1. Home
  2. Insights
  3. Blog
  4. The Data Act: Europe’s New Data Game
On 2025-10-30
by Franck Lepecq, Technical Leader @ Airbus Protect
Cybersecurity

The Data Act: Europe’s New Data Game

Data Act: what changes in Europe?
Summary

Did you know that Europe is changing the rules of the data game?

The Data Act ,(entered into force on 11 January 2024 and into application on 12 September 2025), is a major new regulation designed to make the European data economy more competitive. But what exactly is it, and how does it differ from other data privacy laws you might have heard of, like GDPR? 

What is the Data Act?

Think of the Data Act as a way to unlock non-personal data from devices and cloud services. Unlike GDPR, which focuses on protecting personal data, the Data Act is all about giving control of non-personal data back to the people and businesses that generate it.

The goal is to redistribute data power, as data is considered “the new oil”. The regulation aims to address a few key questions:

  • Who actually controls the data from your connected products?
  • Why is it so hard to switch between different cloud providers?
  • How can small and medium-sized enterprises (SMEs) innovate if they can’t access data?

The Four Pillars of the Data Act

The Data Act is built on four main principles, or “pillars,” that will change how data is handled:

  1. IoT Data: Consumers and businesses will gain the right to access data generated by their connected products.
  2. B2B Data Sharing: It will introduce fair contract clauses to make it easier for businesses to share data with one another.
  3. B2G Data Sharing: Public authorities will be able to access data in cases of a public emergency.
  4. Cloud Portability: The act will make it simpler to switch between different data processing service providers, like cloud services.

 

Cybersecurity: Threats and Opportunities

While the Data Act promises a more open data market, it also brings new cybersecurity challenges. The “opening of the floodgates” for data sharing creates new risks that need to be managed.

Some of the key threats include:

  • Expanded Attack Surface: More data connections mean more potential vulnerabilities for hackers to exploit, so data-sharing APIs will need to be audited.
  • Data Leak Risks: With more data being shared, companies need to ensure that this information doesn’t fall into the wrong hands.
  • Non-Compliant Contracts: Data-sharing agreements will need new security clauses to comply with the Data Act.

 

Airbus Protect is uniquely positioned to help businesses navigate these new challenges. Our cybersecurity experts can provide comprehensive support, from auditing data-sharing APIs and establishing robust data protection measures to drafting compliant security clauses for your data agreements. Partner with us to turn the Data Act’s cybersecurity threats into opportunities for enhanced security and market advantage.

The Future of Data

The Data Act is a “Regulatory Revolution” that will fundamentally change the data market in Europe. It’s a call to action for businesses to adapt their services, to create new applications and raise awareness among their customers about both the risks and the solutions.

 

Got questions about how this might affect your business or your connected devices? Contact us

  • Share