NEWS     17.09.2025

The EU Data Act in terms of Logistics

 

The EU Data Act, adopted in 2023 and effective from September 2025, changes how businesses access and use data from connected products in the EU. While it affects all industries, it’s particularly important for medium and large companies in sectors like manufacturing, transport, energy, healthcare, and digital services.

The primary objective of the EU Data Act is to make data generated by connected products – such as industrial machines, cars, smart home devices, and other connected gadgets – more accessible to end users. Until now, manufacturers and service providers had exclusive control over the data produced by their products, often using it for maintenance, performance analysis, and product improvements. Under the EU Data Act, this will no longer be possible.

Companies will be required to provide users with access to the data their products produce and, if the user requests it, share that data with a third party. The data must be provided in a user-friendly format that can be easily used by other systems, without unnecessary delay, and generally free of charge. If data is shared with a third party, the conditions of sharing must be fair and balanced.

From a legal perspective, the EU Data Act introduces new definitions and legal roles. The distinction between “data holder”, “data user” and “data recipient” became important in contract drafting, dispute resolution and internal compliance.

Benefits in Logistics

For example, under the EU Data Act, logistics companies will be able to access real-time data from their fleet, e.g. engine performance or fuel consumption. This means they can track fuel efficiency, spot when engines are unnecessary running for too long, and even anticipate maintenance needs. For instance, if a truck’s engine shows early signs of overheating, the owner can address the issue before it leads to expensive repairs or an outage. By analysing this data, companies can also adjust routes, cut fuel costs, and improve delivery times.

For companies acting as data holders – such as manufacturers of connected products or service providers – the EU Data Act imposes both operational and legal changes. Companies need to revise their data management processes, update internal systems, and review existing contracts to meet new requirements. Existing clauses that limit users’ access to data or block data sharing with third parties may need to be amended, as from September 2025, such restrictions could be considered invalid under the EU Data Act.

For companies acting as data users – for example, operators of connected machinery or fleets – the EU Data Act offers access to data that was previously unavailable or provided only under restrictive terms. This means that companies can work more efficiently, avoid dependence on a single supplier, and acquire new partners to improve their entire operations.

Limitations to data sharing

Although the EU Data Act allows to access data from connected products, these rights are not absolute. First, businesses must have a valid operational reason for requesting access, meaning the data should only be used for purposes directly tied to business activities. Personal data remains protected under the GDPR, so companies cannot access personal information unless anonymized.

Additionally, access to data may be restricted to safeguard intellectual property or sensitive business information. For example, proprietary software or trade secrets cannot be shared under the Data Act.

In some cases, businesses may also be required to share data with public authorities, particularly during emergencies. However, such requests must be specific and justified, typically related to public safety or national security. There are certain safeguards, but it sets a precedent for non-personal data being used in the public interest. Companies with relevant data should verify if these rules apply to them and get ready for potential requests.

The EU Data Act also covers cloud infrastructure. It introduces rules to make it easier for companies to switch between different service providers that store and process data online. This means providers can no longer use contracts, technical barriers, or high fees to make it difficult to move their data. Cloud service providers must ensure their systems be compatible, so the switching process is simple and cost-effective, allowing businesses to find a better offers without complications.

Practical steps to take

To comply with the EU Data Act, companies need to take a few important steps. They should review their contracts, especially those related to connected products, data sharing, and service delivery. Any clauses that unjustifiably restrict access to data, limit its disclosure to third parties, or prevent easy data transfers should be removed or at least updated. On the operational side, companies need to set up new processes for dealing with data access requests. This may include updating internal systems or even introducing new compliance mechanisms.

 

Grzegorz Kłodkowski