The EU Data Act: What’s Actually Changing and What Connected Products Manufacturers Can Do Right Now

Connected products generate a lot of operational data: performance metrics, usage hours, energy consumption, error codes, sensor readings, and more.

Yet, according to the European Commission, around 80% of industrial data in Europe goes unused. In other words, most manufacturers are sitting on the value they haven’t figured out how to extract or haven’t had a reason to share.

The EU Data Act 2025 changes the rules. Customers gain the right to access the data their devices generate and, if they want, share it with third-party service providers.

For manufacturers, this means moving from owning product data to enabling its use. That’s not just a legal tweak, but a fundamental shift in how digital products, services, and relationships are built.

The act entered into force on September 12. Earlier this year, several of the region’s largest industrial names (SAP, Siemens, Schneider Electric, and the industry association Digital Europe) asked Brussels to delay implementation. The Commission refused.

Its position is clear: the EU expects the Data Act to add roughly €273 billion to GDP by 2028 through new service models, shared analytics, and cross-manufacturer data value chains.

Why the EU Data Act Matters for Connected Manufacturers

The penalties vary by country, but the direction is already clear. The Netherlands has set fines of up to €1,030,000 or 10% of EU-wide turnover for industrial-data violations. If any dataset touches personal information, even indirectly, the GDPR tier kicks in: €20 million or 4% of global turnover, whichever is higher.

Beyond fines, non-compliance risks are often more immediate: stalled tenders, blocked renewals, and contract challenges when customers demand data access you can’t yet provide.

To date, most of the EU countries are just setting up national enforcement rules:

• 2 countries (Netherlands, Malta) have already fully completed national setups.
• 6 countries (DE, SE, FI, AT, DK, BE) are still appointing authorities or drafting secondary legislation.
• Others, especially in Southern Europe, are slower with the process. Some states do not yet have draft bills tabled.

No fines, inspections, or audits are happening yet. And realistically, no inspections or fines will hit before mid-2026 in many jurisdictions.

That gap gives manufacturers a short but valuable window. Not to ignore the change, but to prepare for it on their own terms.

There is no single right answer. The key is understanding what changes and defining the path that fits your business strategy best.

What the EU Data Act really changes

The EU Data Act applies to anyone who designs, manufactures, or provides digital services for connected physical products: from industrial equipment and HVAC systems, to building automation and embedded solutions.

Its core rule is simple: data generated by a product should be accessible and reusable by the people who use it, not only the company that built it.

It introduces three main obligations every OEM and service provider needs to understand:

1. Access for users
   Customers who own or operate connected equipment must be able to access the operational data generated by that equipment. This includes telemetry, usage, and performance metrics. The data must be made available in a structured, machine-readable format. Not as a one-time export, but through consistent, repeatable access.
2. Sharing with third parties
   If a customer decides to share their data with an external service provider (e.g., an independent maintenance or analytics firm), the manufacturer must enable that transfer through standardized data access APIs or interfaces, not manual data dumps or proprietary portals.
3. Cloud and platform portability
   If data or apps sit on a cloud platform, customers should be able to move them elsewhere without excessive barriers or costs.

For manufacturers, these requirements demand engineering readiness: authentication layers, audit trails, and data governance workflows that guarantee security, transparency, and consistency.

For most manufacturers, the EU Data Act introduces both constraint and opportunity.

On one side, it adds a new layer of regulatory compliance that demands new processes, ownership clarity, and close coordination between engineering and legal teams.

On the other, it opens a new strategic landscape.

Once every connected product must be interoperable, the idea of an isolated “installed base” starts to fade. If customers choose to share data, service providers can work across multiple brands. That creates room for faster, more adaptable players to gain ground.

Companies that evolve their architectures and service models early will shape customer relationships and capture recurring revenue opportunities. Manufacturers that remain product-focused can still thrive, but their success will increasingly depend on how well those products connect, share data, and integrate into broader digital ecosystems.

How Manufacturers Are Responding

Response to this change often depends on where the company stands in its servitization journey  and its level of risk appetite. Based on this, we see three different strategies.

1. Wait and adjust

“Wait and see” feels natural when adoption is slow, and local enforcement rules aren’t settled. Most teams tell themselves they’re waiting for clarity, and on the surface, that sounds reasonable.

But in practice, it’s usually not the regulatory uncertainty that drives hesitation, but the complexity everyone knows is sitting under the hood. Fragmented telemetry, inconsistent identifiers, old controllers no one wants to touch. When the plumbing is messy, the instinct is to leave it alone until someone forces the issue. It’s very human. And very risky at the same time.

The real problem is simple: until you do the groundwork, you have no idea whether your compliance gap is a two-week fix or a nine-month project. The small items, like adding an export function or patching an API, can be slotted in quickly. Anything deeper, such as reorganizing telemetry flows, aligning device ownership records, or redesigning authentication, rarely moves fast.

By the time national enforcement kicks in, the window for real fixes may be too short. If you discover late that older products can’t surface required data or that your logs can’t track access, you’ll be rushing under pressure with little room for good engineering decisions.

