Smart devices now need a data handover plan

The quiet question inside a smart product used to be simple: does the app work when the customer opens it? The next question is less tidy. Can the user get the data out when they need someone else to use it?

That is the practical edge of the EU Data Act, which has applied since 12 September 2025. The law is often described as part of Europe's data economy agenda, but for people buying or running connected products, the point is more concrete. Data from a car, smart TV, wearable, industrial machine or other connected device is no longer meant to sit entirely inside the manufacturer's walled garden.

The European Commission says consumers and business users can access, use and share raw data generated by their connected devices. It gives examples such as cars, smart TVs and industrial machinery, and says this can support repair, maintenance and after-sale services. In plain terms, a product that creates useful data should not treat that data as a locked drawer by default.

This does not mean every device suddenly gets a neat export button tomorrow morning. The Data Act entered into force in January 2024, started applying in September 2025, and still has phased pieces. The legal text says a design obligation for connected products and related services applies to products and services placed on the market after 12 September 2026. That date matters because it turns an abstract access right into product work: what data is generated, where it is stored, how it is accessed, and how it can be shared securely.

For product teams, this is not only a legal memo. It asks for a handover plan. A connected appliance may need clearer information about what data it produces. A vehicle service may need a way to share relevant data with a repair provider chosen by the user. An industrial supplier may need to explain which performance data a customer can retrieve and which safeguards apply. Those are design, documentation, support and security decisions, not just compliance copy.

The repair angle is easy to understand because it touches daily life. A connected product can keep generating information after purchase: fault codes, battery behaviour, performance data, sensor readings, usage logs. Some of that information may help diagnose a problem or compare service options. If a user can choose to share relevant data with an independent provider, the original seller has less room to make the product ecosystem feel like the only practical route.

The same logic matters in business settings. A farmer, factory operator or logistics company may buy a machine but still struggle to use the data it creates. The Commission's Data Act page points to sectors such as manufacturing and agriculture, where equipment performance data can help operations. The real value is rarely the raw file by itself. It is the ability to plug the data into maintenance, analysis or planning tools without being trapped in one supplier relationship.

Cloud services are part of the same story. The Commission says the Data Act enables cloud users to switch providers or use services from several providers in parallel. The regulation also sets a timetable for switching charges: reduced switching charges may apply during a transition, but switching charges are due to be fully prohibited from 12 January 2027. For companies trying to move workloads, that may sound less glamorous than an AI launch. It is still the kind of plumbing that can change negotiating power.

There are limits, and they are not small. The Data Act does not erase privacy law. The EUR-Lex text says EU and national personal data protection and privacy law prevail if there is a conflict. That matters because connected-product data can include personal data, commercial information or security-sensitive details. A fair access rule is not the same thing as publishing every datapoint to anyone who asks.

The Commission's FAQ page also hints at how much implementation work remains. It points stakeholders to guidance, model contractual terms, standard contractual clauses for cloud contracts and a Data Act Legal Helpdesk. That is a polite way of saying the hard cases are already here: mixed personal and non-personal data, trade secrets, third-party requests, cloud lock-in, and contracts that were written before product data became a boardroom topic.

For readers, the useful test is not whether a brand says it is "data driven". It is whether the product has a credible answer to ordinary handover questions. What data does it create? Can the user see it? Can it be shared with a chosen repairer or service provider? Is the process secure enough that access does not become a privacy or safety risk?

The Data Act will not make every smart product open or easy overnight. It does, however, move device data out of the background. A connected product is increasingly judged not only by what it collects, but by whether the people who bought it can do something useful with the trail it leaves behind.