Vitor Domingos
Lead Solution Architect — HDS Technology & Solutions Office
September 8, 2025
Why this matters now
The EU Data Act is not just another compliance hurdle. It standardises how businesses grant access to data generated by connected products and services, sets fair terms for sharing, safeguards trade secrets, and compels cloud portability. The regulation is in force and becomes applicable on 12 September 2025. Organisations that treat it as an opportunity can shorten partner onboarding, reduce dispute risk, and monetise lawful data access through a repeatable control plane rather than one-off projects.
What changes
- User access and sharing rights: Users of connected products must be able to access the data they generate and, in defined cases, direct holders to share it with third parties on fair, reasonable and non-discriminatory (FRAND) terms, with proportionate protection of trade secrets.
- Unfair terms guardrails: The Act introduces black – and grey – lists to curb unfair clauses in B2B data-sharing contracts when one party has a stronger bargaining position. New contracts must comply from 12 September 2025; certain long-term or indefinite contracts are captured from 12 September 2027.
- Cloud and edge switching: Providers must enable switching between data-processing services and phase out switching charges. Only direct-cost based charges are permitted until 12 January 2027; after that, switching must be free of such fees.
- Commission support: The Commission will recommend model contractual terms for FRAND data access and non-binding standard clauses for cloud contracts to ease adoption.
Key dates organisations should track
| Milestone | Date | What it means |
|---|---|---|
| Regulation entered into force | 11 January 2024 | Legal clock started. Planning should be complete. |
| Regulation becomes applicable | 12 September 2025 | Most obligations begin to bite |
| New product cohort | 12 September 2026 | Duties for connected products/services placed on the market after this date |
| Unfair terms – new contracts | 12 September 2025 | Black/grey-list rules apply to new B2B contracts. |
| Unfair terms – certain existing contracts | 12 September 2027 | Applies to indefinite or long-term contracts as defined in the Act. |
| Switching fee phase-out complete | 12 January 2027 | No switching charges beyond that date. |
HDS PoV: build a reusable Data Act control plane
Read the full HDS Point of View here.
We recommend treating the EU Data Act as an operating model upgrade. By building lawful, auditable access to in-scope data, setting FRAND terms organisations can defend, and make cloud/edge switching an easy routine. This will unlock faster partner onboarding, fewer disputes, and new data products. It’s a brand new world!
So, what changes operationally?
Organisations need to redesign interfaces for access and audit, reframe commercial terms under FRAND with transparent cost structures, and embed portability and switching in their cloud and edge environments. HDs PoV maps these obligations to concrete actions for CxOs, CTO/CIO, CDO/Product, Legal/Privacy, Security and Procurement, so functions know what to implement and where HDS can help.
Key tips for a 90-day foundation:
- Catalogue “readily available” datasets and minimum metadata by product line.
- Stand up an access gateway MVP with authentication, purpose checks, rate limiting, machine-readable exports and evidence-grade logging.
- Write FRAND baselines with non-discrimination tests and trade-secret safeguards.
- Prepare switching runbooks covering export formats, IAM mapping and a time-bound migration rehearsal.
How Hitachi Digital Services can help
We help organisations transform their data ecosystems while unlocking opportunities for innovation, efficiency, and growth. Our PoV approach combines strategic advisory, technical integration, and operational execution, ensuring that compliance is embedded into the enterprise control plane and that every investment strengthens competitiveness, particularly with:
- Strategy and roadmaps: readiness assessments, sequencing, and business-model innovation aligned to the Act.
- Platforms and integration: interoperable data platforms, secure APIs with purpose-binding, and governed exchange across partners.
- IoT and edge: connected-product platforms, edge architectures and telemetry solutions that respect portability and sharing policies.
- Analytics and GenAI: predictive analytics and decision support to turn lawful access into operational outcomes.
- Security and governance: encryption, secure enclaves, tamper-evident audit, ownership models and continuous compliance.
The EU Data Act sets a new baseline for data transparency, interoperability, and lawful sharing. Organisations that address it narrowly as a compliance obligation will meet the letter of the law, but they will miss its strategic potential. Those that embed its principles into their operating model will unlock the real prize: a trusted, governed data ecosystem ready to fuel the next generation of autonomous, AI-driven services.
At Hitachi Digital Services, we see the EU Data Act not as a constraint but as an accelerator – one that, when paired with Agentic AI, redefines the boundaries of efficiency, innovation, and value creation. The organisations that act now will set the standards others will be forced to follow.
Agentic AI is the natural progression. Once data is discoverable, portable, and governed under FRAND principles, AI agents can securely and autonomously reason, plan, and act – executing complex workflows across systems and partners without human micromanagement, yet within defined legal and commercial guardrails.
Download the full HDS PoV for complete context and scope; rights and duties; what it means in depth for organisations with a role-by-role action table; impact analysis and our practical recommendations, with an Automotive GenAI/TimeSeries application experience.