Useful early checks include:

• Mapping where operational data sits across firmware, controllers, brokers, and cloud;
• Verifying whether device IDs actually link to customers;
• Checking if your logs can track and audit data-access events;
• Identifying which product generations can (and cannot) expose data;
• Reviewing contracts for conflicts with access rights;
• Estimating how long each fix would truly take.

If the fixes are small and well understood, waiting can be a perfectly valid strategy. If they aren’t, “wait and adjust” becomes a gamble. And the cost of catching up later is almost always higher than tackling the basics early.

2. Prepare to share

For manufacturers that already collect and use operational data, making it shareable in a controlled way sounds like the most logical strategy. This is where compliance turns into capability and where readiness becomes a marker of supplier maturity.

Companies in this position typically have connected products, telemetry pipelines, or customer portals in place. What they need next is structure: consistent access rules, standardized data formats, and clear procedures for validating user and third-party requests.

For those preparing to share, it makes sense to focus on five essentials:

• Define the minimal shareable dataset. Usually, this covers telemetry, usage, and performance metrics – not internal analytics or derivative data.
• Expose a structured access interface. Provide data through a consistent export format or API.
• Verify identity and consent. Ensure customers are correctly authenticated before data sharing.
• Log every access event. Maintain audit trails to demonstrate compliance.
• Update contracts. Reflect new access rights and responsibilities in partner and customer agreements.

These are the minimum steps required to meet the regulation’s intent. They do not demand a full rebuild, but they require coordination between engineering, legal, and IT.

If you want to go further, a few additional actions can create long-term advantage.

• Standardize data models across product lines to simplify scaling.
• Run small-scale pilots with selected customers or partners to validate workflows.
• Communicate readiness Even a short statement or FAQ demonstrates transparency.

Manufacturers following this path are not reinventing their business model yet, but are showing that their systems and organization are built to cooperate.

3. Act early and expand

Getting ready to share is the baseline. Acting early is what creates an edge. Some manufacturers are already using the same architectural work required for compliance as the foundation for new services.

Large industrial groups such as Siemens, Schneider Electric, and Bosch are already extending open data interfaces and testing shared models for cross-brand collaboration. Their strategic direction is clear, but scale makes execution slower.

For mid-sized manufacturers, this is an opening. With shorter decision cycles and closer customer relationships, they can adapt faster and position themselves as integration-ready partners. They can be the first to offer multi-brand monitoring, predictive diagnostics, or performance benchmarking – the services that appeal to customers managing diverse fleets.

Acting early here does not mean building everything at once. It means using the compliance investments, such as developing APIs, organizing telemetry, or defining access layers, to create additional value.

If you can already use your own device data to deliver insights, maintenance recommendations, or performance benchmarking, you are halfway there. The same capabilities can be extended to include data from other vendors’ products, allowing you to deliver broader services across mixed fleets and deepen customer relationships.

That shift opens new ways to compete:

• Offer multi-brand services such as monitoring, optimization, or analytics that work across competitors’ equipment.
• Build data-driven add-ons like condition insights, benchmarking, or predictive diagnostics that customers can use on mixed setups.
• Explore new commercial models such as subscription optimization, usage-based tiers, or data partnerships with service providers.
• Strengthen customer lock-in through openness by becoming the first in your segment to offer interoperability for customers managing diverse fleets.

This approach demands more time and focus, but it creates a significant competitive advantage. Customers increasingly choose partners who make data access simple and integration painless. The companies that design for openness now will integrate faster, win more renewals, and stay embedded in their customers’ systems longer.

Finding the Path That Fits Your Business

There’s no universal roadmap.

Each manufacturer’s path depends on system complexity, data maturity, and leadership priorities. The table below outlines how each strategy typically fits different levels of readiness and ambition.

Regardless of where you start, the path forward is set. Every connected manufacturer will need to make data accessible, secure, and portable. The difference lies in timing and intent: whether you act only to comply or to compete in a more open market.

How Sigma Software Can Help

Adapting to the Data Act isn’t a one-size-fits-all process.

Every manufacturer moves at a different pace depending on product portfolio, data maturity, and internal capacity. The goal is to make that journey structured, efficient, and aligned with business priorities.

For companies choosing to wait and adjust, Sigma Software helps assess readiness and uncover architectural or process gaps that could block compliance later. Even a short diagnostic can reveal where preparation will save time and cost once enforcement begins.

For those preparing to share data, Sigma Software supports the technical groundwork: designing access layers, defining APIs, establishing identity, and logging workflows.

And for manufacturers ready to act and expand, Sigma Software experts help design the systems and interoperability frameworks that turn compliance into competitive advantage: from data architecture and integration design to service enablement around shared data.

Whether your next step is planning, building, or scaling, our goal is the same: helping you move from obligation to opportunity, at a pace and scope that fit your business. And we’re here whenever you are ready to explore what the right path might look like for you.

• #Regulatory Compliance