The electronics industry stands at a critical juncture. The EU Data Act represents more than regulatory compliance—it signals a fundamental shift in how connected devices and IoT platforms operate. Traditionally, manufacturers have held exclusive control over the data generated by their products. That paradigm is now changing, as data holders must increasingly share access under the new regulation.
As a seasoned global consultant in digital trust and AI governance, Nemko Digital understands the complexity of this transition. We've guided countless organizations through similar regulatory transformations, and we know that success lies not in resistance, but in strategic adaptation. The companies that thrive under the EU Data Act will be those that view data sharing not as a burden, but as an opportunity to build deeper customer relationships and unlock new business models, facilitated by related services.
The regulation affects every aspect of the electronics ecosystem. Smart home manufacturers must redesign their products or related services to enable direct user access to sensor data. Industrial machinery companies need to implement real-time data sharing capabilities. Connected vehicle manufacturers must prepare for unprecedented levels of data transparency. The scope is vast, but so is the potential for innovation and the strengthening of the data economy.
What You'll Learn
- Obligations for connected devices & IoT platforms. What manufacturers and service providers must implement across products, APIs, and contracts.
- Rights & responsibilities. Clarify who can access what data, under which terms, and how to handle portability and interoperability. Ensure compliance with legal obligations and avoid unfair contractual terms.
- Practical compliance steps. Architecture patterns, governance, and documentation to reduce risk while enabling innovation.
Who Should Attend
Product, engineering, compliance, privacy, legal, and business leaders in electronics/IoT. Whether you're developing smart home devices, industrial sensors, connected vehicles, or IoT platforms, understanding the EU Data Act is critical for your continued success in the European market. Our specialized training programs are designed to equip your team with the knowledge and tools they need to navigate this complex regulatory landscape.
Speakers
- Mónica Fernández Peñalver, Digital Trust Expert
- Pepijn van der Laan, Technical Director
Understanding the EU Data Act: Core Principles and Scope
The EU Data Act (Regulation 2023/2854) entered into force on 11 January 2024, with most provisions becoming applicable this month, on 12 September 2025. This regulation, developed by the European Commission, is part of the European Union's broader digital strategy, complementing the EU AI Act and other digital governance frameworks.
The Act's primary objective is to ensure fairness in the data economy by ensuring that users of connected products can access and control the data they generate. This represents a significant departure from the traditional model where manufacturers retained exclusive control over product-generated data.
Scope of Connected Products
The regulation applies to a broad range of connected products and related services:
Consumer Electronics: Smart home devices, connected appliances, wearable technology, health monitoring devices, and entertainment systems. These products must be designed to provide users with direct access to their data, from energy consumption patterns to usage statistics.
Industrial Equipment: Manufacturing machinery, agricultural equipment, construction tools, and monitoring systems. Industrial users will gain unprecedented access to operational data, enabling better maintenance planning and efficiency optimization.
Mobility and Transportation: Connected vehicles, fleet management systems, and transportation infrastructure. The automotive industry faces particularly complex challenges, as vehicles generate vast amounts of data across multiple systems and sensors.
Related Services: Digital services that enable connected products to function, including mobile applications, cloud-based analytics platforms, and remote control systems. These services must facilitate, not hinder, user access to data.
Key Obligations for Electronics Manufacturers
The EU Data Act introduces several critical obligations that electronics manufacturers must understand and implement. These requirements are designed to shift control of data from manufacturers to users, creating new opportunities and challenges for the industry.
1. Access by Design Requirements
Starting 12 September 2026, all new connected products placed on the EU market must incorporate "access by design" principles. This means that data accessibility cannot be an afterthought—it must be built into the product from the ground up.
Products must be designed so that users can access their data "easily, securely, free of charge, in a comprehensive, structured, commonly used and machine-readable format, continuously and in real time." This requirement fundamentally changes product development processes, requiring manufacturers to consider data access pathways during the design phase.
The technical implications are significant. Manufacturers must implement robust APIs, secure authentication systems, and data export capabilities. They must also ensure that these systems can handle real-time data requests without compromising product performance or security.
2. Pre-Contractual Transparency
Before users purchase or lease connected products, manufacturers must provide clear information about data generation and access. This includes details about the type of data generated, its format and volume, collection frequency, and the specific methods users can employ to access their data.
This transparency requirement extends beyond simple disclosure. Manufacturers must make this information easily understandable and accessible, avoiding technical jargon that might confuse consumers. The goal is to ensure that users make informed decisions about their data before committing to a product or service.
