🇪🇺 Live Technology & Software

EU Data Act (Regulation 2023/2854)

Governs access to and sharing of non-personal data generated by connected products and services in the EU.

View official source document

Rules extracted

221

Obligations decomposed

6.9x

Avg obligations per rule

🇪🇺 European Union

Jurisdiction

About this regulation

The EU Data Act establishes harmonised rules on fair access to and use of data generated by connected products and related services. It addresses data access rights for users of IoT products, obligations for data holders, B2B data sharing, unfair contractual terms, public sector access to privately held data in exceptional circumstances, cloud switching and interoperability, and safeguards against unlawful international governmental access to non-personal data. The regulation entered into force on 11 January 2024 and applies from 12 September 2025.

What AuditDSS covers

Source

Regulation

Extracted

Rules

Decomposed

221

Obligations

6.9x

Decomposition ratio

Each rule is decomposed into an average of 6.9 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 221 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in Data Act is scored across independent risk dimensions:

Obligation Weight

How critical within the regulatory framework

Violation Likelihood

How often breached in practice

Enforcement Evidence

Regulator enforcement history and penalties

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title: EU Data Act (Regulation 2023/2854)
Regulatory body: European Parliament and Council
Jurisdiction: 🇪🇺 European Union
Document type: regulation
Effective date: September 12, 2025
Issuing authority: European Parliament and Council of the European Union
Industry: Technology & Software
Official source: View source document ↗

Who this applies to

manufacturers of connected productsproviders of related servicesdata holdersdata recipientsdata processing service providersdata space operators

Key requirements

IoT data access by design
user right to access and share data
B2B data sharing obligations
unfair contractual terms protection
public sector data access in emergencies
cloud switching and portability
interoperability standards
international data access safeguards

Frequently asked questions about Data Act

What is Data Act?

Who does Data Act apply to?

Data Act applies to manufacturers of connected products, providers of related services, data holders, data recipients, data processing service providers, data space operators.

How many obligations does Data Act contain?

AuditDSS has decomposed Data Act into 221 atomic obligations from 32 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of Data Act?

The key requirements include: IoT data access by design, user right to access and share data, B2B data sharing obligations, unfair contractual terms protection, public sector data access in emergencies, cloud switching and portability, interoperability standards, international data access safeguards.

How can I assess my Data Act compliance?

Upload your compliance policy to AuditDSS. The platform maps your document against all 221 Data Act obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces Data Act?

Data Act is enforced in European Union by European Parliament and Council.

When did Data Act come into effect?

Data Act became effective on September 12, 2025.

What industry does Data Act apply to?

Data Act is primarily relevant to the Technology & Software industry. AuditDSS covers 91 regulations in this industry sector.

Build a Data Act compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for Data Act — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering Data Act requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine Data Act with other regulations into a single unified compliance pack for your business.

Build Data Act compliance pack

Already have a policy? Assess it against Data Act

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

AI maps against 221 obligations

Your document is scored against every obligation in Data Act. Each claim is mapped to the obligation tree and evaluated for coverage.

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.