Let's see how we can help you!
Leave a message and our dedicated advisor will contact you.
Send us a message
0/10000
EU Introduces the Data Act. The End of the "Digital Prison" for IoT Devices
Published: 00:00 09/15/2025
Regulacje
Your Data, Your Business – Now Also in Your Fridge
As of September 12, 2025, the provisions of the Data Act have come into force in the European Union. This is another major regulation, following GDPR, aimed at organizing the digital world. This time, the focus is on data generated by smart devices, also known as the Internet of Things (IoT).
In short: if, until now, the manufacturer of your smart coffee machine knew more about you than your family and kept that data under lock and key, that has just ended.
What Does the Data Act Change?
The regulation introduces several key changes intended to strengthen the position of consumers and businesses:
- Access to IoT data: Users (both individuals and companies) will gain the right to access data generated by their own devices. Moreover, they will be able to easily share this data with third parties – for example, an independent repair service that can diagnose a fault in a smart washing machine without being tied to the manufacturer.
- Easier switching of cloud providers: The Act aims to curb the practice of "vendor lock-in" that ties customers to a single cloud service. Providers will have to facilitate the process of migrating data to a competitor and, eventually (from 2027), abolish fees for this process. The end of the digital prison!
- Access for the public sector: In exceptional situations, such as natural disasters or catastrophes, public authorities will be able to request access to data from the private sector to respond more effectively to a crisis.
An Opportunity or a Hassle?
For users, this is great news – more control, more competition, and potentially lower service prices. For IoT device manufacturers and cloud providers, it's a significant challenge. They have time to adapt their products and services (the new rules will fully apply to devices placed on the market after September 12, 2026).
One thing is certain – the European Union is continuing its march towards building a digital market where the user, not the tech giant, holds the cards. Time will tell if this revolution succeeds.
Source: gov.pl
About the Author
Aleksander Zębrowski
Chief Technology Officer at SecurHub.pl
PhD candidate in neuroscience. Psychologist and IT expert specializing in cybersecurity.
Related Articles
![NIS2 2025: Avoid Fines Up to €10M [Complete Implementation Guide]](/_next/image?url=https%3A%2F%2Fimages.unsplash.com%2Fphoto-1608817576203-3c27ed168bd2&w=3840&q=75)
Regulacje
NIS2 2025: Avoid Fines Up to €10M [Complete Implementation Guide]
⚠️ October 18, 2024 - NIS2 implementation deadline passed. If your company is not compliant, you risk fines up to €10 million. Check obligations, critical deadlines, and step-by-step implementation plan. [2025]
11.10.2025
18 min
Regulacje
CJEU on Data Pseudonymization: A Key GDPR Ruling
The Court of Justice of the EU has ruled that pseudonymized data remains personal data if the possibility of re-identification exists.
14.09.2025
2 min
![ISO 27001 Certification: How to Achieve in 6-12 Months [Process + Costs 2025]](/_next/image?url=https%3A%2F%2Fimages.unsplash.com%2Fphoto-1502101872923-d48509bff386&w=3840&q=75)
Regulacje
ISO 27001 Certification: How to Achieve in 6-12 Months [Process + Costs 2025]
ISO 27001 certificate is your ticket to tenders and client trust. Learn the step-by-step certification process, real costs (€10-50k), and 8 key controls you must implement. Guide for companies in Poland.
11.10.2025
13 min
Comments
Loading comments...