Acm.nl uses cookies to analyze how the website is used, and to improve the user experience. Read more about cookies

ACM is now authorized to enforce the Data Act

Summary

  • ACM is now authorized to enforce the European Data Act.
  • This act promotes data-sharing, and makes it easier to switch or connect cloud services.
  • In the coming months, ACM will focus heavily on education.

As the Dutch implementing act came into effect on 21 November, the Netherlands Authority for Consumers and Markets (ACM) has since been authorized to enforce compliance with the European Data Act. With this act, users have more control over data from ‘smart devices’. In addition, it becomes easier to switch cloud providers as well as to connect different cloud services to each other. That creates opportunities for more competition and innovation. ACM finds it important that businesses and people are properly informed of their rights and obligations in the Data Act, and therefore puts emphasis on education. Going forward, ACM can take enforcement action where necessary.

The European Data Act (Data regulation) has two important topics. First, the Data Act offers businesses, consumers, and governments more opportunities to use data from smart devices, and to share these with businesses of their choice, for example, data from smart devices that collect information and that are connected to the internet, such as inverters for solar panels, and cars. Previously, that data was often only available to manufacturers of such devices. In practice, this means that a car’s owner gets access to the data that their car collects and, for example, is able to share that with a car repair shop of their choice. The car owner thus does not necessarily have to go to the manufacturer’s dealership.

In addition, the Data Act is meant to take away barriers that may impede switching between cloud services. Users are also able to combine their cloud services more easily, as services can be connected more easily (referred to as ‘interoperability’).

In the Digital Omnibus proposal, which the European Commission recently presented, several minor adjustments to the Data Act have been put forward. If this proposal is finalized, and the Dutch legislature has adjusted the Data Regulation Implementing Act (in Dutch: Uitvoeringswet Dataverordening), ACM will, where necessary, adjust its oversight accordingly, and inform market participants on time about any consequences thereof.

Oversight

ACM enforces compliance with the Data Act among cloud providers and providers of smart devices that have their headquarters in the Netherlands. ACM will conduct oversight over how businesses give access to the data from smart devices, and how they handle requests for sharing data. One important point for attention for ACM is that businesses offer transparency to consumers and other businesses about the data that is collected, and about the way in which access to such data is given. In 2026, ACM will provide information about and launch a study into the compliance with this information obligation. In addition, ACM focuses on a dialog with the cloud sector about any switching barriers or other barriers related to connecting different services.

Education and guidelines for businesses

To put businesses on their way and to help the sector evolve, ACM has developed various educational products. In September this year, ACM already published draft guidelines for businesses in connection with the Data Act, which has been published for consultation among market participants. With these guidelines, ACM helps businesses comply with the new rules as well as seize opportunities for data-driven innovation.

File reports with ACM

If businesses or consumers believe that their rights are being violated, they can file a report with ACM. Violations may include situations where a business does not give a user access to the data of a smart device, or where users of a cloud service feel they are facing switching barriers. Such reports help ACM and other regulators in Europe be able to take enforcement action effectively.

In its enforcement of the Data Act, ACM works together with European regulators in order to be able to tackle cross-border problems too. In the Netherlands, ACM works together with the Dutch Data Protection Authority (AP), which has been charged with enforcement of the provisions that are connected to the GDPR. Think of complaints about sharing a data set that also contains personal data. In addition, the AP has also been designated as the regulator for data requests by government organizations in extremely exceptional cases.

See also

Back to top