EU Data Act Connected Product Scope FAQ

Under the Data Act, a connected product is an item that obtains, generates, or collects data concerning its use or environment and can communicate product data through an electronic communications service, a physical connection, or on-device access. The definition also excludes items whose primary function is storing, processing, or transmitting data for a party other than the user.

The practical question is whether the product itself produces or captures operational data and has a route to communicate that data. Smart-home appliances, connected cars, medical or fitness devices, industrial machinery, agricultural machinery, planes, robots, and similar sensor-equipped products are typical examples when the rest of the scope test is met.

Yes. For connected-product scope, the Data Act applies to manufacturers of connected products placed on the market in the Union and providers of related services, regardless of where those manufacturers or providers are established. It also applies to users in the Union of those connected products or related services.

The Commission FAQ explains that placing on the market happens once for each individual product after the manufacturing stage, when ownership, possession, or another property right is transferred between economic actors. Later transactions are making available on the market, not a new first placement.

Under the Data Act, a user is a natural or legal person that owns the connected product, has contractually received temporary rights to use it, or receives related services. The user can be a consumer, business, or public sector body; the key point is a stable ownership, rental, lease, or related-service position rather than casual physical interaction.

The Commission FAQ gives the example of an airplane passenger: use of a connected aircraft through a transport service does not itself transfer property-type rights over the aircraft, so the passenger is not a Data Act user of the aircraft.

Under the Data Act, a related service is a digital service, other than an electronic communications service, that is connected with the product at purchase, rent, or lease so that the product would lose one or more functions without it, or that is later connected to add, update, or adapt product functions. Software can be a related service when it is linked to product operation.

The Commission FAQ describes two practical conditions: there must be bidirectional exchange of data between the connected product and service provider, and the service must affect the product's functions, behavior, or operation. An app that adjusts light brightness or regulates a fridge temperature can be a related service; connectivity, power supply, auxiliary consulting, analytics, financial services, and regular repair or maintenance are not related services merely because they interact with the product ecosystem.

Under the Data Act, Chapter II focuses on product data and related service data that is readily available to the data holder. Product data is data generated by use of the connected product and designed to be retrievable. Related service data is data representing user actions or events related to the product during the related service.

The scope includes raw data and pre-processed data, together with relevant metadata needed to interpret and use it. Commission materials describe this as raw or pre-processed data that is readily available, such as sensor measurements, status data, timestamps, or event logs where the data holder can obtain them without disproportionate effort beyond a simple operation.

Under the Data Act, several exclusions matter. Prototypes are outside scope because their manufacturing stage has not been completed. Data that is inferred or derived from product data through additional investment, including proprietary complex algorithms, is not treated as data that must be made available under Chapter II unless the parties agree otherwise.

The Data Act also distinguishes connected-product data from content. If a user watches a film on a smart TV, the film itself is not the Chapter II product data, but product-generated data such as screen brightness may be in scope if otherwise readily available. Data generated by infrastructure that the user does not own, rent, lease, or otherwise have rights over is not pulled into scope merely because the user's connected product uses that infrastructure.

Article 7 of the Data Act creates an important Chapter II limitation. The Chapter II obligations do not apply to data generated through connected products manufactured or designed, or related services provided, by a microenterprise or small enterprise, if the linked-enterprise and subcontracting conditions in Article 7 are satisfied.

The same Article also covers data generated through connected products manufactured by, or related services provided by, an enterprise that has qualified as a medium-sized enterprise for less than one year, and connected products for one year after they were placed on the market by a medium-sized enterprise. This is a narrow status-and-timing check; it should not be generalized into an SME exemption for every data-sharing issue.

If the connected product or related service is in scope, Article 3 of the Data Act requires product data and related service data, including relevant metadata, to be designed or provided so that they are easily, securely, free of charge, and in a comprehensive, structured, commonly used, machine-readable format accessible to the user, where relevant and technically feasible directly.

Before contracts for a connected product or related service are concluded, the seller, rentor, lessor, or related-service provider must provide clear information about the type, format, volume, frequency, storage, retention, access or retrieval arrangements, data-holder identity, trade-secret status where relevant, and third-party sharing process. Where direct access is not available, Article 4 requires the data holder to make readily available data accessible to the user on request.

Use Data Act examples that separate the product, the user, the data holder, and the data. A company operating a connected bulldozer may be the user, while the bulldozer manufacturer is typically the data holder. A connected fridge with an app can involve two data holders: the entity placing the fridge on the market and the provider of the related app.

Vehicle and infrastructure examples are useful because they show the boundary. If a vehicle receives data from roadside sensors or records road conditions and the vehicle data holder has access to that data, the vehicle user may request the vehicle data. But driving on a road does not make the driver a Data Act user of the road infrastructure sensors.

A useful Data Act scope file should be narrow: product identifier, EU market-placement basis, manufacturer or designer, related-service provider if any, user categories, data holder, generated data categories, readiness of access, exclusions applied, and source citation. It should be written so product, legal, engineering, support, and sales teams can apply the same classification.

For each product family, keep the architecture facts that support the decision: sensor list, data fields, metadata, communication routes, storage location, retention period, whether direct access is technically feasible, and where customer disclosures describe access and third-party sharing. If the answer relies on Article 7 SME status, keep the linked-enterprise, subcontracting, and timing evidence.

Keep the Data Act legal basis and the practical facts together. For each scope decision, store the cited clause or recital, the Commission guidance relied on, the product family or service, the data categories involved, the trigger for the review, and the person who approved the classification.

A concise evidence file should also preserve the source URL, the date of the decision, any unresolved assumptions, and the implementation artifact that reflects the conclusion. That makes the classification auditable when the product design, data flow, or contract changes.

Assign one accountable owner who can change the affected process under the Data Act, then record the supporting teams separately. Legal, product, procurement, cloud, support, and security may all be involved, but the scope file should name a single owner for follow-up.

The owner should be the person who can update the product record when architecture, contractual terms, or data flows change and who can trigger a new review when the scope facts move.