EU Data Act for home appliances manufacturers: How Databoostr turns compliance into a data advantage
Section 1: What does the EU Data Act actually change for home appliance manufacturers?
What is the EU Data Act?
The EU Data Act (Regulation (EU) 2023/2854) is a horizontal regulation governing who can access and use data generated by connected products and related services. It applies across sectors, but its most direct impact falls on manufacturers of IoT-connected hardware‚ including home appliances.
The EU Data Act requires that data generated by connected products must be accessible to users by default, shareable with third parties upon user request, and handled under clear, enforceable data access rules.
The regulation is now in force. The full text is available here.
Key obligations for home appliance manufacturers
- Data accessibility by design. Products must be designed so that users can access the data they generate. If your connected washing machine logs cycle data, energy consumption, or fault codes, that data belongs to the user‚ and must be retrievable.
- Third-party data sharing upon request. Users must be able to direct manufacturers to share their product data with any third party they choose. This includes insurance companies, energy management platforms, and independent repair workshops‚ not just OEM-approved service partners.
- Non-discriminatory access.Third parties receiving data under user consent must receive it under fair, reasonable, and non-discriminatory (FRAND) conditions. Manufacturers cannot give their own affiliates preferential data access.
- Portability and standardization. Data must be provided in a machine-readable format. For companies without a structured data catalog or API layer, this is a significant technical build.
- Right to repair implications. One of the most consequential elements for home appliances: users can share diagnostic and usage data with any repair service, not just the manufacturer's network. This breaks a longstanding lock-in mechanism.
What happens if you don't comply?
The Data Act leaves enforcement to each Member State’s national authority. A single incident could trigger parallel investigations in multiple countries with materially different fine structures -Germany’s draft rules and Malta’s legislation already diverge significantly.
Section 2: The operational challenges behind EU Data Act compliance for home appliances
What are the biggest compliance gaps for connected product manufacturers?
Understanding the regulation is step one. Building the infrastructure to comply‚ at scale, for millions of devices, across multiple markets‚ is where most organizations run into trouble.
"We have the data, but not the access layer"
Most home appliance manufacturers collect product data. The challenge is not generation, it is structured, secure, and auditable exposure. Existing data lakes and telemetry pipelines were not built to handle consent-gated, per-device, per-user, per-third-party data access. Retrofitting them is expensive and slow.
Key pain points:
- No unified data catalog mapping datasets to device types
- No consent management layer tied to the data pipeline
- No audit log for who accessed what data, and when
"We need to demonstrate it, not just do it"
Compliance is not self-certifying. Supervisory authorities will ask for evidence: records of consent, logs of data transfers, documented data retention policies. Without a system that generates these records automatically, compliance becomes a manual, fragile process dependent on spreadsheets and email chains.
Key pain points:
- No centralized record of user data sharing approvals and revocations
- No automated trail for third-party access requests
- No mechanism to enforce FRAND conditions at the data-transfer level
"We can't build this and also ship product features"
For product teams, the EU Data Act is a platform requirement dropped into an already full roadmap. Building a compliant data sharing portal, with user-facing consent flows, partner onboarding, API access, and an admin panel‚ is a multi-quarter engineering project. Most product organizations do not have that bandwidth.
Key pain points:
- Consumer-facing data portals require significant UX investment
- Partner onboarding and access management is operationally complex
- Pricing and monetization of data access has no existing infrastructure
Section 3: How Databoostr Addresses EU Data Act Compliance for Home Appliances
Databoostr is a data sharing and monetization platform designed specifically for manufacturers of connected products. Here is how the platform maps to the compliance requirements outlined above.
What does Databoostr actually do?
Databoostr helps manufacturers turn product usage data into a secure, reliable, compliant data stream while meeting EU Data Act obligations‚ without requiring manufacturers to build the infrastructure themselves.
The system is divided into two portals: B2C portal for device owners and B2B portal for commercial data partners.
B2C Portal: User-facing data access and consent management
The customer portal gives device owners a real-time view of all their connected appliances‚ including serial numbers, registration data, and device type. Users can:
- Request their own data by selecting a device, choosing a dataset (e.g., accessories data, performance diagnostics, usage metrics), and specifying a data period. This directly satisfies the data accessibility obligation under Article 4 of the EU Data Act.
- Manage third-party access - when a partner‚ an insurer, an energy platform, a repair service‚ requests access to a user's device data, the user sees the request here and can approve or revoke it with a single action.
