European Data Act: game changer or deal breaker for manufacturers?

The European Data Act changes access to industrial data, with wide ramifications for manufacturing and connected products. Here’s everything you need to know... 

Two men with tablet talking in factory shop floor
11 minutes to read

The European Data Act will unlock a wealth of industrial data, putting it in the hands of users. This has huge ramifications for organisations that manufacture connected products. But what exactly does this mean for the industrial sector? Let’s take a look.

The Data Act was designed to facilitate Europe’s data economy where individuals, organisations, and industries can share data to uncover new value. It aims to liberate industrial data generated by connected products and related services, improving data access and usage.  

A key component will be the new parameters around data access and ownership, with control being transferred from producers to users, who will acquire new rights over data generated by their devices, machinery. 

So what are the implications for the manufacturing sector – where users tend to be companies, rather than consumers? 

Connected products data: rights and obligations

For manufacturers, the EU Data Act brings some far-reaching changes. To explore these changes, we first need to look at the situation as it stands today. This means understanding the different roles, rights, and obligations when it comes to connected products data.

The three key roles to understand are the following: 

  • The manufacturer, who produces and sells the product 
  • The user, who uses the product 
  • The service provider, who provides services related to the product 

And here’s how the European Data Act describes the current state of these roles and their relationship to connected products data: 

  • The manufacturer of a connected product has, by design, sole access to data generated during product use. The manufacturer is therefore the data holder and can generate additional value from the data by, for example, using it to improve the product or offering additional digital services. 
  • In using the connected product, the user generates data, but does not have access to this data. 
  • Service providers, as third parties, have no access to user-generated data. If they want to offer users product-related services, they are still unable to access this data.

The graphic below shows what the world looks like without the Data Act. Manufacturers own the connected products data, while users and third parties have no access to the data.

Graphic: service provider and user on the left hand-side. User ist connected with connected product, which is connected with the cloud and the manufacturer/data holder

It’s important to note here that the data generated during a connected device’s use extends beyond usage data. Connected products data can include things like information about the device itself, or about its mode of operation. This data therefore has the potential to reveal intellectual property proprietary to the manufacturer. 

So how will the Data Act change this picture? Let’s take a look... 

How the Act will impact B2C connected products

Consider this scenario: a consumer has connected a smart washing machine to their WiFi and is generating usage data each time they do a wash. That data could cover everything from spin speed, to programme duration and wash temperature.   

As the data holder, the manufacturer is able to analyse this data and use it to offer the services, such as an optimised repair service, or tailored wash programme. Service providers, as third parties, do not have access to the usage data. This means they’re unable to offer data-led repair and maintenance services. 

At the same time, it’s possible that the data generated by the washing machine could be used to derive proprietary information about its control system. This may represent valuable intellectual property that the manufacturer is keen to protect.  

As a result, the manufacturer has zero interest in sharing the data with users – and much less third parties. As the data holder, the manufacturer is therefore the only entity able to generate additional value from the data. Users and third parties are shut out, limiting the potential of data, and preventing it from being reused for additional purposes. 

Applying the European Data Act to this simple model, you start to see a number of changes... 

The graphic below shows how it looks like with the Data Act in place. Users are fully entitled to access the data they generate from the use of their connected products.

Graphic: service provider and user on the left hand-side. User ist connected with connected product, which is connected with the cloud and the manufacturer/data holder

Users now have a legal entitlement to access the raw data they generate free of charge. If a user permits their data to be shared with third parties, service providers can now also become data recipients.  

Let’s consider another scenario where the EU Data Act is in force... 

A user wants to use a washing machine service from an independent third party – their local repair shop, for example. To do so, the user exercises their right to receive the data generated by the use of their washing machine. They receive this information from the data holder (the manufacturer) and share it with the data recipient (the service provider).  

Using this data, the service provider can now offer a repair service that’s comparable, or perhaps better or cheaper, than that offered by the manufacturer. 

