Blog

What the EU Data Act means for logistics, data sharing, and open source innovation

14 August 2025

Dr. David Saive, LL.M.

The EU Data Act is reshaping logistics by granting Users access to connected-product data and requiring secure, real-time sharing. The Act introduces potential compliance issues, of course. But, for companies that act now, they have a chance to gain a competitive edge through open source and innovation.

The EU Data Act, part of the European Union’s broader data strategy, aims to make industry data more accessible, usable, and shareable across industries and borders. For logistics companies, it presents several challenges and opportunities.

But the biggest opportunity? Companies that already prepare can gain a competitive advantage in a rapidly changing market.

With the law already in place and applicable from September 2025, now is the time to act. This blog explains what the EU Data Act is, how it impacts logistics, and how open source and standardisation can help support compliance and innovation.

What is the EU Data Act?

The EU Data Act regulates who can access and use data from connected products and related services. Its goal is to remove barriers to data sharing and to ensure fair access for users and service providers.

The regulation is part of the European Strategy for Data, a larger legislative framework established in 2015 that also includes the Data Governance Act and the General Data Protection Regulation (GDPR). This framework supports the development of a single European data market and data-driven innovation.

The Data Act covers a wide range of ‘connected products’, or any device that collects and transmits data. In a consumer setting, this might be a coffee machine or a washing machine. In logistics, IoT-enabled equipment in trucks, smart containers, automated warehouse equipment, or route optimisation software. These devices generate valuable data that, with the new law, can no longer remain siloed under exclusive manufacturer control.

The logic is simple: when you generate data by using a product, you should have the right to benefit from it. Until now, manufacturers and platform providers have held exclusive control, and data from leased or shared assets was often locked away. The Data Act changes this, granting Users the right to access their data and to authorise its use by Third Parties – creating a more transparent and efficient system and putting a legal value on specific kinds of data.

Click here to read part 1 of our EU Data Act series on LinkedIn.

Who does the regulation affect?

The Data Act defines three main roles in the data economy:

Data Holders: Entities that manufacture or operate connected products and control access to the data (e.g., truck manufacturers or fleet platform providers).
Users: Individuals or organisations that use the connected products and are granted the right to access and share the data they generate (e.g., freight forwarders, carriers, and warehouse operators).
Third Parties: External service providers authorised to access data by the User (e.g., maintenance companies, marine or transport insurance providers, and visibility platforms such as track and trace software providers).

In practice under the Data Act, Data Holders must provide Users with real-time, secure, and direct access to product-generated data and enable the transfer of that data to Third Parties.

Data Holders themselves are not permitted to use or share this data with Third Parties without the User’s explicit consent. This means that even long-standing data flows between manufacturers, platform providers, and service providers may be disrupted unless clear permissions are granted.

This is a critical shift for software and platform providers. If consent is not given by the User, access to data may be lost, even for services that rely on it. They must participate in the data-sharing conversation between Users and Data Holders to secure long-term access and maintain service continuity.

Click here to read part 3 of our EU Data Act series on LinkedIn.

What rights does the regulation introduce?

The Data Act gives Users of connected products the right to access and share connected-product-generated data. The Data Holder must provide this data in a commonly used, machine-readable format, free of charge. If a User wishes to share this data with a Third Party, the Data Holder must enable that transfer directly.

Key rights include:

User access to IoT data: Users of connected logistics devices gain the right to access, use, and share operational data. Users also decide on how Data Holders use this data (Art. 4 (13)).
Mandatory B2B data sharing: Data Holders must provide access to data for free for the User and under fair, reasonable, and non-discriminatory terms for Third Parties (Arts. 3(1), 4(1)).
Data portability: Non-personal data (e.g., cargo conditions, maintenance logs) must be transferable across service providers, without vendor lock-in. Personal data protections (e.g., driving patterns) remain in place during sharing.

Click here to read part 5 of our EU Data Act series on LinkedIn.

How does the EU Data Act impact logistics?

While the EU Data Act applies across industries, its effects on logistics are particularly far-reaching. According to a study by the European Commission, only 20 per cent of industrial data is currently used (European Commission, 2022). The Act aims to unlock the remaining 80 per cent by introducing mandatory data access and clearly defined rights for Users and Third Parties.

Illustration of european flag with lock symbol

Read Dr. David Saive’s interview on the EU Data Act, featured in the 5th edition of Open Logistics Magazine.

Read now

Some key impacts include:

Mandatory access: Original Equipment Manufacturers (OEMs) and logistics platforms must provide secure, real-time, high-quality data in a structured format, free of charge.
Open APIs: Open, standardised interfaces will become essential for secure, compliant data sharing.
New responsibilities for operators: Leasing or renting a connected device may make companies Data Holders, even if they didn’t build the product themselves.
Third Parties become part of the strategic equation: Their access depends on clear authorisation by Users.

Ultimately, the Data Act offers a clear message: logistics companies can no longer afford to treat data access as a side issue. It’s now a core operational and legal matter that touches every actor in the chain, and the question of data ownership becomes unavoidable.

These changes call for a twofold strategic response:

Defensive, by ensuring legal compliance and protection of business models, trade secrets, and sensitive operational data from misuse or exposure.
Offensive, by using newly accessible data to optimise processes, collaborate, and develop new value-added services.

