For years, access to data generated by devices and systems has been an effective way of binding customers to technology providers. The Data Act weakens this mechanism and shifts competition towards service quality, analytics and the ability to utilise data.
The Data Act, which comes into force on 12 September 2025, does not grant companies the right to all data held by the manufacturer. However, it does give users of connected products control over information from cars, industrial machinery, medical devices and energy systems. Users can obtain this data, use it themselves or pass it on to a service provider of their choice.
For businesses, this signifies a shift in the source of competitive advantage. The manufacturer retains the advantages derived from its knowledge of the device and its relationship with the customer. However, access to telemetry alone is no longer sufficient to control the market for services surrounding the product.
Data from a machine no longer has to lead back to the manufacturer
The Data Act will have the greatest impact on the after-sales services market. A machine operator can use the data generated by the machine to order diagnostics, repairs, insurance or predictive maintenance from an independent supplier. This is important in sectors where the sale of a device marks the beginning of a long-term relationship.
Manufacturers of machinery, cars, medical equipment and automation systems generate revenue from monitoring, parts, servicing and software. Exclusive access to data has also allowed them to control the services surrounding the product. The Data Act restricts the blocking of competition solely on the grounds that an external provider does not receive the data needed for repairs or analysis.
The manufacturer will therefore have to explain why the customer should continue to buy its service. If the only argument is that competitors lack access to the data, the business model becomes vulnerable to pressure. If the advantage stems from better algorithms, faster service and more accurate recommendations, the Data Act may even strengthen it.
Regulation opens up data, but does not hand over all knowledge
The obligation to share data mainly covers raw and pre-processed data that is readily available to the manufacturer or operator. This may include information on temperature, pressure, speed, location or energy consumption. Advanced analytics, models, forecasts and inferred data remain outside the basic scope of the regulation.
This distinction is crucial for product strategies. Raw telemetry will become more readily available, but the ability to convert it into a failure prediction, a production recommendation or a risk assessment may still lie with the supplier. Value is therefore shifting from the data collection layer to the interpretation layer.
The strongest protection for profit margins will no longer be the technical locking of information, but the development of analyses and services that the customer will not receive with a simple data export. Companies that have so far focused on controlling interfaces will have to invest in software, industry expertise and customer support.
The cloud: an easier exit does not mean an easy migration
The Data Act also covers infrastructure, platform and software providers. Customers are to be able to terminate their contract, export their data and switch to another provider. From 12 January 2027, fees associated with switching providers, including data export fees, are to be abolished.
This undermines business models where a service was attractive on entry but costly to leave. However, it does not spell the end of lock-in. Exporting a database does not automatically replicate the processes, integrations, configurations and business logic operating within the existing application. In the case of SaaS and PaaS, the customer may receive data and interfaces, but not a copy of the entire service.
The Data Act will therefore reduce economic lock-in more quickly than technological lock-in. Simply abolishing fees will not help a company that has failed to document its integrations, does not control its own data, or has made key processes dependent on a single provider’s functions.
IT procurement departments should also assess the quality of the output. The export format, API availability, migration time and the method of data deletion upon contract termination must be analysed before selecting a system.
Contracts will become part of the data architecture
Companies should review their sales, leasing, maintenance, subscription and cloud service contracts. Data definitions, the purposes for which data is used, rules for sharing data with partners and mechanisms for terminating cooperation are becoming crucial.
The contract must reflect what data is generated, where it is stored, how it can be exported, and which elements actually constitute trade secrets. Merely invoking trade secrets should not automatically block access. A supplier may require safeguards, but must demonstrate a genuine risk of serious harm.
For businesses, this means separating the telemetry to which the user is entitled from personal data, technical information and analyses constituting intellectual property. Without such a distinction, it will be difficult to fulfil obligations whilst also protecting the company’s know-how.
It is not the largest players who will lose out, but the most insular ones
The Data Act will not automatically level the playing field between a small integrator and a global manufacturer. Large providers still have capital, brand recognition, scale and well-developed ecosystems. However, the regulation strips them of some of the advantage derived solely from controlling access.
The companies most at risk are those whose service revenues depend on exclusive access to device data, as well as cloud and SaaS providers whose customer retention relies on the costs of migration. Independent service providers, integrators, analytics firms and providers of API and data exchange management tools stand to gain.
Access to data alone does not create value. What is needed is industry expertise, infrastructure, customer trust and the ability to translate telemetry into results: lower costs, less downtime, better energy efficiency or faster repairs.
