1. Home
  2. Insights
  3. Blog
  4. The Data Act: Europe’s New Data Game
On 2025-10-30
by Franck Lepecq, Technical Leader @ Airbus Protect
Cybersecurity

The Data Act: Europe’s New Data Game

Data Act: what changes in Europe?
Summary

Did you know that Europe is changing the rules of the data game?

The Data Act ,(entered into force on 11 January 2024 and into application on 12 September 2025), is a major new regulation designed to make the European data economy more competitive. But what exactly is it, and how does it differ from other data privacy laws you might have heard of, like GDPR? 

What is the Data Act?

Think of the Data Act as a way to unlock non-personal data from devices and cloud services. Unlike GDPR, which focuses on protecting personal data, the Data Act is all about giving control of non-personal data back to the people and businesses that generate it.

The goal is to redistribute data power, as data is considered “the new oil”. The regulation aims to address a few key questions:

  • Who actually controls the data from your connected products?
  • Why is it so hard to switch between different cloud providers?
  • How can small and medium-sized enterprises (SMEs) innovate if they can’t access data?

The Four Pillars of the Data Act

The Data Act is built on four main principles, or “pillars,” that will change how data is handled:

  1. IoT Data: Consumers and businesses will gain the right to access data generated by their connected products.
  2. B2B Data Sharing: It will introduce fair contract clauses to make it easier for businesses to share data with one another.
  3. B2G Data Sharing: Public authorities will be able to access data in cases of a public emergency.
  4. Cloud Portability: The act will make it simpler to switch between different data processing service providers, like cloud services.

 

Cybersecurity: Threats and Opportunities

While the Data Act promises a more open data market, it also brings new cybersecurity challenges. The “opening of the floodgates” for data sharing creates new risks that need to be managed.

Some of the key threats include:

  • Expanded Attack Surface: More data connections mean more potential vulnerabilities for hackers to exploit, so data-sharing APIs will need to be audited.
  • Data Leak Risks: With more data being shared, companies need to ensure that this information doesn’t fall into the wrong hands.
  • Non-Compliant Contracts: Data-sharing agreements will need new security clauses to comply with the Data Act.

 

Airbus Protect is uniquely positioned to help businesses navigate these new challenges. Our cybersecurity experts can provide comprehensive support, from auditing data-sharing APIs and establishing robust data protection measures to drafting compliant security clauses for your data agreements. Partner with us to turn the Data Act’s cybersecurity threats into opportunities for enhanced security and market advantage.

The Future of Data

The Data Act is a “Regulatory Revolution” that will fundamentally change the data market in Europe. It’s a call to action for businesses to adapt their services, to create new applications and raise awareness among their customers about both the risks and the solutions.

 

Got questions about how this might affect your business or your connected devices? Contact us

  • Share

More on Cybersecurity

Demystifying CyberSecurity Frameworks Cybersecurity

Demystifying Security Frameworks: Cyber Essentials, ISO 27001, NIST, and Their Role in Architectural Design

For security architects, the challenge isn’t just building great systems; it’s building great secure systems. That journey often leads to a dense forest of security frameworks such as Cyber Essentials, ISO 27001, and NIST. Each promises a path to better security, but understanding their distinct roles and how they actually apply to architectural design can […]

Read more
Cyber Security Architecture Cybersecurity

Threat Modelling for Security Architects: Identifying and Mitigating Risks Before They Happen

As security architects, we’re responsible for laying the secure foundation for entire systems, encompassing software, hardware, networks, and critical processes. Our architectural decisions ripple throughout the system’s lifecycle, profoundly impacting not just performance, scalability, and maintainability, but, most importantly, the system’s inherent security. In today’s increasingly sophisticated digital landscape, building secure systems is no longer […]

Read more
Airbus Protect explains OT Security Cybersecurity

Diego Fernando Guerrero, cybersecurity expert, explains OT security

OT Security: Beyond compliance, a strategic imperative for critical infrastructure resilience In a world where our most critical infrastructures, from energy generation to the chemical industry, are increasingly connected, cybersecurity is no longer an option; it is an absolute necessity. Faced with threats that now target the physical world via digital means, OT security is [...]

Read more