Taylor Wessing Insight: Regulated, yet Revolutionary?

The EU Artificial Intelligence Act (“AI Act”) adopts a risk-based regulatory approach, similar in spirit to the Product Liability Directive or the GDPR. There is nothing wrong with requiring companies to understand and control the products they deploy and the associated risks. But is this good for innovation and competition? Possibly – to the extent that uniform rules create a level playing field across the EU, clearly defining what is and isn’t permissible, potentially even setting global standards through regulatory spillover effects.

What about the Data Act? Earlier legislative drafts – long before the final version adopted this September – flirted with the idea of creating “ownership” rights in data. The Data Act, now in force, instead places users of connected products at the center of decision-making. It obliges manufacturers to make machine-generated data accessible and allows third parties to use these data to develop their own services.

The industrial policy rationale is clear: Europe aims to unlock the vast “data treasures” currently hidden within companies and enable the creation of new data-driven services. But will this lead to the promised flourishing landscapes?
Manufacturers of connected products must now ensure through contractual arrangements that they retain sufficient access and usage rights to data generated by their products once in the hands of users. Inaction is not an option. Unless users already have data access, manufacturers must grant them – or third parties authorized by them – access to those data. As always, there are exceptions, e.g., for security reasons, and how these carve-outs will be interpreted in practice will be crucial.

Manufacturers are thus not only facing an additional layer of regulation but may also find themselves subject to claims from users or third parties seeking access to data. This aspect could soon play a far more significant role than under the GDPR.
As with data protection, the starting point is a sober analysis: what data are generated at all, and how critical are they to the business model?

While the Data Act may bring little joy to established manufacturers, it represents an opportunity for young, data-driven companies. For the first time, they can gain access – with user consent – to raw and metadata from connected products or services. These data must be made available on FRAND terms (Fair, Reasonable, and Non-Discriminatory), unless the manufacturer or data holder is exceptionally entitled to withhold them.

This article is a guest contribution provided by Taylor Wessing. Authored by Henning von der Blumensaat, LL.M. (Emory), Salary Partner at Taylor Wessing.