ACM publishes draft guidelines regarding the European Data Act for businesses

The European Data Act came into effect on September 12, 2025. With this regulation, the European data economy gets a new boost: improved access to data in order to promote innovation as well as more control for users over their own data. ACM will soon be authorized to enforce this law. In order to familiarize businesses with the new rules, ACM has drawn up draft guidelines, which have now been published for public consultation.

The Data Act helps create a fair, open, and innovative data market in the European Union. On the basis of new rules regarding access and user rights, people and businesses are able to take more advantage of the growing European data economy. Innovative businesses get improved access to data, and users gain better insight into what data is collected and how they can access this data.

The Data Act creates new opportunities for people and businesses, but it also introduces obligations for businesses. Going forward, manufacturers and providers of smart devices, such as in the automotive industry and the agricultural sector, need to make data accessible for users. Those users are subsequently able to share that same data with, for example, repair firms or developers of smart IT solutions. Cloud companies must make it possible to migrate data as well as to link systems from different cloud companies.

Draft guidelines

It is important for businesses to implement the obligations laid down in the Data Act. In order to help them get started and to offer practical guidance, ACM has published the Guidelines on Sharing Data (in Dutch: Leidraad Data Delen) for manufacturers and providers of smart devices. These guidelines have been published for public consultation so that businesses and users are able to indicate whether their most pressing questions are answered with these guidelines. Input about these draft guidelines can be submitted until October 31 by sending them to dataact[at] acm[punt] nl.

What is ACM's role?

ACM will be charged with enforcing compliance with the Data Act in the Netherlands. The Dutch Data Protection Authority (AP), too, will have certain oversight duties. In addition, ACM will be charged with the coordination between regulators in the Netherlands and other regulators in Europe. The Dutch legislation that is required for these duties has not yet come into effect. Once the Dutch Senate and the Dutch House of Representatives have passed the Dutch implementing act, ACM will be fully authorized. Individuals and businesses will then also be able to file reports about relevant developments and possible violations with ACM.