siemens AI Lab. He advances AI and IoT technologies, promotes interdisciplinary research, and has led key AI initiatives, including founding the Siemens AI Lab in Munich. He has over 40 publications and more than 100 talks.
Dr. Ulli Waltinger
Artificial Intelligence Global
Dr. Andreas Aschenbrenner
Dr. Andreas Aschenbrenner
Cybersecurity Global

Disclaimer

The information provided herein is for general informational and promotional purposes only and may not be accurate, complete or up to date. The information does not constitute any regulatory, legal, financial, technical or other professional advice.

No responsibility or liability will be accepted for any errors, omissions or inaccuracies in the content. Siemens Advanta disclaims, to the fullest extent permitted by applicable law, any and all liability or responsibility for the accuracy and completeness of the information contained herein and for any acts or omissions made based on such information. Siemens Advanta does not provide any legal, regulatory, audit, or tax advice; readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.

Contact us Contact Us