Click here to read part 2 of our EU Data Act series on LinkedIn.

Opportunities to embrace	Challenges to address
Optimise multimodal transport chains by combining data from various transport modes	Updating internal policies to govern data access and usage
Improve stock forecasting and inventory management through data from connected products	Reviewing and adapting existing data-sharing contracts
Streamline internal processes and reduce inefficiencies with data-driven workflows	Implementing cybersecurity measures that meet EU standards
Enhance the transparency of and automate digital customs processes	Aligning technical infrastructure to support interoperability
Develop new value-added services with access to usage data	Protecting sensitive information and trade secrets
Boost supply chain visibility and resilience with proactive risk management and more collaboration
Participate in open, collaborative ecosystems.

It is important to note that non-compliant companies could face additional legal and financial risks, as penalties can reach up to €20 million or 4% of global turnover (whichever is higher).

How does it regulate connected logistics products?

At its core, the regulation ensures that Users can access connected-product-generated data from the entity that holds it. Free of charge and in real time.

Articles 3(1) and 4(1) of the regulation establish the legal foundation for Users to access data for operational improvements (e.g., fleet management, maintenance schedule optimisation, supply chain visibility). They can also authorise access for Third Parties under fair, reasonable, and non-discriminatory (FRAND) conditions.

This empowers users to extract more value from connected assets. Clear rules for access and consent are crucial to balance compliance, security, and privacy. For logistics, it’s a pivotal step toward smarter, more connected supply chains.

Click here to read part 4 of our LinkedIn EU Data Act series.

What does the regulation mean for international logistics?

The EU Data Act applies to any company that processes data from connected products used in the European Union, regardless of where the company is based. This extended territorial scope has important consequences for global logistics providers, especially those managing assets across borders or operating within complex, multimodal supply chains.

Non-EU companies that handle data generated within the EU must now comply with the same standards as EU-based organisations, similar to how the GDPR introduced universal requirements for personal data. This includes adapting technical infrastructure, legal agreements, and data governance processes to comply with new standards of interoperability and transparency.

Click here to read part 6 of our EU Data Act series on LinkedIn.

How can logistics companies prepare for the EU Data Act?

To stay ahead of the regulatory curve, logistics organisations should start preparing for the EU Data Act now. I recommend a five-step structured compliance strategy to help companies both mitigate risks and seize new opportunities.

Identify affected devices, data flows, and legal obligations: Start by mapping data from connected logistics assets. Determine which devices fall within the scope of the regulation and understand the associated data-sharing requirements.
Define clear internal policies for data access and sharing: Define and implement clear internal governance policies for who can (and cannot!) access which data, for what purposes, and under what conditions. Role-based access control is essential to ensure that only authorised individuals or Third Parties can use specific data.
Implement cybersecurity measures: Companies must adopt cybersecurity best practices, such as encryption, to protect sensitive operational and business data. A practical starting point: assess what data is processed by each connected system and how it is secured.
Review and revise contracts with data partners: Update existing agreements that cover data ownership, usage rights, and sharing arrangements to meet the Act’s new requirements. This includes clarifying who owns the data, who may use it, and how data-sharing responsibilities are distributed across all parties in the supply chain.
Explore open source solutions: Use standardised, open source solutions that promote data exchange to simplify compliance and promote innovation.

Click here to read part 7 of our EU Data Act series on LinkedIn.

Why open source matters

“If companies work together to create a trusted ecosystem, it will help everyone navigate the new regulatory landscape and unlock the full potential of data-driven logistics,” says Andreas Nettsträter, CEO of the Open Logistics Foundation.

The Open Logistics Foundation plays a central role in helping the industry respond to the Data Act. As a neutral, non-profit platform for open source collaboration, the Foundation bridges regulatory demands with practical, standardised solutions for compliant data exchange.

The Foundation develops and provides open source components that enable:

Compliance with the EU Data Act
Cross-industry collaboration, breaking down silos and reducing complexity
Seamless integration across supply chains through our solutions’ own alignment with EU interoperability standards (such as those under the eFTI Regulation)
Innovation, sustainability, and cost-efficiency in a community that meets regulatory challenges head-on

Organisations that join the Open Logistic Foundation’s community and contribute to open source projects gain access to a group of experts and a growing portfolio of technical solutions that make compliance both achievable and scalable.

Click here to read part 8 of our EU Data Act series on LinkedIn.

In conclusion

By giving users control over the data from connected products, the EU Data Act enables new efficiencies, improved transparency, and fairer access across the supply chain. But the law also introduces new obligations around security, interoperability, and legal compliance that no company can afford to ignore.

Companies that act now by developing strategies, reviewing contracts, and adopting open source standards can position themselves as leaders in the data economy. With the support of initiatives like the Open Logistics Foundation, the logistics industry has an opportunity to shape a more transparent, efficient, and collaborative future that is more aligned with adjacent sectors, such as marine or transport insurance.

It makes more sense to enter into these discussions jointly, across the whole industry, and not just in one-to-one situations. Because the EU Data Act applies to everyone, and everyone is dealing with the same legislative environment, why don’t we talk together and make up our minds around the question, ‘how do we share data in the future?’

RA Dr. David Saive, LL.M., is the Legal Product Owner of the Open Logistics Foundation, and a lawyer specialised in Paperless Trade, Transport & Trade Finance based in Hamburg.