Zum Hauptinhalt springen

22. Does [Article 3(1)](/docs/data-act/article-3#paragraph-1) oblige manufacturers of connected products to design or redesign their connected products so that users can access the data directly?

No. Article 3(1) of the Data Act does not oblige manufacturers to grant direct access to data in all situations and for all connected products. Data should be ‘directly accessible’ to the user ’where relevant and technically feasible’. The formulation ‘where relevant and technically feasible’ is meant to reinforce the manufacturers’ discretion to decide whether to design a connected product in a way that provides users with ‘uncontrolled’ access (i.e. without any intervention by any other party) or in a way that provides access with additional controls (typically via a remote server). For this purpose, a manufacturer may assess, for example, whether direct access is technically possible; the costs of potential technical modifications; and the difficulty of protecting trade secrets or IP, or of ensuring the connected product’s security. One could also consider whether direct access is relevant in a specific scenario from the perspective of the connected product, user, or data holder. Based on this assessment, manufacturers may choose to design the connected product in such a way that all or part of the product data is directly accessible or may enable only indirect access. If agreed upon, data holders can also access product data made directly accessible to a user. Data are ‘directly accessible’ when:

  • The user is able to access the data without the intervention of any other party, notably the data holder (this is an alternative to making requests under Articles 4 and 5, which do require data holder intervention).

  • The user has the technical means to stream or download the data as a result of the design of the connected product. Recital 22 explains that the location where the data are stored is irrelevant: data can be ‘directly accessible’ from a storage point on the device itself or from a remote server under the control of the manufacturer or a data holder.

Put simply, for data to be ‘directly accessible’, the user must therefore be able to access them without the involvement of the data holder, regardless of where the data are stored. Even if there is direct access and a remote server, the data holder is obliged to provide the means (i.e. appropriate interfaces, such as an API) to allow the user to easily access the relevant data (cf. Recital 35 of the Data Act, which compares Article 3(1) of the Data Act with Article 20 of the GDPR). By the date of entry into application of the Data Act (12 September 2025), products already on the market and new products (when placed on the market) must allow for data to be accessed by the user. By this date, manufacturers have to decide whether such access will be made directly or indirectly (cf. Article 4(1)) of the Data Act. Companies will find practical ways to incentivise the use of the solution that works best for them. Sectoral legislation can be more specific.