Suchen

The EU Data Act will apply as directly applicable law starting September 12, 2025. A Bitkom study on the implementation of the Data Act 100 days before it takes effect, found that 95% of companies have either not yet implemented the new requirements or don’t believe they are affected. This could have drastic consequences, at least for the provisions of the Data Act that constitute market conduct rules. In that case, competitors could use failures in implementation for legal warnings under competition law. This article explains which companies the Data Act applies to, which violations carry the risk of such warnings, and how companies should prepare now to reduce these risks.

1. Recipients and Scope of the Data Act

The Data Act concerns providers of connected products and digital services. While this initially sounds like a tech regulation, it also affects seemingly less data-driven, traditional business models, such as manufacturers of devices like toasters, washing machines, or industrial machines of any kind. This is because these products are now typically connected and generate data, thereby falling within the scope of the Data Act.

Therefore, checking the applicability of the Data Act to your own company is a compliance obligation and should be done immediately.

Companies within the scope of the Data Act must, among other things, provide users with information about personal and non-personal data generated from the use of their services or products. They must also enable access, use, and sharing of this data. For a more detailed explanation of the scope and obligations under the Data Act, you can refer to this link.

2. Market Conduct Rules Under the Data Act

Violations of the Data Act can be enforced by supervisory authorities. According to the current draft for the implementation of the Data Act, the primary responsibility for this will lie with the Federal Network Agency (Bundesnetzagentur). However, there is also the threat of private enforcement by competitors and qualified associations under the Act Against Unfair Competition (UWG) for market conduct rules as defined in Section 3a of the UWG.

According to established case law from the Federal Court of Justice (BGH), market conduct is broadly defined and includes any activity in a market that objectively serves to promote sales or procurement and with which a business influences competitors, consumers, or other market participants. Market conduct rules are legal provisions that regulate the behavior of businesses in a market and are also intended to protect the interests of market participants (consumers, competitors, and other market participants). This includes European regulations like the Data Act, which regulate market conduct—i.e., activities where businesses influence other market participants, such as advertising, pricing, information obligations, or contractual provisions.

Market conduct rules are, among other things, regulations that create a level playing field for market participants. This is precisely a key objective of the Data Act, which aims to create a fair and competitive data market and a fair distribution of data value among market participants through a level playing field. Therefore, the Data Act profoundly influences how companies interact and compete through data and contains market conduct rules. This is particularly true for regulations that have a direct impact on the market behavior of companies, specifically:

  • Rules regarding users’ rights to data access and use.
  • Obligations for data holders to make data available to third parties.
  • Rules on unfair contractual clauses based on the FRAND principle (Fair, Reasonable And Non-Discriminatory).
  • Rules for facilitating the switching of data processing services (cloud-switching).

In addition to market influence, it’s also necessary for violations to exceed a significance threshold to be subject to a warning. A violation of a market conduct rule can only be successfully warned against and sued for if it is capable of noticeably impairing the interests of consumers, other market participants, or competitors. This minimis clause serves as a filter that prevents the prosecution of minor violations that have no significant or discernible impact on other market participants. Companies that want to aggressively use competitors’ Data Act violations for warnings should consider the significance for their warning and lawsuit and focus on substantial violations. For affected companies, significance can be a component of their defense strategy.

3. How to Avoid Warning Risks

The Data Act affects the conditions of competition in the European data market, so it’s highly likely that courts will classify its provisions as warning-eligible market conduct rules under Section 3a UWG. The contours of these new case groups will sharpen over time. It’s to be expected that regulations on information obligations, data access rights, and fair contract design will be affected. As long as the contours of the new market conduct rules are seemingly unclear, this presents an uncertainty for warning competitors and qualified associations and a relative protection for affected companies.

If the wave of warnings doesn’t roll in on September 13, 2025, companies shouldn’t be complacent. Instead, they should use the time gained for their own Data Act compliance program. Relatively small measures can have a significant effect and improve protection noticeably and decisively.

Every company should fundamentally check if and to what extent it falls within the scope of the Data Act.

Affected companies should then, in particular:

  • Determine the extent to which the obligations of the Data Act apply to them. Specifically, this means identifying whether they act as a data holder (e.g., manufacturers of connected products), a user of connected products, or a provider of data processing services.
  • Examine which products and services need to be adapted to, for example, enable access to data (“Access by Design”).
  • Review and adjust the customer-facing sales and communication process so that necessary information and contractual clauses are offered.

For the initial steps toward Data Act compliance, it’s sensible to focus on easily identifiable violations, as these are the classic points of attack for competitors and qualified associations. At the same time, these are the classic enforcement priorities of a supervisory authority in the initial phase after a new regulation like the Data Act takes effect, and they thus also reduce regulatory risks.

4. Conclusion

The provisions of the Data Act have the potential to become a relevant new category of market conduct rules under Section 3a UWG. With the majority of the Data Act’s regulations taking effect on September 12, 2025, affected companies face the threat of warnings from competitors and qualified associations. The explosive part is that the majority of affected companies are not yet even aware that they need to comply with regulatory requirements. It is time to wake up and deal with the topic of the Data Act. By doing so, warning risks can be managed.

Feel free to contact us if we can help you with this or if you have any questions.

planit legal dr. bernd schmidt

Dr. Bernd Schmidt

Lawyer

Email: bernd.schmidt@planit.legal
Phone: +49 (0) 40 609 44 190

Search

Categories

Keywords

applicability B2C BGH Binding Corporate Rules Bitcoin ceases and desist orders commercial copying copyright-infring Data Processing data transfer DiGA Digital Health Applications E-Commerce EEA EFTA establishment EU-US-Privacy-Shield exceptions Federal Labour Court fines GDPR German Copyright Act German ID card Iceland ID card identity card Influencer International Data Transfer label Lichtenstein Marketing Media Privilege monitoring Norway photography photojournalists Purchase Ratings Safe-Harbor Sales scanning Social Media third country TMG

Autoren