Quick navigation
English Deutsch

The Data Act

The Data Act (regulation on fair access and use of data) harmonizes the rules for access to and use of (primarily non-personal) data in the European Economic Area (EEA).

In particular, it contains data access and data usage rights in connection with networked products (so-called Internet-of-Things) or connected services. This is intended to increase data availability, make data more easily accessible and usable and thus promote data-driven innovation.

It applies

  •  to manufacturers of connected products and providers of connected services if they are placed on the market in the EEA (regardless of where the manufacturer/provider is based)
  • to the users of such connected products or connected services;
  • for data controllers who provide data to data recipients in the EEA;
  • data recipients in the EEA when they receive such data;
  • to national and European public sector bodies when they request data from data holders under certain conditions;
  • providers of data processing services; and
  • for participants in data rooms and providers of applications that use smart contracts.

The Data Act defines a connected product as devices that communicate with each other via the internet or other networks and collect, send or receive data; such as smart home devices, connected cars such as electric vehicles, smartwatches, smart farming devices in agriculture such as soil sensors or connected tractors, industrial machines or robots in production, trackable containers or pallets with sensors, intelligent street lights, digital price tags or electronic door locks.

A connected service refers to a service that interacts with or complements connected devices and systems. Such services collect, process or use data generated by connected products/devices to provide added value to users.

Key points of the Data Act are:

1. Access to data

The transfer of data from companies to consumers and between companies (B2B) is to be regulated, in particular to ensure that users of networked devices and services have access to the data they generate. This means that in future, companies will not only be allowed to keep data for themselves, but must also make it available to users. For example: Anyone using a health monitoring device or industrial machinery will have access to the data generated and can use it for their own purposes (e.g. adjusting dietary habits or maintenance predictions).

Access to data for micro and small enterprises is also intended to strengthen the data economy as a whole in order to promote innovation and enable new business models.

However, the Data Act still contains safeguard clauses that protect sensitive information such as trade secrets, even if data is shared.

2. Fair conditions for the exchange of data

The Data Act stipulates that conditions for data sharing between data holders and data recipients must be fair, reasonable and non-discriminatory. While reasonable compensation may be charged for the transfer of data, microenterprises, SMEs and non-profit research organizations may not be charged more than the cost of providing the data. This serves to protect smaller companies, as they often do not have equal access to such data.

3. Avoidance of unfair contract terms

The Data Act is directed against unfair contractual terms, in particular unilaterally imposed “take-it-or-leave-it” terms, which generally disadvantage smaller companies, are to be regarded as unfair and prohibited. For example, if a company exploits its market power and prohibits its contractual partner from using the data generated by an IoT device or obliges it to use the data obtained exclusively for products or services of the company as data provider.

4. Data exchange between companies and authorities

In exceptional and emergency situations, such as natural disasters, authorities should be given access to private data or data from companies. For example, authorities could use real-time data from weather stations or water level gauges from private companies to plan evacuations in the event of flooding. Financial compensation is planned. Companies can be obliged to transmit data. Micro and small companies only have to transmit data in certain cases. In general, companies are entitled to financial compensation for providing the data.

5. Interoperability and data portability

The Data Act also promotes smooth switching between data processing services. For example, transparency obligations for cloud contracts and open interfaces are prescribed. From January 12, 2027, the charging of switching fees will also be completely prohibited. Harmonized standards (standardized data formats) and open interoperability specifications (APIs) will also be prescribed.

Effects on Liechtenstein

The Data Act is relevant for Liechtenstein due to its EEA membership. Accordingly, companies in Liechtenstein are generally obliged to transfer data following the adoption of the act in the EEA and are also granted access rights. The exchange of data is intended to promote the economy and enable more effective processes.

Various positive effects are to be expected. In particular, the improved availability of external data is expected to increase efficiency and reduce costs for companies, as supply chains can be improved, market analyses can be carried out more precisely and production processes can be optimized. Positive effects are also expected in the area of sustainability, as resources can be used more effectively, e.g. by reducing waste or lowering energy consumption, or in terms of the circular economy, products can be kept in circulation for longer, repairs can be made easier or recycling processes can be improved. Private individuals will also gain more control over their data or data generated by their IoT devices, including by being able to switch between data or cloud providers more easily.

The Data Act will generally apply from September 12, 2025. The obligations in connection with connected products and related services with regard to data access will apply one year later from September 12, 2026. The provisions on unfair contract terms will apply from September 12, 2027. Irrespective of the EEA adoption, the provisions of the Data Act are mandatory for companies from Liechtenstein that market their products in the EU (“market place principle”).

The SFID will be happy to answer any questions you may have at any time.

Click here for the “Regulation text and status EEA adoption” 

Link Website: https://www.llv.li/en/national-administration/office-for-financial-market-innovation-and-digitalisation/digitalisation/data-act