1. Home
  2. Insights
  3. Blog
  4. The Data Act: Europe’s New Data Game
On 2025-10-30
by Franck Lepecq, Technical Leader @ Airbus Protect
Cybersecurity

The Data Act: Europe’s New Data Game

Data Act: what changes in Europe?
Summary

Did you know that Europe is changing the rules of the data game?

The Data Act ,(entered into force on 11 January 2024 and into application on 12 September 2025), is a major new regulation designed to make the European data economy more competitive. But what exactly is it, and how does it differ from other data privacy laws you might have heard of, like GDPR? 

What is the Data Act?

Think of the Data Act as a way to unlock non-personal data from devices and cloud services. Unlike GDPR, which focuses on protecting personal data, the Data Act is all about giving control of non-personal data back to the people and businesses that generate it.

The goal is to redistribute data power, as data is considered “the new oil”. The regulation aims to address a few key questions:

  • Who actually controls the data from your connected products?
  • Why is it so hard to switch between different cloud providers?
  • How can small and medium-sized enterprises (SMEs) innovate if they can’t access data?

The Four Pillars of the Data Act

The Data Act is built on four main principles, or “pillars,” that will change how data is handled:

  1. IoT Data: Consumers and businesses will gain the right to access data generated by their connected products.
  2. B2B Data Sharing: It will introduce fair contract clauses to make it easier for businesses to share data with one another.
  3. B2G Data Sharing: Public authorities will be able to access data in cases of a public emergency.
  4. Cloud Portability: The act will make it simpler to switch between different data processing service providers, like cloud services.

 

Cybersecurity: Threats and Opportunities

While the Data Act promises a more open data market, it also brings new cybersecurity challenges. The “opening of the floodgates” for data sharing creates new risks that need to be managed.

Some of the key threats include:

  • Expanded Attack Surface: More data connections mean more potential vulnerabilities for hackers to exploit, so data-sharing APIs will need to be audited.
  • Data Leak Risks: With more data being shared, companies need to ensure that this information doesn’t fall into the wrong hands.
  • Non-Compliant Contracts: Data-sharing agreements will need new security clauses to comply with the Data Act.

 

Airbus Protect is uniquely positioned to help businesses navigate these new challenges. Our cybersecurity experts can provide comprehensive support, from auditing data-sharing APIs and establishing robust data protection measures to drafting compliant security clauses for your data agreements. Partner with us to turn the Data Act’s cybersecurity threats into opportunities for enhanced security and market advantage.

The Future of Data

The Data Act is a “Regulatory Revolution” that will fundamentally change the data market in Europe. It’s a call to action for businesses to adapt their services, to create new applications and raise awareness among their customers about both the risks and the solutions.

 

Got questions about how this might affect your business or your connected devices? Contact us

  • Share

More on Cybersecurity

Cyber Security Architecture Cybersecurity

Threat Modelling for Security Architects: Identifying and Mitigating Risks Before They Happen

As security architects, we’re responsible for laying the secure foundation for entire systems, encompassing software, hardware, networks, and critical processes. Our architectural decisions ripple throughout the system’s lifecycle, profoundly impacting not just performance, scalability, and maintainability, but, most importantly, the system’s inherent security. In today’s increasingly sophisticated digital landscape, building secure systems is no longer […]

Read more
Airbus Protect explains OT Security Cybersecurity

Diego Fernando Guerrero, cybersecurity expert, explains OT security

OT Security: Beyond compliance, a strategic imperative for critical infrastructure resilience In a world where our most critical infrastructures, from energy generation to the chemical industry, are increasingly connected, cybersecurity is no longer an option; it is an absolute necessity. Faced with threats that now target the physical world via digital means, OT security is [...]

Read more
Security Architecture part 1: budget Cybersecurity

Budgeting for Security Architecture: Making the Business Case for Investment

In today’s digital-first world, cybersecurity isn’t just an IT cost; it’s a fundamental business enabler and a critical component of risk management. Yet, ask any security architect and they’ll likely tell you that securing adequate budget for robust security architecture initiatives remains a persistent challenge. How do you move beyond simply asking for more money […]

Read more