- Share data manually to any third party of their choosing, not just pre-registered partners. This satisfies the right-to-repair sharing requirement: a user can send diagnostic data to an independent workshop without going through the manufacturer's service network.
The data catalog within the B2C portal shows users exactly which signals their device generates, what datasets are available, the retention period, and average daily data volume. This level of transparency is foundational to the EU Data Act's informed-consent model.
B2B Portal: Partner access, data streaming, and transaction management
For commercial data users‚ insurers, energy companies, maintenance providers, the B2B portal handles the full lifecycle of data access requests.
Partners can:
- Import device lists in bulk via CSV or XLSX, enabling them to request access across large customer fleets without manual entry.
- Track request status across pending, approved, and expired requests from a single dashboard.
- Access real-time data via streaming connectors, configurable per device type and per dataset. This is critical for partners who need live telemetry, fault monitoring, energy consumption tracking, predictive maintenance signals.
The transaction summary layer records price per data catalog, per partner, per month. Pricing is configured in the admin panel and can differ by partner type‚ enabling manufacturers to apply FRAND pricing at the system level, not as a manual agreement process.
Admin Panel: System-level governance
The admin panel gives the manufacturer's internal teams control over:
- Partner registration and management
- Data catalog configuration (datasets, signals, retention policies)
- Pricing per catalog and per partner category
- Operational monitoring and support dashboards
Section 4: What you gain from Databoostr?
For Heads of Data
- Structured data catalog mapped to device types and signal categories, with retention periods and volume metrics built in
- Consent-gated data pipeline ‚no direct exposure of raw data infrastructure to external parties
- Real-time streaming connectors for partners who require live telemetry, configurable per device type and dataset
- Audit trail of all data transfers, timestamps, and access statuses
For Heads of Compliance
- Automated consent records ‚every user approval and revocation is logged with a timestamp
- Third-party access management that enforces the FRAND principle through configurable, catalog-level pricing
- Built-in EU Data Act guidelines surfaced in the user-facing portal, supporting informed consent
- Revocation capability ‚users can withdraw third-party access at any time, and the system enforces it immediately
For Heads of Product
- Ready-to-deploy B2C portal ‚no internal engineering required for user-facing data access flows
- Partner onboarding handled at the platform level ‚B2B registration, request management, and access control are out of the box
- Monetization infrastructure ‚pricing per data catalog and partner type is configured in the admin panel, not coded per integration
- Configurable content ‚FAQ sections, data act guidance, and additional tabs can be updated without a code release
Summary: EU Data Act compliance is an infrastructure problem
The EU Data Act for home appliances is not a policy document that legal teams can simply sign off on. It requires a functioning system: consent management, data access portals, partner onboarding, audit logging, and pricing governance‚ all tied together and operational at scale.
Most home appliance manufacturers are not in the business of building data platforms. Databoostr exists to close that gap‚ providing the infrastructure layer so that manufacturers can meet their EU Data Act obligations without diverting product engineering resources to compliance plumbing.
If you are evaluating how to make your connected product portfolio compliant, or if you are already past the deadline and need to move quickly, Databoostr offers a product demo tailored to home appliance use cases.
Request a demo to see how Databoostr maps to your specific compliance requirements.
FAQ
What is the EU Data Act and when does it apply?
The EU Data Act (Regulation (EU) 2023/2854) is an EU regulation that governs access to and use of data generated by connected products and related services. It became applicable on September 12, 2025, and applies to all manufacturers placing connected products on the EU market.
Which home appliances are covered by the EU Data Act?
Any connected product that generates data by virtue of its use is covered. This includes smart washing machines, dishwashers, ovens, heat pumps, air purifiers, refrigerators, and any other IoT-enabled home appliance sold in the EU.
What are the key data sharing obligations for home appliance manufacturers?
Manufacturers must make product-generated data accessible to users, allow users to share that data with third parties upon request, apply FRAND (fair, reasonable, and non-discriminatory) conditions to third-party data access, and provide data in a machine-readable format.
How does Databoostr help manufacturers comply with the EU Data Act?
Databoostr provides a ready-to-deploy data sharing platform with a user-facing B2C portal for consent management and data access, a B2B portal for commercial partner access, real-time data streaming connectors, and an admin panel for pricing, catalog management, and audit logging ‚all aligned with EU Data Act requirements.
Can third-party repair workshops access appliance data under the EU Data Act?
Yes. The EU Data Act includes provisions that support the right to repair: users can direct manufacturers to share diagnostic and usage data with any third-party repair service, not just OEM-approved workshops. Databoostr supports this flow through its manual data sharing feature in the B2C portal.
