Alfonso Carballo and Margherita Corina at NEOMA Business School in this opinion piece explore why the EU Data Act risks undermining the principles it aims to protect
Framed as a cornerstone of the continent’s data strategy, the European Union’s (EU) Data Act seeks to create what Brussels calls a “single market for data”.
It’s a move aimed at strengthening Europe’s digital sovereignty, rebalancing power between tech giants and smaller players, and ensuring that data generated by connected devices is shared under fair and non-discriminatory conditions.
While the law could lay a pathway to empowering users, promoting innovation, and boosting Europe’s competitiveness in the global digital economy, much of the widespread celebratory atmosphere around this legislation overlooks three critical issues. Issues which, if they persist as blind spots, could undermine the very principles the Act seeks to protect.
Ignoring the deeper issue: Protecting Europes digital growth
To understand why the EU introduced this legislation, it’s necessary to look beyond the rhetoric of sovereignty to see the underlying logic of political economy.
Instead of being driven by a desire to fix clear market failures, the Act’s origins lie in a structural imbalance: Europe has vast industrial sectors that generate enormous amounts of data, but, unlike the U.S. and China, it has no large-scale digital platforms like Google or Amazon that are capable of dominating global data markets.
So, European firms often see their product-generated data captured and monetised by foreign tech companies. In response, the Data Act is designed to rebalance the bargaining power between global digital platforms and European industry.
The winners are clear. European manufacturers, especially in Germany and France, will gain access to data that previously flowed into the hands of tech giants. European SMEs, at least in theory, can now utilise this data to drive innovation. National governments also stand to benefit, as the regulation strengthens their capacity to access industrial and consumer data for public services, planning, and oversight.
The losers are also evident. Big tech firms like Google, Amazon, and Microsoft will face stricter obligations to share data under “fair, reasonable, and non-discriminatory” (FRAND) terms, reducing their ability to monopolise information flows. Non-European manufacturers, including Tesla in the automotive sector and Asian electronics firms, will also be compelled to open up user-generated data under EU rules. Cloud providers, particularly those outside Europe, will be required to ensure interoperability and portability, undermining the lucrative lock-in strategies that have long defined their business models.
All these factors indicate the legislation’s intent is to redistribute power and value within the data economy, creating what Brussels presents as a “level playing field”.
But, there is a deeper issue the regulations fail to resolve: Europe’s chronic lack of its own digital champions. The EU remains far behind the U.S. and China in the race for technological leadership, largely due to an over-regulatory environment that discourages the emergence of new giants. Europe may succeed in limiting foreign dominance, but that is not the same as building its own engines of digital growth.
Increasing pressure on SMEs
The second major concern is the cost of regulatory compliance. The Data Act is extremely detailed. It requires that connected products be designed to make data accessible by default, that contracts with cloud providers include portability clauses, and that companies establish mechanisms for fair and transparent data sharing.
These obligations may be manageable for large corporations with established compliance departments and sophisticated IT infrastructures, but for SMEs, the story is very different.
Smaller firms often lack the financial and human capital to adapt quickly to complex regulatory frameworks. For them, compliance will represent a significant cost during the transition, potentially outweighing any benefits they might gain from new data access rights.
The result is a striking paradox: a law intended to create a more balanced market may in practice disadvantage the very SMEs it claims to empower.
A more careful regulatory design might have considered differentiated obligations, exempting micro and small enterprises from the most onerous requirements. While the Data Act includes some references to proportionality, it does not fundamentally distinguish between the compliance burdens faced by multinational corporations and those of small start-ups.
Without such differentiation, SMEs risk being squeezed between regulatory compliance costs and intensified competition from larger players who can afford to absorb these obligations.
Slowing innovation, including artificial intelligence
The third and perhaps most sensitive issue concerns innovation, particularly in the field of artificial intelligence (AI). Europe already lags behind the U.S. and China in AI investment, research, and commercialisation. By imposing additional regulatory layers, the Data Act may inadvertently widen this gap.
In the U.S., there is no equivalent federal law mandating data sharing on the scale of the EU Data Act. Instead, data governance is fragmented, with state-level laws, such as California’s CCA, and sector-specific regulations. This provides U.S. firms with significant flexibility and lower compliance costs, enabling them to experiment with new business models and scale quickly.
China takes a different approach, enforcing strict data laws – though their focus is on security, state control, and cross-border restrictions rather than mandated openness for the sake of market competition. While this framework presents its own challenges, it also ensures that Chinese firms operate within a highly protected domestic ecosystem, supported by substantial state investment.
Compared to either of these digital superpowers, the EU is layering the Data Act on top of the General Data Protection Regulation (GDPR), the upcoming AI Act, and other digital market regulations. The cumulative effect risks suffocating innovation.
In the AI field, where access to vast amounts of high-quality data is crucial for training models, restrictive or complex compliance frameworks could make European firms less competitive globally.
In a sense, the Data Act exemplifies both the strengths and weaknesses of Europe’s regulatory tradition. On one hand, it represents a bold attempt to shape markets, rebalance power, and ensure fairness in the data economy. On the other hand, it highlights a tendency toward often well-intentioned overregulation that nevertheless undermines the competitiveness it seeks to protect.
By overburdening small players and discouraging innovation, Europe risks losing further ground in the digital race. Regulators may celebrate sovereignty, but if consumers and SMEs bear the costs and innovation withers, the continent will have masterminded its own technological decline.
