Recently, Amazon Seller Central has officially updated its "EU Data Act" policy page (see image below), clarifying that connected devices (IoT products) failing to meet the new requirements will face removal from the platform. What exactly is the Data Act that has led Amazon to batch-remove products? Today, GTG’s data security experts will explain this legislation in plain language.

I. Basic Overview of the EU Data Act

The EU Data Act, following the General Data Protection Regulation (GDPR), is the second core data legislation launched by the EU. Drafted in February 2022, officially adopted in January 2024, it will fully take effect on September 12, 2025. Its core goal is to break data monopolies, promote data sharing, establish a European "Single Data Market," and strengthen digital sovereignty.

Scope of Application

• Subjects: All enterprises selling smart devices (e.g., automobiles, home appliances) or providing related services in the EU market, including cloud computing and IoT industries.
• Data Types: Focuses on non-personal data (e.g., device operation data, user behavior data); personal data must comply with GDPR first.

Core Conflict

Balancing the protection of user privacy and trade secrets while transforming data from a "locked state" to "free flow," and preventing large companies from monopolizing data resources.

II. Core Rules: "Data Belongs to Its Owner"

1. Upgraded User Rights

• Data Access Right: Users (individuals and enterprises) can request manufacturers to directly export device-generated data (e.g., smart car driving records) in a "machine-readable" format free of charge.
• Data Sharing Right: Users can authorize third parties (e.g., repair shops) to access data. For example, if your smart watch breaks, a local repair shop can use data provided by the manufacturer for repairs.

2. Enterprise Obligations & Restrictions

• Ban on Unfair Contract Terms: Large companies cannot restrict users from sharing data through contracts. For example, a cloud computing platform stipulating "data can only be stored on our servers" will be deemed illegal.
• Technical Interoperability: Enterprises must provide open interfaces to support data migration. For example, users can seamlessly transfer data from Amazon Web Services to Alibaba Cloud.

3. Public Sector Data Access

• Emergency Privileges: During public health emergencies or natural disasters, governments can force enterprises to share data (e.g., accessing crowd flow data during a pandemic), but data must be anonymized and enterprises compensated.

4. Protection for SMEs

• Obligation Exemptions: Small and micro-enterprises are not required to share data mandatorily, avoiding exploitation by large companies.
• Anti-Monopoly Design: Prohibits "gatekeeper" enterprises (e.g., Google, Microsoft) from acting as data recipients to prevent them from monopolizing data using market dominance.

III. Impacts & Challenges

1. Benefits for Individuals

• Cost Savings: The rise of third-party repair services reduces device maintenance costs (e.g., smart home appliances no longer rely on original manufacturers).
• Data Monetization: Factory equipment data can be sold to other enterprises for production optimization—even to competitors (but developing similar products is prohibited).

2. Impacts on Enterprises

• Pressure on Large Companies: Need to revamp systems to open interfaces, potentially facing high compliance costs. For example, Apple must allow users to freely export iPhone data.
• New Business Models: Spur new formats such as data trading platforms and data analysis services.

3. Global Game & Controversies

• Cross-Border Data Barriers: Strict standards for EU data transfer to the US may increase costs for multinational enterprises (e.g., Tesla must build local servers in Europe).
• Rule Conflicts: Contradicts the US CLOUD Act (allowing the government to directly access overseas data), potentially triggering a "data cold war."

IV. Future Outlook: "Reform and Opening Up" in the Data World

The EU Data Act aims to balance free data flow and rights protection:

• For Individuals: Return of data sovereignty and enhanced privacy security.
• For Enterprises: Breaking monopolies but requiring adaptation to new rules.
• For the World: May prompt global emulation and reshape the data governance landscape.

Key Tests

• Technical Implementation: Can enterprises achieve data interoperability at low cost?
• International Coordination: How to avoid conflicts with rules in the US, China, and other countries?
• Innovation Incentives: Prevent over-regulation from stifling data utilization potential.

Summary

The EU Data Act is a "rule revolution" for data circulation—it empowers users with more control and forces enterprises to open their data ecosystems. Its success depends on enforcement intensity, technical support, and global cooperation. For enterprises, embracing the rules and planning in advance is the key to survival.

GTG Cybersecurity Laboratory Features

1. Outstanding Practical Vulnerability Discovery Capabilities

Our team consists of practical experts from the traditional cybersecurity industry who have participated in national-level cybersecurity defense operations, possessing profound offensive and defensive experience. This enables us to thoroughly identify potential security vulnerabilities in products—helping clients meet compliance requirements and obtain certifications while providing solid protection for product security. We take pride in our industry-leading vulnerability discovery capabilities.

2. Streamlined Customer Processes & Experience

We focus on reducing client burdens. Unlike many institutions that require clients to fill out tedious materials independently or even charge additional "consulting fees," we draft most required documents on behalf of clients, who only need to make minor confirmations. This significantly reduces clients’ time and labor costs, allowing them to focus on core business.

3. Tailored Solutions & Free Ongoing Consultation

For identified security vulnerabilities, we provide customized solutions based on clients’ specific environments and needs—not one-size-fits-all AI-generated repair suggestions. Related technical consultations are free and unlimited. In contrast, most laboratories in the market charge for customized services.

Limited-Time Offer! GTG Helps Enterprises "Race Ahead" in Compliance

From now until December 31, 2025, GTG launches the "EU Data Act Compliance Escort Program":Purchase one set of EN 18031 certification, get EU Data Act compliance service for free (only report fee applies)

Security Upgrade! GTG Certification Guards the New Era of IoT Security