Section 1: What does the EU Data Act actually change for home appliance manufacturers?

What is the EU Data Act?

The EU Data Act (Regulation (EU) 2023/2854) is a horizontal regulation governing who can access and use data generated by connected products and related services. It applies across sectors, but its most direct impact falls on manufacturers of IoT-connected hardware‚ including home appliances.

The EU Data Act requires that data generated by connected products must be accessible to users by default, shareable with third parties upon user request, and handled under clear, enforceable data access rules.

The regulation is now in force. The full text is available here.

Key obligations for home appliance manufacturers

1. Data accessibility by design. Products must be designed so that users can access the data they generate. If your connected washing machine logs cycle data, energy consumption, or fault codes, that data belongs to the user‚ and must be retrievable.
2. Third-party data sharing upon request. Users must be able to direct manufacturers to share their product data with any third party they choose. This includes insurance companies, energy management platforms, and independent repair workshops‚ not just OEM-approved service partners.
3. Non-discriminatory access.Third parties receiving data under user consent must receive it under fair, reasonable, and non-discriminatory (FRAND) conditions. Manufacturers cannot give their own affiliates preferential data access.
4. Portability and standardization. Data must be provided in a machine-readable format. For companies without a structured data catalog or API layer, this is a significant technical build.
5. Right to repair implications. One of the most consequential elements for home appliances: users can share diagnostic and usage data with any repair service, not just the manufacturer's network. This breaks a longstanding lock-in mechanism.

What happens if you don't comply?

The Data Act leaves enforcement to each Member State’s national authority. A single incident could trigger parallel investigations in multiple countries with materially different fine structures -Germany’s draft rules and Malta’s legislation already diverge significantly.

Section 2: The operational challenges behind EU Data Act compliance for home appliances

What are the biggest compliance gaps for connected product manufacturers?

Understanding the regulation is step one. Building the infrastructure to comply‚ at scale, for millions of devices, across multiple markets‚ is where most organizations run into trouble.

"We have the data, but not the access layer"

Most home appliance manufacturers collect product data. The challenge is not generation, it is structured, secure, and auditable exposure. Existing data lakes and telemetry pipelines were not built to handle consent-gated, per-device, per-user, per-third-party data access. Retrofitting them is expensive and slow.

Key pain points:

- No unified data catalog mapping datasets to device types

- No consent management layer tied to the data pipeline

- No audit log for who accessed what data, and when

"We need to demonstrate it, not just do it"

Compliance is not self-certifying. Supervisory authorities will ask for evidence: records of consent, logs of data transfers, documented data retention policies. Without a system that generates these records automatically, compliance becomes a manual, fragile process dependent on spreadsheets and email chains.

Key pain points:

- No centralized record of user data sharing approvals and revocations

- No automated trail for third-party access requests

- No mechanism to enforce FRAND conditions at the data-transfer level

"We can't build this and also ship product features"

For product teams, the EU Data Act is a platform requirement dropped into an already full roadmap. Building a compliant data sharing portal, with user-facing consent flows, partner onboarding, API access, and an admin panel‚ is a multi-quarter engineering project. Most product organizations do not have that bandwidth.

Key pain points:

- Consumer-facing data portals require significant UX investment

- Partner onboarding and access management is operationally complex

- Pricing and monetization of data access has no existing infrastructure

Section 3: How Databoostr Addresses EU Data Act Compliance for Home Appliances

Databoostr is a data sharing and monetization platform designed specifically for manufacturers of connected products. Here is how the platform maps to the compliance requirements outlined above.

What does Databoostr actually do?

Databoostr helps manufacturers turn product usage data into a secure, reliable, compliant data stream while meeting EU Data Act obligations‚ without requiring manufacturers to build the infrastructure themselves.

The system is divided into two portals:  B2C portal for device owners and B2B portal for commercial data partners.

