The EU Data Act imposes new rules on data access and sharing (particularly data from connected objects), facilitates changing cloud providers, and regulates B2B contractual clauses deemed unfair.
We help you make your products, contracts, and architecture compliant, interoperable, and reversible, without sacrificing security, intellectual property, or business value.
Preparing for the Data Act in addition to the GDPR and the AI Act is a strategic necessity.
Olivier CAZZULO
Netsystem CEO
The regulation covers a wide scope: manufacturers and distributors of connected products, publishers and operators of data processing services (IaaS/PaaS/SaaS), B2B companies that negotiate data contracts, as well as certain B2G sharing situations. It has been applicable since September 12, 2025.
Other milestones follow: the “data by design” approach for new connected products from September 12, 2026, and the total elimination of cloud switching fees on January 12, 2027.
Acting now means avoiding a double penalty: urgent catch-up and costly overhaul. We structure your projects to quickly achieve tangible gains (portability, better contract negotiation, reduced vendor lock-in) while securing your compliance trajectories.
Yes! It has been in effect since September 12, 2025. The “data by design” requirements apply to new connected products from September 12, 2026. The total elimination of cloud switching fees will take effect on January 12, 2027.
The GDPR protects personal data and regulates its processing. The Data Act focuses primarily on access, use, and portability of data (particularly non-personal data) in IoT and cloud ecosystems. The two regulations complement each other and must be aligned in your policies and contracts.
You must allow customers to switch providers without excessive technical or contractual obstacles. This requires a documented exit plan, transparency on portability and performance, and, by 2027, no switching fees.
These are clauses that are imposed unilaterally and considered unfair (e.g., disproportionate restrictions on access, use, or recourse). The Data Act promotes fairer contracts, which boost trust and innovation.
La mise en œuvre est confiée aux États membres, qui déterminent autorités compétentes et barèmes de sanctions. L’enjeu pour vous : réduire l’exposition en documentant vos dispositifs et en démontrant vos efforts de conformité.
Our digital transformation and cybersecurity consulting firm supports you in auditing and complying with the Data Act regulations, fully integrating security issues into your processes. We offer customized support covering:
We clarify your exposure to the Data Act:
You quickly gain a clear picture of what needs to be done, in what order, and with what impacts and benefits.
We are scaling up with an integrated approach:
Our approach combines technical expertise with in-depth knowledge of the specific requirements of the sector, providing comprehensive support that allows you to navigate the complex world of Data Act regulations with confidence.
We combine IT strategy, contract law, and data engineering.
Typical process:
Each step is coordinated with your GDPR, NIS2, DORA, and data governance projects to avoid duplication and ensure effective arbitration.
You receive actionable deliverables:
KERIALIS, a social protection institution dedicated to legal and accounting professions, offers supplementary health, life insurance, long-term care, end-of-career compensation, and retirement benefits, as well as a range of services to support its policyholders on a daily basis.
The organization wanted to improve its operational resilience by complying with DORA regulations, which are specific to its sector of activity and, more generally, to financial services companies.
"As part of KERIALIS's efforts to comply with DORA requirements, we were looking for a service provider to support us.
We chose Netsystem for their promptness in contacting us, the quality of our discussions, and their quick response times.
NETSYSTEM is an agile organization with a strong ability to adapt and experienced CISOs, particularly in cybersecurity aspects related to DORA."
The PASSI qualification is issued by the French National Cybersecurity Agency (ANSSI).
It is intended for trusted service providers who perform organizational and physical security audits, as well as technical audits, on their own behalf or on behalf of their clients.
It is a real guarantee of quality and expertise for organizations looking for a cybersecurity consulting firm to audit their structure.
We are an IT strategy consulting firm specializing in data compliance, cybersecurity, and digital transformation.
The Data Act is a tremendous opportunity for manufacturers, publishers, and cloud providers to structure data access, accelerate interoperability, and reduce vendor lock-in—all of which will boost customer confidence and operational performance.
This regulation is not just a simple compliance exercise: it drives concrete transformation in data governance, cloud reversibility, access/portability interfaces for connected products, and more balanced and transparent B2B contracts.
At NETSYSTEM, we support our customers not only in meeting the requirements of the Data Act, but above all in turning it into a competitive advantage. Our approach combines strategic vision, proven methods, and the ability to make technical and contractual requirements clear and actionable for business departments as well as IT and legal teams.
For us, the Data Act is an opportunity to strengthen digital trust and unlock the value of data. And that is precisely our role: to help organizations become stronger, more open, and more agile, with sustainable systems that stand the test of time.
No posts found!