3. Real-Time Data Access Rights
Users have the right to access their data continuously and in real time. This means manufacturers cannot limit data access to periodic exports or summaries. The data must be available when users want it, in the format they need it.
For many manufacturers, this represents a significant technical challenge. Traditional product architectures may not support real-time data access, requiring substantial redesign of data collection, storage, and transmission systems. Companies must invest in scalable infrastructure that can handle potentially millions of simultaneous data requests.
4. Third-Party Data Sharing
Perhaps the most transformative requirement is the obligation to share user data with third parties upon user request. Users can designate any third party to receive their data, and manufacturers must transmit this data on the same technical terms as they provide it to users themselves, and ensure compliance with national law where applicable.
This requirement opens the door to new ecosystems of data-driven services. Users might choose to share their smart home data with energy optimization services, their vehicle data with insurance companies, or their health device data with medical professionals. Manufacturers must be prepared to support these diverse use cases while maintaining data security and user privacy.
Preparing for Implementation: A Strategic Roadmap
Successful EU Data Act implementation requires a structured approach that addresses both immediate compliance needs and long-term strategic objectives. Based on our experience with AI governance and regulatory compliance, we recommend a phased implementation strategy.
Phase 1: Assessment and Planning (Immediate)
Begin with a comprehensive assessment of your current products, services, and data practices. Identify which products fall under the EU Data Act's scope and assess the gap between current capabilities and regulatory requirements.
Develop a detailed implementation plan that prioritizes high-impact changes and establishes realistic timelines for compliance. This plan should include technical requirements, resource needs, and risk mitigation strategies.
Engage with legal and compliance teams to ensure that your implementation strategy addresses all regulatory requirements while supporting business objectives. Consider seeking external expertise to validate your approach and identify potential issues.
Phase 2: Technical Development (6-12 months)
Begin developing the technical infrastructure needed for compliance, including APIs, data access interfaces, and security systems. Focus on creating scalable solutions that can handle increasing data volumes and user requests.
Implement robust testing procedures to ensure that your systems meet performance, security, and usability requirements. Include user testing to validate that data access interfaces are truly "easy" to use as required by the regulation.
Develop comprehensive documentation for your data access systems, including user guides, developer resources, and compliance procedures. This documentation will be essential for both user adoption and regulatory compliance.
Phase 3: Pilot Testing and Refinement (3-6 months)
Conduct pilot testing with selected products and user groups to validate your implementation approach. Use this testing to identify and address any issues before full deployment.
Refine your systems based on pilot feedback, focusing on improving user experience and addressing any technical or compliance issues. Pay particular attention to security and privacy protections, ensuring that increased data access doesn't create new vulnerabilities.
Develop training materials for customer support teams and other staff who will interact with users about data access rights and procedures. Ensure that your organization is prepared to support users effectively.
Phase 4: Full Deployment and Monitoring (Ongoing)
Deploy your EU Data Act compliance systems across all applicable products and services. Monitor system performance and user adoption to ensure that your implementation meets both regulatory requirements and user needs.
Establish ongoing monitoring and improvement processes to address emerging issues and evolving user needs. The regulatory landscape continues to evolve, and your compliance systems must be able to adapt accordingly.
Consider seeking third-party validation of your compliance approach through audits or certifications. This can provide additional assurance and may be valuable for marketing and business development purposes.
Transform Compliance into Competitive Advantage
The EU Data Act represents a fundamental shift in how the electronics industry approaches data governance. While the compliance requirements are significant, they also create unprecedented opportunities for innovation, differentiation, and value creation.
Success requires more than technical compliance—it demands a strategic approach that aligns regulatory requirements with business objectives and user needs. Companies that embrace this challenge will not only meet their compliance obligations but will also build stronger relationships with users and create new opportunities for growth and innovation.
Nemko Digital's expertise in digital governance, AI compliance, and regulatory strategy positions us uniquely to help electronics manufacturers navigate this complex landscape. Our comprehensive approach addresses not just compliance requirements but also the strategic opportunities that the EU Data Act creates, fostering innovation in data spaces.
Don't let the EU Data Act become a compliance burden. Transform it into a competitive advantage that drives innovation, builds user trust, and creates new business opportunities. Join our upcoming webinar to learn how leading electronics companies are turning regulatory requirements into strategic advantages.
Register for the EU Data Act Electronics Webinar
Ready to begin your EU Data Act compliance journey? Contact Nemko Digital today to discuss how our expertise can help you navigate this complex regulatory landscape while building competitive advantages for your business. Our team of experts is ready to provide the guidance, tools, and support you need to succeed in the new era of data sharing.
