---
url: https://eurocomply.app/regulations/data-act
canonical: https://eurocomply.app/regulations/data-act
title: Regulation (EU) 2023/2854 of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) — EuroComply
shortName: Data Act
alternateNames: [EU Data Act]
regulationNumber: (EU) 2023/2854
celex: 32023R2854
instrumentType: regulation
status: phased
inForceDate: 2024-01-11
applicationDate: 2025-09-12
extraterritorialReach: true
sourceUrl: https://eur-lex.europa.eu/eli/reg/2023/2854/oj
officialJournalRef: OJ L, 22.12.2023
lastReviewed: 2026-05-12
author: EuroComply Team
license: CC-BY-4.0
---

# Regulation (EU) 2023/2854 of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)

The Data Act (Regulation (EU) 2023/2854) is the EU's horizontal law on access to and use of data. It gives users of connected products and related services the right to access the data they generate, regulates business-to-business and business-to-government data sharing, and imposes cloud-switching rules to reduce vendor lock-in.

## Who does Data Act apply to?

The Data Act applies to manufacturers and providers of connected products and related services made available in the EU, to data holders providing data to recipients in the EU, to data processing service providers (cloud and edge) serving EU customers, and to public-sector bodies of EU member states.

- Manufacturers of connected products placed on the EU market and providers of related services
- Data holders required to make data available to users or third parties
- Recipients of data made available under the Act
- Providers of data processing services (cloud/edge) offering services in the EU
- Public-sector bodies requesting data in cases of exceptional need

*Source: Data Act Article 1 (Subject matter and scope).*

## What are the penalties for Data Act non-compliance?

Member states set penalties for breaches of the Data Act, including periodic penalty payments. For breaches of the personal-data provisions, the GDPR penalty regime applies in parallel.

**Maximum fine:** Where personal data is involved: GDPR Article 83 rates apply (€20M / 4%). Other breaches: set by member states.

*Source: Data Act Article 40 (Penalties).*

**Tier detail:**

- Personal-data provisions (parallel GDPR application): €20M or 4% of global turnover (max) — Article 40(3) referencing GDPR Article 83
- Non-personal-data provisions: national law (set by national law) — Article 40

## When does Data Act apply?

The Data Act entered into force on 11 January 2024. Most provisions apply from 12 September 2025. The cloud-switching pricing rules phase in: pre-existing 'switching charges' must be removed by 12 January 2027.

*Source: Data Act Article 50 (Entry into force and application).*

**Key dates:**

- 2024-01-11 — Entry into force (Article 50)
- 2025-09-12 — Most provisions apply (Article 50)
- 2027-01-12 — Cloud switching charges (over and above costs incurred) must be removed (Article 29)

## Key statistic

**12 January 2027** — Date by which providers of data processing services must remove all 'switching charges' (charges over and above costs incurred) that obstruct EU customers from moving to another provider.

*Source: Regulation (EU) 2023/2854, Article 29 and Article 50.*

## Supervising authorities

- Member-state designated competent authorities *(member-state)*
- National Data Protection Authorities (for personal-data overlap) *(member-state)*

## Sector applicability

- all sectors with connected products (consumer IoT, industrial, automotive, healthcare devices, smart-home)
- all data processing service providers (IaaS/PaaS/SaaS)

## Primary articles

- **subjectMatter:** Article 1
- **designForAccess:** Article 3
- **onRequestAccess:** Article 4
- **thirdPartySharing:** Article 5
- **frandTerms:** Article 8
- **b2gAccess:** Article 14
- **cloudSwitching:** Article 25
- **switchingCharges:** Article 29
- **technicalSwitchingDuties:** Article 30
- **thirdCountryAccess:** Article 32
- **penalties:** Article 40
- **entryIntoForce:** Article 50

## Related EuroComply resources

- Hub: [/regulations/data-act](https://eurocomply.app/regulations/data-act)
- Penalties: [/regulations/data-act/penalties](https://eurocomply.app/regulations/data-act/penalties)
- Timeline: [/regulations/data-act/timeline](https://eurocomply.app/regulations/data-act/timeline)
- SME guide: [/regulations/data-act/persona/connected-product](https://eurocomply.app/regulations/data-act/persona/connected-product)
- Decision trees: [/decide/data-act/in-scope](https://eurocomply.app/decide/data-act/in-scope)

## Source

Authoritative text: [(EU) 2023/2854 — EUR-Lex](https://eur-lex.europa.eu/eli/reg/2023/2854/oj) (OJ L, 22.12.2023).

---

Informational only. Not legal advice — consult qualified legal counsel for your specific situation.

Last reviewed: 2026-05-12 by the EuroComply Team. License: CC-BY-4.0.