Question 1

What is the first step in EU Data Act compliance?

Accepted Answer

Start with scoping: Identify which of your products are "connected products" under Article 3, determine whether you are a data holder, manufacturer, or related service provider, and map which obligations apply to your specific role. This scoping phase typically takes 4-8 weeks and is critical for prioritising implementation efforts.

Question 2

What are the technical requirements for Article 4 compliance (user data access)?

Accepted Answer

Article 4 requires data in structured, machine-readable formats like JSON. Implementation involves: consent management for user authorization, data recipient onboarding for third-party access, API infrastructure with secure authentication, and audit logging for compliance documentation. Fiskil's Data Provider handles these requirements through pre-built infrastructure.

Question 3

How long does full EU Data Act implementation take?

Accepted Answer

In-house implementation typically takes 18-24 months across all 7 phases. Organizations using pre-built platforms like Fiskil can reduce this to 8-12 weeks by skipping the infrastructure build phase (steps 2-3). Since the application date was September 12, 2025, organisations should prioritise speed.

Question 4

What contracts need to be updated?

Accepted Answer

Update: (1) Customer/user agreements (add Article 3 pre-contractual information and Article 4-5 data access rights), (2) Third-party recipient agreements (FRAND terms under Article 8), (3) Cloud service agreements (switching facilitation under Articles 23-32), and (4) B2G agreements if public sector access applies. Review for unfair terms prohibited by Chapter IV.

Question 5

How do we handle the September 2026 design requirements?

Accepted Answer

Article 3 requires connected products placed on the EU market after September 12, 2026, to be designed for "direct user access" to data. This is "data by design" - products must enable data access by default, not as an afterthought. If you're launching new products in 2026, build data access into the product architecture from day one.

Question 6

What organizational changes are required?

Accepted Answer

Designate: (1) Data Act compliance owner (accountable executive), (2) Technical implementation lead (engineering), (3) Legal/contract review lead (update terms), (4) Customer support process for data access requests. Train teams on handling access requests, managing third-party recipients, and responding to public sector body requests under Articles 14-22.

Question 7

How do we test compliance before going live?

Accepted Answer

Pilot with friendly users and third parties: (1) Invite selected customers to request data access, (2) Onboard 2-3 third-party recipients and test their data access flows, (3) Simulate high-volume access requests to test scalability, (4) Conduct legal review of documentation and contracts, (5) Perform security audit of data access infrastructure. Pilots typically take 4-8 weeks.

Question 8

Can I get a customised implementation roadmap?

Accepted Answer

Yes. We provide tailored implementation roadmaps based on your specific products, infrastructure, and timeline requirements. Our compliance architects will work with you to adapt this 7-phase framework to your organization, including detailed sub-steps, timelines, responsible party assignments, and templates for scoping, gap analysis, and testing. Book a consultation to receive your customised roadmap.

EU Data Act Compliance Checklist: Implementation Framework

What the Law Requires

What This Means in Practice

Accelerate Implementation with Data Provider Platform

Enterprise-Ready Infrastructure

Security & Compliance

Scale & Reliability

Frequently Asked Questions

Related Resources

Ready to Get Started?