I’m a bit surprised that there’s so little hype around the paradigm shift and potential that the implementation of the Data Act will bring. We’re now only half a year away from this regulation coming into effect.
In Part 1, we discussed the upcoming Data Act, the value of data, breaking data silos, and the role of DePIN and Streamr. Now that 2025 has started, we are only six short months away from September 12th, when the Data Act takes effect. New details are emerging from national authorities regarding enforcement and penalties for non-compliance.
So it’s a good time to have a closer look at the Data Act and how it can be the catalyst to escape from the walled gardens of Web2 to a world where data is owned and governed by users.
Table of Contents
What is the Data Act?
As a brief recap, the Data Act is new EU legislation designed to ensure fair access, use, and sharing of data between businesses, governments and citizens. It seeks to support innovation, protect privacy and foster a competitive digital economy.
The European Commission expects that the Data Act will break the existing data silos, put IoT product owners in control of their own raw and pre-processed data, and facilitate the creation of a new data economy — expected to be worth €270 billion by 2028.
For consumers, this is fantastic news as it finally grants them access to the data that they produce with the devices — something that should always have been theirs. For IoT OEMs, this regulation brings new responsibilities. Starting from September 12th, users must be informed at the point of sale about what data the device generates and that they have the right to request access for themselves or third parties. By 2026, new products must enable direct and easy user access to the data produced by the product during use.
Since the Data Act entered force as EU law on 11th January 2024, each EU member state must integrate it into their national legislation by 12th September — including setting penalties for non-compliance.
How is it enforced?
From a consumer and developer perspective, a key question has been: Will there be strong enough penalties to ensure compliance from enterprises, or is the Data Act a nice concept that lacks enforcement teeth?
The answer is slowly starting to emerge. Each EU member state can set their own penalties for non-compliance as long as they are effective, proportionate, and dissuasive. In December 2024, Finland’s Ministry of Transport and Communications (Traficom) published its draft proposal for the implementation of the EU Data Act. This draft outlines which authorities will oversee compliance, their enforcement powers, and the penalties they can impose.
According to the proposal, in Finland, penalties and fines are expected to be in alignment with those set out in GDPR. Traficom can impose administrative fines of up to €100,000, while the Consumer Authorities Board can issue fines up to 4% of a company’s global turnover under the Consumer Protection Act.
For comparison, the draft also reviews how other EU countries are approaching penalties. While details remain scarce, the Netherlands plans to allow national authorities to impose fines of up to €760,000 or 10% of yearly turnover — whichever is greater — for Data Act violations.
The draft also mentions exemptions for micro and small enterprises (Article 3 of the Data Act), who are not required to provide connected device data under the Act. Instead, they are given opportunities to build new data-driven solutions by limiting the dominance of major players.
Leveling the playing field — Controlling the Gatekeepers
Does this mean Web3 projects, DePINs, and SMEs compete in a market where trillion-dollar companies could absorb all the newly available data from the Data Act?
The regulation addresses this directly. The European Commission designates certain enterprises as “gatekeepers” — Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft. These companies are barred from receiving third-party data via the Data Act or acting as data holders under the threat of penalties.
However, this does not prohibit using gatekeeper-owned data processing services. So if you are a web developer, you can still use your choice of cloud platform to process the data, but offering it to a major provider like Amazon for commercial use would be prohibited.
In addition, the Data Act explicitly prohibits gatekeepers from soliciting, financially incentivizing, or pressuring users to share data obtained under the Act. This is meant to prevent dominant players from circumventing the regulation through incentives or backdoor agreements.
By enforcing these restrictions, the Data Act seeks to create a fairer market where smaller enterprises can compete.
Synergetic technologies — AI Agents
Several emerging technologies — including DePIN, AI, and AI agents — stand to benefit from the Data Act and the unprecedented access it grants to machine-readable data from connected devices.
According to IBM, AI agents are systems or programs, such as pre-trained AI models that are capable of autonomously performing tasks on behalf of a user or another system by designing its workflow and leveraging available tools. AI agents don’t operate in a vacuum — they require human-defined goals and real-time data from the physical world, such as operational usage data from devices.
This is where the Data Act can accelerate the adoption of AI agents, by breaking the big tech silos, and unlocking large-scale access to device data. Let’s consider what this could look like in practice with an automotive example. From September 2025, you gain API access to your car’s operational data — mileage, speed, location, fuel/battery status, and more. Your car manufacturer now provides these credentials, which you can choose to connect to an AI agent service.
You can now set the goals for this agent, with natural language such as analyze my driving patterns to optimize fuel efficiency, create alerts about upcoming maintenance needs, or suggest the best gas stations based on the following criteria: price, congestion, and available services. The AI agent would then be able to process these requests, in conjunction with the access to up-to-date information from your car data and a set of AI services which could be hosted on DePIN services and provide you timely insights and recommendations.
Where does Streamr fit?
So where does Streamr fit into the Data Act and Agentic AI landscape? To fully unlock the potential of Agentic AIs, a seamless connection is needed between AI systems and real-time data sources. This connective layer should be easy to adopt, scalable, cost-effective, and platform-agnostic.
Streamr’s core technology — the Streamr Network — connects real-time data providers and subscribers without requiring centralized parties or account creation. This makes it well-suited as a connective layer between Agentic AI platforms and Data Act-compliant solutions that provide access to IoT data.
There’s still work to be done in bridging AI agents with real-time data. To explore this, we’ve started working with AI agentic platforms and developed a proof-of-concept integration client for ElizaOS ecosystem, linking Agentic AIs to the Streamr Network. More on this in upcoming blog posts.
Final Thoughts
With enforcement mechanisms taking shape and more data becoming available at scale, Web3, DePIN, and AI-driven applications are well-positioned to leverage this shift. By making real-time, machine-readable data widely accessible, the Data Act paves the way for AI-driven automation across industries.
Streamr and the broader DePIN space stand ready to help unlock the full potential of this new data economy!
