• |

Apr. 15, 2026

What the E.U. Data Act Means for IoT Businesses Operating in Europe

  • Mark Coakley
    Cybersecurity Law Report
In the European Union, under the E.U. Data Act (Act), IoT data now belongs to users. Most provisions of the Act, which sets new rules for U.S. and other non-E.U. companies that do IoT-related business in Europe, came into force in September 2025. Together with other E.U. laws and sector regulations, the Act creates a complex and multilayered compliance landscape in the E.U., presenting companies with GDPR-level financial risk, as well as exposure to class actions and legal claims from competitors. This article, distilling insights offered by Baker Botts and Faegre Drinker Biddle & Reath partners during a BARBRI program, analyzes key elements of the Act and offers compliance guidance. See our two-part series on Cybersecurity Obligations in E.U.’s digital laws: “AI Act, CRA and NIS2” (Sep. 4, 2024), and “Data Act, DORA and Compliance Steps” (Sep. 11, 2024).

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Trailblazing Women – Contributions, Achievements and Observations of Outstanding Leaders

To mark International Women’s Day, Law Report Group editors, along with our colleagues across ION Analytics’ products, interviewed outstanding women in the industries and jurisdictions we cover. In this article, Jill Abitbol, Robin Barton, Rorie Norton and Megan Zwiebel profile notable women in the data privacy, cybersecurity, AI, private funds and anti-corruption law fields, including (i) Paula Howell Anderson, (ii) Gwendolyn Lee Hassan, (iii) Audrey Koh, (iv) Stacy Feuer, (v) Heather Egan, (vi) Jeewon Serrato, (vii) Stephanie Breslow, (viii) Anne Choe, (ix) Heather Wyckoff, (x) Angie Batterson, (xi) Jacqueline Eaves, and (xii) C. Dabney O’Riordan.

Enjoy reading their inspiring remarks here.