Data Sharing & Monetization Platform
Databoostr - your customized solution for handling data sharing challenges
Check related articles
Read our blog and stay informed about the industry's latest trends and solutions.
Challenges of EU Data Act in Home Appliance business
As we enter 2026, the EU Data Act (Regulation (EU) 2023/2854), which is now in force across the entire European Union, is mandatory for all "connected" home appliance manufacturers. It has been applicable since 12 September 2025.
Compared to other industries, like automotive or agriculture, the situation is far more complicated. The implementation of connected services varies between manufacturers, and lack of connectivity is not often considered an important factor, especially for lower-segment devices.
The core approaches to connectivity in home appliances are:
- Devices connected to a Wi-Fi network and constantly sharing data with the cloud.
- Devices that can be connected via Bluetooth and a mobile app (these devices technically expose a local API that should be accessible to the owner).
- Devices with no connectivity available to the customer (no mobile app), but still collecting data for diagnostic and repair purposes, accessible through an undocumented service interface.
- Devices with no data collection at all (not even diagnostic data).
Apart from the last bullet point, all of the mentioned approaches to building smart home appliances require EU Data Act compliance, and such devices are considered "connected products", even without actual internet connectivity.
The rule of thumb is: if there is data collected by the home appliance or a mobile app associated with its functions, it falls under the EU Data Act.
Short overview of the EU Data Act
To make the discussion more concrete, it helps to name the key roles and the types of data upfront. Under EU Data Act, the user is the person or entity entitled to access and share the data; the data holder is typically the manufacturer and/or provider of the related service (mobile app, cloud platform); and a data recipient is the third party selected by the user to receive the data. In home appliances, “data” usually means both product data (device signals, status, events) and related-service data (app/cloud configuration, diagnostics, alerts, usage history, metadata), and access often needs to cover both historical and near-real-time datasets.
Another important dimension is balancing data access with trade secrets, security, and abuse prevention. Home appliances are not read-only devices. Many can be controlled remotely, and exposing interfaces too broadly can create safety and cybersecurity risks, so strong authentication and fine-grained authorization are essential. On top of that, direct access must be robust: rate limiting, anti-scraping protections, and audit logs help prevent misuse. Direct access should be self-service, but not unrestricted.
Current market situation
As of January 2026, most home appliance manufacturers (over 85% of the 40 manufacturers researched, responsible for 165 home appliance brands currently present on the European market) either provide data access through a manual process (ticket, contact form, email, chatbot) or do not recognize the need to share data with the owner at all.
If we look at the market from the perspective of how manufacturers treat the requirements the EU Data Act imposes on them, we can see that only 12.5% of the 40 companies researched (which means 5 manufacturers) provide full data access with a portal allowing users to easily access their data in a self-service manner (green on the chart below). 55% of the companies researched (yellow on the diagram below) recognize the need to share data with their customers, but only as a manual service request or email, not in an automated or direct way.
The red group (32.5%) consists of manufacturers who, according to our research:
- do not provide an easy way to access your data,
- do not recognize EU Data Act legislation at all,
- recognize the EDA, but their interpretation is that they don’t need to share data with device owners.
A contact form or email can be treated as a temporary solution, but it fails to fulfill the additional requirements regarding direct data access. Although direct access can be understood differently and fulfilled in various ways, a manual request requiring manufacturer permission and interaction is generally not considered "direct". (Notably, "access by design" expectations intensify for products placed on the market from September 2026.)
API access
We can't talk about EU Data Act implementation without understanding the current technical landscape. For the home appliance industry, especially high-end devices, the competitive edge is smart features and smart home integration support. That's why many manufacturers already have cloud API access to their devices.
Major manufacturers, like Samsung, LG, and Bosch, allow users to access appliance data (such as electric ovens, air conditioning systems, humidifiers, or dishwashers) and control their functions. This API is then used by mobile apps (which are related services in terms of the EU Data Act) or by owners integrating with popular smart home systems.
There are two approaches: either the device itself provides a local API through a server running on it (very rare), or the API is provided in the manufacturer's cloud (most common), making access easier from the outside world, securely through their authentication mechanism, but requiring data storage in the cloud.
Both approaches, in light of the EDA, can be treated as direct access. The access does not require specific permission from the manufacturer, anyone can configure it, and if all functions and data are available, this might be considered a compliant solution.
Is API access enough?
The unfortunate part is that it rarely is, and for more than one reason. Let's go through all of them to understand why Samsung, which has a great SmartThings ecosystem, still developed a separate EU Data Act portal for data access.
1. The APIs do not make all data accessible
The APIs are mostly developed for smart home and integration purposes, not with the goal of sharing all the data collected by the appliance or by the related service (mobile app).
Adding endpoints for every single data point, especially for metadata, will be costly and not really useful for either customers or the manufacturer. It's easier and better to provide all supplementary data as a single package.
2. The APIs were developed with the device owner in mind
The EU Data Act streamlines data access for all data market participants - not only device owners, but also other businesses in B2B scenarios. Sharing data with other business entities under fair, reasonable, and non-discriminatory terms is the core of the EDA.
This means that there must be a way to share data with the company selected by the device owner in a simple and secure way. This effectively means that the sharing must be coordinated by the manufacturer, or at least the device should be designed in a way that allows for secure data sharing, which in most cases requires a separate B2B account or API.
3. The APIs lack consent management capabilities
B2B data access scenarios require a carefully designed consent management system to make sure the owner has full control regarding the scope of data sharing, the way it's shared, and with whom. The owner can also revoke data sharing permission at any time.
This functionality falls under the scope of a partner portal, not a smart home API. Some global manufacturers already have partner portals that can be used for this purpose, but an API alone is not enough.
If an API is not enough - what is?
The EU Data Act challenge is not really about expanding the API with new endpoints. The recommended approach, as taken by the previously mentioned Samsung, is to create a separate portal solving compliance problems. Let's also briefly look at potential solutions for direct access to data:
- Self-service export - download package, machine-readable + human-readable, as long as the export is fast, automatic, and allows users to access the data without undue delay.
- Delegated access to a third party - OAuth-style authorization, scoped consent, logs.
- Continuous data feed - webhook/stream for authorized recipients.
These are the approaches OEMs currently take to solve the problem.
Other challenges specific to the home appliance market
Home appliance connectivity is different from the automotive market. Because devices are bound to Wi-Fi or Bluetooth networks, or in rare cases smart home protocols (ZigBee, Z-Wave, Matter), they do not move or change owners that often.
Device ownership change happens only when the whole residence changes owners, which is either the specific situation of businesses like Airbnb, or current owners moving out - which very often means the Wi-Fi and/or ISP (Internet Service Provider) is changed anyway.
On the other hand, it is hard to point to the specific "device owner". If there is more than one resident - effectively any scenario outside of a single-person household - there is no way to effectively separate the data applicable to specific individuals. Of course, every reasonable system would include a checkbox or notification stating that data can only be requested when there is a legal basis under the GDPR, but selecting the correct user or admin to authorize data sharing is challenging.
From a business perspective, a challenge also arises from the fact that there are white-label OEMs manufacturing for global brands in specific market segments. A good example here is the TV market - to access system data, there can be a Google/Android access point, while diagnostic data is separate and should be provided by the manufacturer (which may or may not be the brand selling the device). If you purchase a TV branded by Toshiba, Sharp, or Hitachi, it can all be manufactured by Vestel. At the same time, other home appliances with the same brand can be manufactured elsewhere. Gathering all the data and helping users understand where their data is can be tricky, to say the least.
Another important challenge is the broad spectrum of devices with different functions and collecting different signals. This requires complex data catalogs, potentially integrating different data sources and different data formats. Users often purchase multiple different devices from the same brand and request access to all data at once. The user shouldn't have to guess whether the brand, OEM, or platform provider holds specific datasets - the compliance experience must reconcile identities and data sources to make it easy to use.
Conclusion
Navigating the EU Data Act is complicated, no matter which industry we focus on. When we were researching the home appliance market, we saw very different approaches—from a state-of-the-art system created by Samsung, compliant with all EDA requirements, to manufacturers who explain in the user manual that to "access the data" you need to open system settings and reset the device to factory settings, effectively removing the data instead of sharing it. The market as a whole is clearly not ready.
Making your company compliant with the EU Data Act is not that difficult. The overall idea and approach is similar regardless of the industry you represent, but building or procuring a new system to fulfill all requirements is a must for most manufacturers.
For manufacturers seeking a faster path to compliance, Grape Up designed and developed Databoostr, the EU Data Act compliance platform that can be either installed on customer infrastructure or integrated as a SaaS system. This is the quickest and most cost-effective way to become compliant, especially considering the shrinking timeline, while also enabling data monetization.
Interested in our services?
Reach out for tailored solutions and expert guidance.