B2C Portal: User-facing data access and consent management

The customer portal gives device owners a real-time view of all their connected appliances‚ including serial numbers, registration data, and device type. Users can:

- Request their own data by selecting a device, choosing a dataset (e.g., accessories data, performance diagnostics, usage metrics), and specifying a data period. This directly satisfies the data accessibility obligation under Article 4 of the EU Data Act.

- Manage third-party access - when a partner‚ an insurer, an energy platform, a repair service‚ requests access to a user's device data, the user sees the request here and can approve or revoke it with a single action.

- Share data manually to any third party of their choosing, not just pre-registered partners. This satisfies the right-to-repair sharing requirement: a user can send diagnostic data to an independent workshop without going through the manufacturer's service network.

The data catalog within the B2C portal shows users exactly which signals their device generates, what datasets are available, the retention period, and average daily data volume. This level of transparency is foundational to the EU Data Act's informed-consent model.

B2B Portal: Partner access, data streaming, and transaction management

For commercial data users‚ insurers, energy companies, maintenance providers, the B2B portal handles the full lifecycle of data access requests.

Partners can:

- Import device lists in bulk via CSV or XLSX, enabling them to request access across large customer fleets without manual entry.

- Track request status across pending, approved, and expired requests from a single dashboard.

- Access real-time data via streaming connectors, configurable per device type and per dataset. This is critical for partners who need live telemetry, fault monitoring, energy consumption tracking, predictive maintenance signals.

The transaction summary layer records price per data catalog, per partner, per month. Pricing is configured in the admin panel and can differ by partner type‚ enabling manufacturers to apply FRAND pricing at the system level, not as a manual agreement process.

Admin Panel: System-level governance

The admin panel gives the manufacturer's internal teams control over:

- Partner registration and management

- Data catalog configuration (datasets, signals, retention policies)

- Pricing per catalog and per partner category

- Operational monitoring and support dashboards

Section 4: What you gain from Databoostr?

For Heads of Data

- Structured data catalog mapped to device types and signal categories, with retention periods and volume metrics built in

- Consent-gated data pipeline ‚no direct exposure of raw data infrastructure to external parties

- Real-time streaming connectors for partners who require live telemetry, configurable per device type and dataset

- Audit trail of all data transfers, timestamps, and access statuses

For Heads of Compliance

- Automated consent records ‚every user approval and revocation is logged with a timestamp

- Third-party access management that enforces the FRAND principle through configurable, catalog-level pricing

- Built-in EU Data Act guidelines surfaced in the user-facing portal, supporting informed consent

- Revocation capability ‚users can withdraw third-party access at any time, and the system enforces it immediately

For Heads of Product

- Ready-to-deploy B2C portal ‚no internal engineering required for user-facing data access flows

- Partner onboarding handled at the platform level ‚B2B registration, request management, and access control are out of the box

- Monetization infrastructure ‚pricing per data catalog and partner type is configured in the admin panel, not coded per integration

- Configurable content ‚FAQ sections, data act guidance, and additional tabs can be updated without a code release

Summary: EU Data Act compliance is an infrastructure problem

The EU Data Act for home appliances is not a policy document that legal teams can simply sign off on. It requires a functioning system: consent management, data access portals, partner onboarding, audit logging, and pricing governance‚ all tied together and operational at scale.

Most home appliance manufacturers are not in the business of building data platforms. Databoostr exists to close that gap‚ providing the infrastructure layer so that manufacturers can meet their EU Data Act obligations without diverting product engineering resources to compliance plumbing.

If you are evaluating how to make your connected product portfolio compliant, or if you are already past the deadline and need to move quickly, Databoostr offers a product demo tailored to home appliance use cases.

Request a demo to see how Databoostr maps to your specific compliance requirements.

FAQ

What is the EU Data Act and when does it apply?

The EU Data Act (Regulation (EU) 2023/2854) is an EU regulation that governs access to and use of data generated by connected products and related services. It became applicable on September 12, 2025, and applies to all manufacturers placing connected products on the EU market.