For the manufacturer, this entails a risk: usage data might exit its sphere of influence. This could enable third parties to obtain information it wishes to keep private, such as information on the function of the control system. But the user and data recipient are able to generate value from the data. This enables much more versatile use of the data than is possible without the Data Act. 

The Data Act therefore effects a major shift in the balance of power from manufacturer to user. For consumer-facing businesses, this all seems pretty straightforward. Right now, users do not have access to the data they generate, and aren’t usually in a position to do anything about this. 

Once the European Data Act enters into force, however, they'll be able to use the data they generate for their own benefit. The manufacturer will still be the data holder and will also be able to benefit from the data. But, if the user permits, these benefits will also be available to third parties.  

The aim is to boost competition and foster innovative, data-driven after-sales services. On the flip side, manufacturers are exposed to the risk of disclosing their intellectual property. That’s because, once these data have exited the company’s control, it has to be assumed that they could also be used to its disadvantage. 

What the Data Act means for B2B connected devices

Another big question mark around the Data Act is whether the B2C perspective can be applied to the B2B sector.  

Our experience suggests that there will be a few key differences. In B2B scenarios, for example, the user is a business rather than a person. When two manufacturers do business together, they usually have individual contracts in place to regulate what data is shared – and for which purposes. The regulation covers the measures required to protect data, and who has access.  

So, what do these differences mean in practice? Let’s take a look at a B2B scenario... 

An equipment manufacturer offers condition-based monitoring for the machinery it manufactures. On top of this app-based service, the manufacturer also offers B2B customers access to their machinery data.  

A small manufacturer purchases a piece of machinery and decides to connect it up, enabling it to use the condition-based monitoring app. What's more, the company elects to take up the option of accessing its machinery data, which it aims to use for purposes such as internal process improvements. Data sharing is based on an individual contract between the two companies. 

So how does this scenario look different once the Data Act is in force? 

Well, not that much actually changes. That’s because the data is already being used by both companies: manufacturer and user. The only change is that the contract needs to be reviewed and may need amending to ensure it complies with the Data Act.

Making wider use of the data looks unrealistic for the time being. Since condition-based monitoring requires very specific knowledge about the machinery and process, it’s unlikely that the company using the service would be able to obtain a comparable service from a third party. And the company is unlikely to outsource its internal process optimisation to a third party. 

Will the Data Act impact adoption of B2B connected products?

There’s reason to believe that willingness to use B2B connected products will be lower than for B2C products. Why? Because usage data from a connected product may contain sensitive information about the company using the product.  

A ‘user’ company will only network a product or agree to transfer data to the manufacturer if the benefit of doing so outweighs the risk. And that risk can take multiple forms, ranging from cybersecurity risks to disclosure of trade secrets or intellectual property. 

In contrast to the B2C space, where very few users have concerns about sharing their data with a manufacturer, in the B2B space it’s reasonable to assume that businesses are likely to give a lot more thought to whether it makes sense to connect a product to a network.  

One example of this is the relatively low penetration of connected machinery on the shop floor at standalone manufacturing companies. Consequently, the general availability (or lack) of usage data may be a much more serious problem than the rules on who’s allowed to access what data. 

As an example, let’s build on the previous scenario we looked at. Say we have another small manufacturer – one that also uses a piece of machinery from the above manufacturer. This small manufacturer decides not to employ app-based condition monitoring. Highly restrictive IT security rules prevent the machinery from being connected to an external network. The manufacturer does not currently have access to usage data (is not a data holder) and will still not have it after the Data Act comes into force. It would in theory be possible to extract usage data via a USB port, and this would still be possible under the Act. 

A risk or opportunity for connected product manufacturers?

So, onto the critical question: is the European Data Act good or bad news for manufacturers? Well, as is often the case, the answer is: ‘it depends’. To offer a blanket ‘yes’ or ‘no’ would ignore the manufacturing sector's complexity and diversity.

That said, here’s our take on how the Data Act will impact industrial data handling and the manufacturing sector...

