On September 12, 2025, the Data Act, one of the most ambitious European regulations on data management and use, came into force. With it, the European Union seeks to boost the so-called data economy, ensuring that both companies and users have fair and transparent access to the information generated by connected devices.

For Spanish companies, this regulation represents a profound change in the way they manage their digital assets. The big question is: is your company prepared to comply with its legal obligations and avoid sanctions?

Key obligations for companies

Spanish companies must take into account a series of essential legal obligations:

  • Share data with users and third parties: Except for justified exceptions, companies must facilitate access to data generated by the devices they sell or manage.
  • Comply with technical interoperability requirements: Data must be provided in standardised formats so that other systems can use them.
  • Eliminate unfair terms in contracts with SMEs: The Data Act prohibits large companies from imposing disproportionate terms on small and medium-sized businesses.
  • Guarantee security and confidentiality: Data will not be used for purposes other than those agreed upon, nor will it compromise user privacy.

Legal risks due to non-compliance

The Data Act is not a voluntary regulation: non-compliance carries significant legal and economic consequences. The main risks include:

  • Administrative and financial penalties that can be costly for the company.
  • Civil liability if data misuse causes harm to third parties.
  • Conflicts with the GDPR: Failure to comply with the Data Act can also lead to breaches in personal data protection.
  • Reputational damage: The loss of trust from customers and business partners can be as serious as a fine.

Impact on Spanish companies

The impact of the Data Act will be especially significant in sectors where data generated by connected devices plays a central role:

  • Automotive: connected vehicles that generate usage and maintenance information.
  • Telecommunications: data derived from mobile devices and network services.
  • Digital health: medical devices and connected health applications.
  • Energy: smart meters and consumption management systems,

In these and other sectors, companies will need to review their contracts, internal policies, and technical systems to ensure they comply with the regulations from the outset.

How companies should prepare

The entry into force of the Data Act requires immediate adaptation. Some practical steps we recommend are:

  1. Conduct a data audit to identify what information is generated, who manages it, and how it is shared.
  2. Review and adapt contracts with clients, suppliers, and technology partners.
  3. Train staff on the new legal and technical obligations.
  4. Implement specific compliance protocols for data management and sharing.
  5. Engage specialised legal counsel to assist the company in interpreting and applying the regulations effectively.

Legal Conclusions on the Data Act

The Data Act marks a turning point in corporate data management in Europe. Because compliance is mandatory, Spanish companies must make adaptation an urgent priority.

It’s not just about avoiding sanctions, but also about protecting business activity from legal, economic, and reputational risks. The sooner the adaptation process begins, the lower the costs and difficulties.

At ETL ILIA, we support companies in this adaptation process, helping them comply with regulations and reduce their exposure to legal risks in the new era of the data economy.

SEND ENQUIRY