Which home appliances are covered by the EU Data Act?

Any connected product that generates data by virtue of its use is covered. This includes smart washing machines, dishwashers, ovens, heat pumps, air purifiers, refrigerators, and any other IoT-enabled home appliance sold in the EU.

What are the key data sharing obligations for home appliance manufacturers?

Manufacturers must make product-generated data accessible to users, allow users to share that data with third parties upon request, apply FRAND (fair, reasonable, and non-discriminatory) conditions to third-party data access, and provide data in a machine-readable format.

How does Databoostr help manufacturers comply with the EU Data Act?

Databoostr provides a ready-to-deploy data sharing platform with a user-facing B2C portal for consent management and data access, a B2B portal for commercial partner access, real-time data streaming connectors, and an admin panel for pricing, catalog management, and audit logging ‚all aligned with EU Data Act requirements.

Can third-party repair workshops access appliance data under the EU Data Act?

Yes. The EU Data Act includes provisions that support the right to repair: users can direct manufacturers to share diagnostic and usage data with any third-party repair service, not just OEM-approved workshops. Databoostr supports this flow through its manual data sharing feature in the B2C portal.

‍

Key facts

Why wasn't product data access designed for regulated sharing?

In industrial manufacturing, the Data Act obligation applies to data generated by the use of the product-telemetry, logs, performance metrics, or error events produced by an industrial robot operating in      a customer's plant.

In practice, this data is handled through the product's own technical stack: controllers, gateways, edge collectors, embedded software, OEM applications, and sometimes manufacturer-operated cloud or service platforms. These components are designed to operate the product, support maintenance, and enable value-added services-not to serve as regulated access points for external data consumers.

According to Latham &Watkins, "The EU Data Act is the most significant overhaul of European data law since the GDPR, with its impact being more disruptive than the EU AIAct." The regulation introduces a fundamentally different access paradigm: data access becomes externally initiated, user-directed, and subject to legal and contractual constraints.

Requests may be episodic or continuous, may involve third parties, and must be handled consistently across products, customers, and jurisdictions. Product runtime and service systems are simply not designed to absorb external variability, enforce regulatory access logic, or act as governed interfaces to broader data ecosystems.

How to decouple data sharing from product systems?

A dedicated Data Act enablementlayer reframes the problem entirely. It introduces a buffered, governedboundary between product-generated data and external data consumers.

Product data is collected, normalized, and exposed through this layer-not directly from controllers, gateways, or operational service components. External users never interact with the product runtime itself. They interact with a controlled access surface that enforces policy, security, scope, and contractual constraints by design.

As Gibson Dunn notes, "TheData Act will touch companies of all sizes in almost every sector of theEuropean economy, including manufacturers of smart consumer devices, cars, connected industrial machinery, smart fridges and other home appliances."

This decoupling allows manufacturers to evolve compliance logic independently from product software and service architectures, protecting both product integrity and regulatory readiness.

Why does scalable compliance benefit from robust data access infrastructure?

The Data Act does not create a single access event. It creates a continuous expectation of availability. Users and third parties may request data at different times, at different scales, and for different purposes.

Meeting these obligations at scale requires robust data access infrastructure as a regulatory capability-not just a developer convenience.

Rate limiting, throttling, monitoring, and fair-access enforcement are essential controls for meeting obligations without destabilizing product or service operations. By centralizing these mechanisms, a dedicated enablement layer allows manufacturers to respond predictably to demand without redesigning product integrations for each new request.

What access models does industrial data sharing require?

Industrial data sharing spansdistinct interaction models:

A dedicated data access layer supports both models cleanly-enabling controlled, request-based access where appropriate and governed event-based distribution where justified-while insulating product operation from variability.

Why do manual compliance solutions fail at scale?

Many manufacturers initially respond to Data Act requests using familiar mechanisms: spreadsheet exports, manual data pulls, or custom APIs built for specific customers. These approaches may work in isolation, but they do not survive repetition.

Each manual exception introduces inconsistency, draws engineering teams into compliance activities, and weakens auditability.

Critically, the Data Act is not an isolated requirement. Manufacturers are already facing-or will soon face-additional, structurally similar obligations:

Treating each obligation as a separate exception multiplies complexity. Only standardized, repeatable, and automated mechanisms can support this shift without turning compliance into a permanent operational bottleneck.

How to move beyond product-by-product compliance?

Without a shared enablement layer, Data Act logic is implemented repeatedly-product by product, customer by customer, and integration by integration. This fragments behavior across the product portfolio and makes governance increasingly difficult.

A centralized approach allows manufacturers to implement Data Act rules once and apply them consistently across product lines, deployments, and markets.

Compliance becomes an architectural capability rather than a feature of individual products.

How to enable compliance without compromising product operation?

The most important requirement remains unchanged: compliance must not interfere with how products operate inthe field. Industrial products cannot absorb regulatory experimentation or unstable access patterns.

By decoupling regulated data sharing from product runtime and service systems, manufacturers can meet DataAct obligations while preserving safety, reliability, and performance. A dedicated enablement layer acts as a governed interface between product-generated data and the outside world.

What's at stake: from tactical fixes to architectural readiness

The EU Data Act is not temporary. Expectations around product data access will continue to grow as industrial data ecosystems mature.

The European Commission projects the EU data economy will reach €743–908 billion by 2030, up from €630 billion in 2025. Manufacturers that invest in a dedicated Data Act enablement layer gain predictable compliance, scalable data sharing, and long-term architectural resilience.

Those that rely on tactical fixes will find that each new request increases cost, complexity, and operational risk.

Frequently Asked Questions

When does the EU Data Act come into effect?

The EU Data Act became enforceable on September 12, 2025. Companies selling connected products in theEU must be compliant by this date. Design requirements for new products apply from September 12, 2026.

What data must manufacturers share under the Data Act?

Manufacturers must provide access to data generated by the use of connected products, including telemetry, logs, performance metrics, sensor readings, and error events. This applies to both personal and non-personal data that is "readily available"without disproportionate effort.

What are the penalties for non-compliance?

Penalties can reach up to €20million or 4% of global annual turnover, whichever is higher. This mirrors theGDPR penalty structure. Additionally, the Data Act allows for collective civil lawsuits similar to US class actions.

Does the Data Act apply to B2B products?

Yes. The regulation applies to all connected products sold in the EU, regardless of whether customers are consumers or businesses. Industrial machinery, manufacturing equipment, and B2BIoT devices are all in scope.

Does the Data Act require a specific technical architecture?

No. The Data Act specifies what out comes must be achieved... A dedicated data access layer is one architectural approach that can help meet these requirements, but it is not mandated by the regulation itself.

How is the Data Act different from GDPR?

GDPR focuses on personal data protection and minimization. The Data Act focuses on access rights to product-generated data, including non-personal industrial data. Both regulations can apply simultaneously-where personal data is involved, GDPR requirements also apply.

What is a Digital Product Passport and how does it relate to the Data Act?

Digital Product Passports(DPPs) are digital records containing product lifecycle data, materials, and sustainability information. Starting February 2027 for batteries and expanding to other product categories, DPPs represent a parallel data-sharing obligation that will benefit from the same architectural approach as Data Act compliance.

If we look at the claims adjustment domain from a high-level perspective, we will surely notice it is a very complex set of elements: processes, data, activities, documents, systems, and many others, depending on each other. There are many people who are involved in the process and in many cases, they struggle with a lot of inefficiency in their daily work. This is exactly where AI comes to help. AI-based solutions and mechanisms can automate, simplify, and speed up many parts of the claims adjustment process, and eventually reduce overall adjustment costs.

