EuroComply
Konto erstellen
Fine exposure

How much can my company be fined under Data Act?

Data Act carries penalties of up to Per member state (effective, proportionate, dissuasive). This page breaks down every fine tier by article, explains who is at risk, and shows live enforcement examples.

Maximum fine

Per member state (effective, proportionate, dissuasive)

Source: Regulation (EU) 2023/2854

How Data Act penalties work

The EU Data Act delegates penalty amounts to Member States, requiring them to be 'effective, proportionate and dissuasive' (Article 40). For making data available to public sector bodies (B2G), the cap is lower: €1M or 0.1% of global turnover. The Regulation provides guidance on aggravating and mitigating factors but does not set EU-wide fine amounts.

Fine tiers by article

Art. 40(2)

Data access rights violations (B2C and B2B), unfair contract terms, cloud switching obstacles

Up to €10,000,000

or 2% of global turnover

Applies to:

  • Connected product manufacturers failing to provide users access to generated data
  • Refusal to enable data portability or cloud switching
  • Imposing unfair data-sharing contract terms (Art. 13)
  • Failure to remove egress fees for cloud switching
EUR-Lex — Art. 40(2)
Art. 40(3)

B2G obligations — failure to make data available to public bodies in exceptional need

€1,000,000

or 0.1% of global turnover

Applies to:

  • Refusing a validated public sector data request in a declared public emergency
  • Providing incomplete or misleading data to public sector bodies
EUR-Lex — Art. 40(3)

Stacked exposure with other EU regulations

Data Act fines are set at national level but subject to EU coordination. Where a Data Act violation involves personal data, it may also engage GDPR penalties under Article 83. Trade secret violations in data sharing disputes may additionally attract civil liability.

Calculate your stacked fine exposure →

Frequently asked questions

What is the maximum EU Data Act fine?

The EU Data Act requires Member States to set penalties that are effective, proportionate, and dissuasive. Member States must set maximum fines of at least €10M or 2% of global annual turnover for most violations, and €1M or 0.1% for B2G data-sharing violations.

When did EU Data Act penalties start applying?

Most substantive Data Act provisions, including data access rights and B2B/B2G obligations, applied from 12 September 2025. Cloud switching and interoperability requirements apply from 12 September 2027.

What is your stacked fine exposure across all EU regulations?

Calculate your combined risk across Data Act, GDPR, NIS2, AI Act, DORA, and more — free, no signup.

Open fine risk calculator — free
Data Act compliance guide

For informational purposes only. This is not legal advice — consult qualified legal counsel for advice specific to your situation.

Last updated: