Offering

Embedded & Cloud-Ready: Your Partner for EU Data Act Compliance

The EU Data Act is becoming mandatory — but with the right strategy, it can be a competitive advantage. At Concept Reply, we go beyond compliance, designing solutions that meet regulatory requirements while unlocking new opportunities.

A New Framework from the EU:
What the Data Act Delivers

The Data Act - formally Regulation (EU) 2023/2854 - grants users a clear right to access the data generated through their use of connected products and related services. Whenever such data is collected, the service provider must make it available to the user in a structured, machine-readable format, ensuring transparency and enabling effective reuse. Another part of this regulation introduces a clear “switching” right for customers of SaaS and other data processing services.

Providers must allow users to transfer their data and services to another platform, with no more than two months’ notice.* This strengthens user control, competition, and data portability, while encouraging providers to adopt transparent data-export mechanisms early to retain users. Companies preparing for compliance can also use this as an opportunity to attract users from their competitors. This regulation has a staged entry into force. From 12 September 2025, general compliance obligations apply.

^{* subject to certain conditions and exceptions defined by the regulation}

From 12 September 2026, new products placed on the EU market must be designed by default to provide compliant data access.

An introduction in two steps

Phase 1 – General Obligations (from 2025)

In this phase, providers must ensure that users can obtain their data securely in a machine-readable format, in a timely manner. Although this enforces some principles by which the system needs to be designed, the regulation does not prescribe the technical manner by which compliance must be achieved, leaving flexibility for implementation.

Data could be provided through a dedicated, secure API, which automates requests and is efficient in the long run. Alternatively, data may be provided on a case-by-case basis. This is faster to implement but can be resource-intensive to resolve the requests manually as user demand grows.

The second option can be a user portal where the user logs in, makes a request and waits (a technically justified timeframe) for the data report. For businesses seeking quick compliance, the second method may suffice initially. We, at Concept Reply, can support with implementing the feasible system tailored to your requirements.

For instance, there is a chance you have constrained IoT devices, which are simply not designed to adhere to ad-hoc data requests. In such cases, we can build a solution that provides a secure user portal for submitting requests, efficiently aggregates sensor data in a compliant manner and returns the requested data to the user according to regulatory requirements.

This approach can ensure compliance for the first phase. However, over time, an API is more sustainable and cost-effective. Furthermore, there is a second phase of compliance approaching rapidly.

Phase 2 – Access-by-Design (from September 2026)

The second phase, part of the same regulation, is stricter. Products placed on the market after 12 September 2026 must be engineered from the start to give users seamless, secure, and user-friendly access to their data.

The precise technical standards are still being developed by European standardization bodies. It is expected, however, that APIs or similarly robust solutions will become the baseline for compliance.

Benefits of Early Compliance

Implementing a high-quality, future-proof API sooner rather than later brings multiple advantages. A high-quality API is one that is scalable, secure, well-documented, and governed through proper API management practices (e.g., versioning, access control, monitoring). Early investment in these aspects pays off.

Cost savings can be achieved by automated, standardised data access, which reduces manual work and long-term operational overhead. A robust API - using rate-limiting, monitoring, and stable versioning - avoids costly re-engineering later.

Customer trust can be built by transparent and easy data access, which strengthens your brand reputation, helping you retain customers.

It can create a developer ecosystem. A stable and well-documented API makes it easier for developers to build on top of your data. Using API gateways, SDKs, or even smart-contract-based access control can help support advanced integrations.

It prepares for future readiness. Early adopters will find it easier to adapt when EU standards are finalised.It can support building community. Clear governance, predictable behaviour, and high availability encourage third-party innovation - helping you attract new users, partners, and talent.

How Concept Reply Helps You Leverage the Data Act

At Concept Reply, we are an AIoT specialist (Artifical Intelligence of Things) team with expertise spanning embedded systems, IoT devices, cloud infrastructure, and data services. We support you end-to-end in achieving compliance while maximizing business value.

For embedded and IoT devices, we bring expertise in designing connected products that can reliably generate, expose, and structure user-accessible data as required by the Data Act. Our deep knowledge of major communication protocols (MQTT, CoAP, Wi-Fi, Bluetooth, Zigbee, LoRaWAN, etc.) ensures compliant, secure, and efficient data extraction from both complex and resource-constrained devices.

In addition, our dedicated EdgeAI team preprocesses and organises device data close to the source, enabling clean, machine-readable data output that meets Data Act requirements.

For cloud and large-scale solutions, our cloud-native developers build data-access interfaces that are scalable, secure, and compliant with “without undue delay” obligations. Our certified experts in AWS, Azure, and Kubernetes design resilient, high-availability infrastructures capable of handling continuous data access, real-time exports, and millions of concurrent user requests. We also implement robust API management, authentication, monitoring, and audit logging to ensure lawful, controlled, and reliable delivery of user data.

For data and AI services, our certified data specialists structure raw device data into machine-readable formats required for compliant data provision. We also support in creating refined and value-added datasets, which may be monetised, as the Data Act only mandates free or cost-based access to raw data. In addition, we deliver tailored AI solutions that enable both users and organisations to extract insights, optimise operations, and develop new digital business models around the provided enriched data.

Assess Your EU Data Act Readiness With Us

The EU Data Act sets new rules for data access and sharing - but it also opens doors to innovation, transparency, and stronger customer relationships. With Concept Reply, you gain a partner who not only ensures your compliance but also helps transform regulatory requirements into competitive advantage. Talk to our experts to assess your EU Data Act readiness and define a future-proof compliance roadmap.

Concept Reply

Concept Reply is an AI and IoT (AIoT) technology software development company within the Reply network. Its experts specialise in providing end-to-end business transformation solutions for the automotive, manufacturing, and smart infrastructure sectors. The company delivers software innovations to customers throughout the entire value chain, from AIoT strategy definition to implementation, rollout, and operations.