The claims adjustment process

Let's look at the claims adjustment process in more detail. There are multiple steps on the way: when an event that causes a loss for the customer occurs, the customer notifies the insurance company about the loss and files a claim. Then the company needs to gather all the information and documentation to understand the circumstances, assess the situation, and eventually be able to validate their responsibility and estimate the loss value. Finally, the decision needs to be made, and appropriate parties, including the customer, need to be notified about the result of the process.

At each step of this process, AI can not only introduce improvements and optimizations but also enable new possibilities and create additional value for the customer .

Let’s dive into a few examples of potential AI application to claims adjustment process in more detail.

Automated input management

The incoming correspondence related to claims is very often wrongly addressed. Statistics show that on average, 35% of messages is incorrectly addressed. A part of them is sent to a generic corporate inbox, next ones to wrong people, or sometimes even to entirely different departments. That causes a lot of confusion and requires time to reroute the message to the correct place.

AI can be very helpful in this scenario - an algorithm can analyze the subject and the content of the message, look for keywords such as claim ID, name of the customer, policy number , and automatically reroute the message to the correct recipient. Furthermore, the algorithm can analyze the context and detect if it is a new claim report or a missing attachment that should be added to an already-filed claim. Such a solution can significantly improve the effectiveness and speed up the process.

Automated processing of incoming claims

The automation of processing of incoming documents and messages could be taken one step further. What if we used an AI algorithm to analyze the content of the message? A claim report can be sent using an official form, but also as a plain email message or even as a scanned paper document – the solution could analyze the document and extract the key information about the claim so that it can be automatically added to the claim registry system. Simultaneously the algorithm could check if all the needed data, documents, and attachments are provided and if not, notify the reporter appropriately. In a "traditional" approach, this part is often manual and thus takes a lot of time. Introducing an AI-based mechanism here would drastically reduce the amount of manual work, especially in the case of well-defined and repeatable causes, e.g., car insurance claims.

Verification of reported damage

Appraisal of the filed claim and verification of reported damage is another lengthy step in the claim adjustment process. The adjuster needs to verify if the reported damage is true and if the reported case includes those that occurred previously. Computer vision techniques can be used here to automate and speed up the process - e.g., by analyzing pictures of the car taken by the customer after the accident or analyzing satellite or aerial photos of a house in case of property insurance.

Verification of incurred costs

AI-driven verification can also help identify fraudulent operations and recognize costs that are not related to the filed claim. In some cases, invoices presented for reimbursement include items or services which should not be there or which cost is calculated using too high rates. AI can help compare the presented invoices with estimated costs and indicate inflated rates or excess costs - in case of medical treatment or hospital stay. Similarly, the algorithm can verify whether the car repair costs are calculated correctly by analyzing the reported damage and comparing an average rate for corresponding repair services with the presented rate.

Such automated verification helps flag potentially fraudulent situations and saves adjuster's time. letting them focus only on those unclear cases rather than analyze each one manually.

Accelerate online claims reporting with automated VIN recognition

In the current COVID-19 situation, digital services and products are becoming critical for all the industries. Providing policyholders with the capability to effectively use online channels and virtual services is essential for the insurance industry as well.

One of our customers wanted to speed up the processing of claims reported through their mobile application. The insurer faced a challenging issue, as 8% of claims reported through the mobile application were rejected due to the bad quality of VIN images. Adjusters had problems with deciphering the Vehicle Identification Number and had to request the same information from the customer. The whole process was unnecessarily prolonged and frustrating for the policyholder.

By introducing a custom machine learning model, trained specifically for VIN recognition instead of a generic cloud service, our customer increased VIN extraction accuracy from 60% to 90% , saving on average 1,5 h per day for each adjuster. Previously rejected claims can be now processed quicker and without asking policyholders for the information they already provided resulting in increased NPS and overall customer satisfaction.

https://www.youtube.com/watch?v=oACNXmlUgtY

Those are just a few examples of how AI can improve claims adjustments. If you would like to know more about leveraging AI technologies to help your enterprises improve your business, tell us about your challenges and we will jointly work on tackling them .