  • New data-driven services emerge

    In the service sector, it’s reasonable to expect developments to be very dynamic and new opportunities to arise. Right now, the opportunities for data-driven, manufacturer-independent service offerings look almost limitless. 

  • Data governance becomes a business imperative

    Businesses that already have strong data governance systems will find it easier to minimise the impact and maximise the benefit of adapting to requirements arising from the Data Act

  • Data holders must diversify on data-led revenue streams

    The more the data holder’s existing data-led revenue streams are based on something other than the pure availability of raw data, the lower the likelihood that these revenue streams will be threatened by the need to transfer raw data to third parties. 

  • IP risks will need proactive management

    In a manufacturing environment, data sharing with third parties gives rise to risks relating to the protection of intellectual property – for both manufacturer and the company using the product. This is an area where a wide variety of possible approaches are likely. It’s fair to assume that some of these approaches will be highly specific and will need to be supported by complex Data Act compliant contractual arrangements.  

Three ways manufacturers can prepare for the Data Act

With an industrial data transformation on the horizon, here’s how connected products manufacturers can start preparing for the Data Act. (Please note that the definitions used here relate to the text of the EU Data Act adopted by the European Parliament on November 9, 2023).

  • 1. Identify which of your products are affected by the Data Act

    The definition of a ‘connected product’ is very broad. It covers both IoT-enabled products and products capable of ‘physical on-site data access’. In other words, the scope of the Data Act is very wide. So it’s key to understand early on which of your products will be impacted by the Data Act. As a starter, it’s helpful to familiarise yourself with the original text of Article 2(5) of the Data Act: 
    ‘Connected product means an item that obtains, generates, or collects data concerning its use or environment. And that is able to communicate product data via an electronic communications service, physical connection, or on-device access. Whose primary function is not the storing, processing, or transmission of data on behalf of any party other than the user’. 

  • 2. Start embedding ‘data access by design’

    To meet the requirements of the Data Act, connected products will have to offer ‘data access by design’. Your product development process needs to adapt to this new circumstance sooner rather than later. And you should ensure your product and service managers are aware of this new obligation. For clarity, here’s the original wording from Article 3(1) of the Data Act: 
    ‘Connected products shall be designed and manufactured, and related services shall be designed and provided, in such a manner that product data and related service data [ accessible] by default easily, securely, free of charge, in a comprehensive, structured, commonly used and machine-readable format, and, where relevant and technically feasible, directly accessible to the user’. 

  • 3. Review your processes and operational model

    This is not just a question of product design; it’s also going to affect your processes. Who’s going to deal with enquiries from users and third parties? How do you come up with a valuation for your data? And how much should third parties pay for implementing data access? In future, other people are going to be able to access usage data from your products. If you’re concerned about disclosing intellectual property, now is the time to get familiar with the technical and legal options available for preventing disclosure of critical data. 

A political agreement was reached between the European Parliament and the Council of the EU on the Data Act on June 28, 2023. The Act is now subject to formal approval. Once adopted, it will come into force after 20 months. 

The Data Act will mark a transformation in the handling of industrial data. One that places new controls and ownership with users. One that will redefine how we design and develop connected products. And one that could redefine how manufacturers and service providers create value and drive revenue. 

For these reasons, it’s critical that industrial sector organisations start preparing for new data access regulations today. This might sound daunting, but it doesn’t need to be. Talk to us today about how we can support you on your data journey. 

Ulrike Schirmer, Senior Consulting Manager, Zühlke
Contact person for Germany

Ulrike Schirmer

Senior Consulting Manager

Ulrike Schirmer has extensive experience in the digitisation of production processes within the industry and consumer products sector, with a focus on end-to-end business and IT process optimisation. She has supported numerous clients in unlocking the full potential of their production data through seamless integration into the enterprise ecosystem. Ulrike Schirmer holds a degree in Industrial Engineering with a specialisation in production and logistics. In 2023, she joined Zühlke as a Lead Business Consultant.

Thank you for your message.