The EU Data Act establishes a horizontal legal framework governing access to, and use of, data generated by connected products and related services. It aims to ensure fairness in data allocation, strengthen user rights, prevent contractual imbalances, and promote interoperability in data processing and cloud services. The Regulation introduces legally enforceable rights of access for users to “product data" and "related service data,” obliging data holders to share such data on fair, reasonable and non-discriminatory (FRAND) terms. It also creates obligations to remove unfair contractual clauses, imposes safeguards for trade secrets, and allows public-sector access where there is an “exceptional need.” For AI governance, the Data Act represents a major structural enabler: it broadens lawful data availability for AI training, enhances multi-cloud portability for AI infrastructure, and embeds transparency obligations regarding international access and governmental data requests. Its provisions on smart contracts set minimum technical requirements, robustness, access control, and safe termination, directly relevant to automated AI data-sharing environments. Entering into force in January 2024 and applicable from September 2025, the Data Act complements the AI Act, the Data Governance Act, and the Cyber Resilience Act as part of the EU’s integrated digital-regulatory architecture.
Full name (additional link): Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) (Text with EEA relevance)