Share
The EU Data Act will transform how IoT device manufacturers operate by promoting greater data transparency, accessibility, and privacy. While it may present new challenges, proactive preparation can empower manufacturers to leverage the Act as a catalyst for growth and innovation.
In recent years, the rise of IoT devices has transformed the way we navigate everyday life. These days, everything from the dishwasher in your kitchen to industrial equipment in factories is connected. But as the number of connected devices grows, so do the security risks, data management complexities, and interdependencies. These issues can create cascading problems across devices, networks, and systems, making it increasingly necessary to regulate this massive ecosystem.
To address concerns around privacy, security, and data, governments around the globe have begun rolling out regulations designed to keep consumers safe in this increasingly connected world. For IoT device manufacturers, these regulations present both challenges and opportunities. On the positive side, they offer a chance to keep customers safe and in control of their data. However, they also have significant implications on the design, development, and sale of hardware products.
Navigating regulatory requirements like the EU Data Act will require manufacturers to rethink their approach to data, security, and compliance, causing a huge shift in the way they build and maintain their products, from the first line of code that is written. The penalties for non-compliance–which can be up to €20 million or 4% of the company’s total worldwide turnover for the previous financial year–are far too big to ignore.
What is the EU Data Act designed to do?
The EU Data Act entered into force in January 2024 and becomes applicable in September 2025. It is designed to unlock access to data generated by connected devices, promote fair data sharing, and ensure that both businesses and consumers can benefit from the data they generate. When it comes to IoT devices, the ultimate goal is to create an environment that promotes innovation, ensures fair competition, and protects the rights of consumers.
But how does the EU Data Act impact device manufacturers, and what can they do to ensure compliance and avoid the various penalties associated with violations of the act?
How can you prepare for the EU Data Act?
Although the EU Data Act is not applicable until September 2025, hardware companies must start thinking about compliance and taking the necessary steps now to ensure they are meeting requirements. If you are an IoT device manufacturer, here are some things you can do to start preparing:
1. Assess data access capabilities
The EU Data Act says that:
“This Regulation ensures that users of a connected product or related service in the Union can access, in a timely manner, the data generated by the use of that connected product or related service and that those users can use the data, including by sharing them with third parties of their choice.”
🛠️ What hardware manufacturers can do: Begin by auditing your existing devices and systems to evaluate how data is collected, stored, and shared. Identify any gaps in user access that you need to address.
2. Implement data access and portability features
On top of data access, data portability is a key concern in this regulation. Your devices and platforms must offer clear mechanisms to support both.
🛠️ What hardware manufacturers can do: Compliance might involve developing APIs or collaborating with third-party data platforms to enable seamless data sharing for users.
3. Strengthen data security and privacy protocols
Cybersecurity has become increasingly important over the last few years, with companies all over the world experiencing security breaches. As data becomes more accessible, you don’t want your company to be in the headlines because of a data breach.
🛠️ What hardware manufacturers can do: Implement stronger encryption, authentication mechanisms, and monitoring systems to safeguard user data while maintaining compliance with data-sharing rules.
You will need to meet certain cybersecurity requirements for the EU Cyber Resilience Act and the US Cyber Trust Mark anyway, so you may as well get ahead of the curve.
4. Engage legal and compliance teams early
The best way to protect your organization is to ensure you have checked all the boxes and done everything you can to meet compliance.
🛠️ What hardware manufacturers can do: Work closely with legal teams to ensure your data-sharing practices comply with the EU Data Act. Regularly review your processes and stay up-to-date with any new guidance or regulatory changes as the Act evolves.
What is Memfault doing to prepare for the EU Data Act?
While Memfault is not a cybersecurity company, we have been working on ways to help IoT device manufacturers become compliant with the EU Data Act. These features won’t get you all the way there, but they will fulfill core requirements.
Here’s a run-down of new functionality that will make it easier for our customers to comply with the EU Data Act and other IoT security regulations.
1. Access and delete Memfault data related to individual devices
We are building out new functionality in Memfault making it possible for device manufacturers to access and delete any data associated with a specific device. If a user of a device would like the device maker to delete the data associated with their device and account, it will be possible by organization admins in the Memfault UI.
This is a requirement in both the EU Data Act and the US Cyber Trust Mark accreditation, which is why we are making it extremely easy for Memfault customers to do.
2. Host all your Memfault data in the EU
In line with our commitment to helping IoT device manufacturers meet key compliance requirements of the EU Data Act, we are making it possible for Memfault customers to host their data locally within the EU. This capability will be available to customers on our Enterprise plan at an additional cost.
Alongside our other announcements this launch week, this new functionality demonstrates the significant investments we are making to support our customers’ compliance efforts.
Greater Data Transparency
The EU Data Act will transform the way IoT device manufacturers operate, fueling greater data transparency, accessibility, and privacy. While it introduces new challenges, it also creates new opportunities for innovation and stronger customer relationships. By adapting device designs, data management practices, and compliance processes, IoT manufacturers can navigate this evolving landscape and ensure their products meet regulatory demands.
Proactive preparation and leveraging Memfault can help IoT device manufacturers turn the EU Data Act into a catalyst for growth and innovation, allowing them to stay ahead of the curve while delivering greater value to users.