🔎 Data Act: What CIOs really need to know
- Vincent Pollet
- Dec 27, 2025
- 1 min read
The Data Act (EU 2023/2854) fundamentally redefines data governance in Europe, particularly data from connected objects, industrial systems and associated services.
👉 For a CIO, the impacts are very concrete:
• Data access by design
IoT solutions must allow direct, secure and free access to the generated data, in usable formats. No more "default" technical barriers.
• Extended portability and sharing
Companies will be able to request the transfer of their data (personal and non-personal) to a third party or another service provider, without any loss of quality. This goes well beyond the GDPR's data portability requirements.
• Contracts under surveillance
Clauses restricting access to or reuse of data become illegal. A ban on unfair terms will apply to all contracts, including existing ones, by 2027.
• Removal of obstacles to cloud migration
From January 2027, migration to another cloud provider must be possible without excessive costs or technical obstacles.
• GDPR unchanged, but essential
The Data Act does not replace the GDPR: legal bases, roles (controller/processor), security and the rights of individuals remain mandatory for personal data.
📅 Important to remember regarding scheduling
– Main application: September 2025
– Cloud switching effective: January 2027
🎯 Key message for CIOs
The Data Act is not just "another" piece of legislation. It mandates a review of contracts, a more open data architecture, and increased vigilance regarding supplier dependencies.
Data governance is becoming a strategic issue, not just a legal one.
