EU Data Act: Your Essential Compliance Checklist

The EU Data Act is now in effect, fundamentally changing how data is shared, accessed, and transferred within the European Union. To help your business navigate these new obligations and avoid "vendor lock-in" risks, we have compiled this comprehensive compliance checklist.

Whether you are a SaaS provider, an IoT manufacturer, or a digital service user, use this roadmap to ensure your operations align with the new regulatory landscape.

1. Contract Templates & Governance

The Data Act introduces strict requirements for B2B and B2C agreements.

• New Contracts: All agreements signed after September 12, 2025, must include specific Data Act provisions regarding data access and switching.

• Legacy Contracts: You have until September 12, 2027, to update existing customer agreements to be fully compliant.

• Model Clauses: Review and approve standard contract language (SCLs) to ensure they meet fairness and transparency standards.

2. Data Portability & Technical Readiness

Technical barriers can no longer be used to restrict a customer's right to their own data.

• Portability APIs: Your technical infrastructure must enable seamless data transfers. Ensure all APIs are documented and tested.

• Export Formats: Data must be available in common, machine-readable formats like JSON, XML, or CSV.

• Regulatory Deadlines: Establish protocols to ensure data handover requests are completed within the legally stipulated timeframes.

3. Pricing, Terms & Exit Strategy

The Data Act aims to make switching between service providers frictionless.

• Adjusted Exit Fees: Termination costs must comply with new restrictions designed to prevent vendor lock-in.

• Transparent Pricing: Ensure all price change mechanisms are clearly communicated to the customer.

• Index Justification: Any price adjustments tied to market indices must be clearly justified and documented.

4. SLA & Operational Responsibilities

Service Level Agreements (SLAs) must now reflect the increased accountability required by the Act.

• Performance Standards: Clearly define and document measurable service levels in every contract.

• Automatic Compensation: Implement systems to trigger automatic penalties or credits when SLAs are breached.

• Customer Audit Rights: Ensure contracts explicitly grant customers the right to verify your compliance and service delivery.

5. Internal Compliance Documentation

• Contract Inventory: Catalog all existing agreements to prioritize the "Legacy Update" project.

• Rollout Schedule: Plan a systematic update of contract changes over the next two years.

• Assigned Ownership: Appoint responsible persons to manage ongoing compliance and regulatory updates.

Quick Action Plan

Future-Proof Your Data Strategy

The EU Data Act represents a shift toward a fairer, more open data economy. Starting your compliance journey today ensures your business remains competitive and compliant as the 2027 deadlines approach.

Want to discuss how the Data Act affects your specific business model?

• Follow Legaunsel on LinkedIn for the latest regulatory updates.

• Contact us directly: legaunsel@legaunsel.fi

FAQ: Quick Answers on the EU Data Act

Q: Who does the Data Act apply to?

A: It applies to manufacturers of connected products (IoT), providers of related services, and providers of data processing services (Cloud/Edge) offered in the EU.

Q: What is "Vendor Lock-in" in the context of the Data Act?

A: It refers to technical or contractual barriers that make it difficult or expensive for a customer to switch to a different service provider or move their data.

Q: Can we still charge for data access?

A: Yes, but compensation must be reasonable and—for agreements with SMEs—cannot exceed the direct costs of making the data available.