June 12, 2024
Share via

Implications of the EU Data Act for Connected Devices: A Guide for Manufacturers

For manufacturing companies, the EU Data Act may carry even greater implications than the EU AI Act. While the AI Act concentrates on the safety and ethical aspects of AI systems, the Data Act has a more direct impact on the business models of these companies by dictating how data (especially IoT data) is accessed, shared, and utilized. Officially enacted on January 11, 2024, the Data Act will become fully applicable on September 12, 2025. This legislation is a cornerstone of the EU’s Data Strategy, initiated in 2020. 

The Data Act applies to any entity involved with the manufacturing of connected products, providing related services, or sharing data with entities within the EU. Providers of data processing services to EU customers, such as cloud and edge services, are also subject to this legislation. This means that non-EU companies engaging in these activities with EU connections will need to comply with the Data Act. 

In this article, we examine the implications of the Data Act for the manufacturing sector.  

The EU Data Act shifts data ownership from manufacturer to the user 

The Data Act introduces definitions for “data holders” and “data users.” Data holders are manufacturers of connected devices, whereas data users are the legal or natural persons who own, rent, or lease these products. For instance, a paper-machine manufacturer would be a data holder, while a forestry company using the machine to make paper would be a data user. Historically, in the absence of the Data Act, manufacturers have had the control over the data generated by their connected products (IoT data), using it to enhance their machinery, offer data-driven maintenance, and other digital services. Under the Data Act, however, the control over the data moves to data users. Data users can choose to share this data with third parties, such as maintenance service providers, if they wish. The data holders are prohibited from using the data related to the product or its services without clear, explicit consent from the data user. This regulation governs both business-to-business (B2B) and business-to-consumer (B2C) relationships. 

The Data Act aims to empower data users by enabling them to leverage data collected by sensors embedded in their products. This regulation seeks to foster a competitive aftermarket and encourage the development of ancillary and other data-based services by third parties. By shifting the control of this data from machine manufacturers (data holders) to machine users (data users), the Act reduces the machine builders’ advantage in developing smart services. Consequently, data users gain the freedom to share their machine or device data, paving the way for new market entrants to offer innovative, data-driven services. The goal of the legislative shift is to democratize data access and stimulate competition and innovation in the digital economy.  

What data do data holders need to provide to data users? 

The Data Act mandates that all raw and pre-processed data generated from the use of a connected product or a related service, which is readily available to the data holder, must be shared. This encompasses a wide range of data types such as temperature, pressure, flow rate, audio, pH value, liquid level, position, acceleration, and speed. Additionally, relevant metadata that provides context and timestamps for the data must be included. 

Data holders are required to inform the data user about the types of product data that the connected device can generate, including the data’s type, format, and estimated volume. All data must be provided in a format that is commonly used and machine-readable to ensure usability. 

While data holders are entitled to reasonable compensation for the costs associated with making the data available, the regulation also aims to protect intellectual property. Specifically, information that is inferred or derived from the basic data using proprietary, complex algorithms or that forms part of proprietary software is exempt from this sharing requirement. Additionally, trade secrets are safeguarded under Directive (EU) 2016/943, but the data holder must demonstrate that disclosing the data could likely result in serious “economic damage.” This balance aims to facilitate data sharing and innovation while protecting manufacturers’ vital business interests.  

In practice, the distinction between “pre-processed data” and “proprietary, complex algorithms” is likely to provoke nuances in interpretation. Moreover, some of the pre-processed data may necessitate substantial computational effort to be extracted from raw sensor data. Fair compensation for this effort will be determined through negotiations between the data holder and data user.  

Additional provisions of the Data Act 

The Data Act also has other important stipulations. They involve the following:  

  • Public sector bodies are granted the authority to access data from private entities under specific circumstances to serve public interests (e.g., natural disasters, pandemics); 
  • Switching between data-processing services (cloud, edge providers) will be made free of charge, swift and efficient 
  • Rules and safeguards are established to prevent foreign public sector bodies to access data held in the EU 

To ensure the efficient implementation of the Data Act, Member States are required to designate a data coordinator to act as a central point of contact – a “one-stop shop” – for all matters concerning the implementation of the Data Act at the national level.  

What does the Data Act mean for builders of connected machines? 

The Data Act introduces significant implications for machine builders in terms of data access and control, shaping how they may need to adjust their business models and strategies.  

Machine manufacturers are required to grant users access to the IoT data produced by their machines and devices. This necessitates that manufacturers strategically consider the types of sensors embedded in their machines, as well as their capabilities to automatically gather and retain data. If the user expresses disinterest in the data derived from their machine, the manufacturer may see little incentive to store this data. Consequently, compensation for data collection and storage must be explicitly negotiated between the data holder and the data user. 

Machine builders monetizing data through service offerings might need to sharpen their strategies. For instance, an elevator manufacturer that utilizes IoT data to deliver service dashboards for detecting anomalies must now provide this data to the property owner, such as a shopping mall or airport. If these property owners can generate similar insights independently, they might forego purchasing them from the manufacturer.  

Generally, however, manufacturers with robust portfolios of data-driven products and services are likely to retain a competitive advantage. These companies can continue to provide value-added services by leveraging their extensive domain expertise and established data and analytics infrastructure. This approach not only appeals to customers who prefer not to develop these capabilities internally but also helps to fend off third-party providers offering similar services. 

Machine builders might adopt strategies to gather and utilize data from competitors’ machines, positioning themselves as third-party service providers, enhancing their market reach and service offerings. 

In summary, to stay innovative and competitive amidst evolving regulations, machine builders should enhance their understanding of the data generated by their machines and proactively develop innovative, data and AI-driven products and services to stay ahead of competitors. Crafting a robust strategy for data collection, processing, and monetization – clearly identifying valuable data and its potential applications – is essential for future success. 

How do consumers and new market entrants benefit from the Data Act? 

With machine builders and device manufacturers required to make their device data accessible, consumers and businesses can anticipate a broader array of service options. This increase in available data can fuel competition among service providers, potentially leading to more innovative services and lower prices.  

The availability of machine data across different platforms and manufacturers can lead to the emergence of new service providers. These entities might specialize in aggregating data from various sources – spanning multiple businesses and consumers – to offer comprehensive services that were not previously feasible. For instance, a company could analyze data from different brands of HVAC systems to provide optimized energy management solutions to large building managers. 

The EU Data Act is a crucial regulation aimed at balancing the needs of data holders and users. Data holders, like manufacturers of connected devices, focus on safeguarding proprietary information and remaining competitive, urging clear rules on what “serious damage” means and seeking fair compensation for data sharing. Conversely, data users from individuals to enterprises appreciate the greater data accessibility that supports innovation, enhances functionality, and could lower costs. They push for transparent and equitable data access to promote competition and technological progress. The Data Act seeks to align these varying interests, ensuring fair data sharing that encourages innovation while protecting data creators’ economic interests. 

References & more

Reach out to us, if you want to learn more about how we can help you on your data journey.


Title: Implications of the EU Data Act for Connected Devices
DAIN Studios, Data & AI Strategy Consultancy
Published in
Updated on July 23, 2024