2 minute read
2.1 Access-by-design
transparency obligations are also extended to the B2B context, without any particular need for regulation becoming apparent. At the same time, the Data Act contains many considerations for the transfer of data without sufficiently ensuring that the data is passed on to the authorised user. The transfer requires further technical specifications, which should not be left unregulated in order to ensure the quality and the security of the data. At the same time, the Data Act should take into account the special features of certain areas and, for example, for medical devices, observe certain delimitations resulting from the Medical Device Regulation (MDR).
With regard to the product design requirements and the data access and transmission rules, it is unclear to what extent these requirements extend to products already on the market. Due to the enormous costs of any subsequent modification of products, it must be made clear that Chapter II only applies to new products.
2.1 Access-by-design
In order for the Data Act to lead to more data-driven value creation, legal uncertainties resulting from additional product requirements according to the "access-by-design" principle pursuant to Art. 3 DA-E must be prevented. According to Art. 3 (1) DA-E, manufacturers must design their products in such a way that access to the data generated by the use of the product can be made possible by default. For SMEs in particular, this results in considerable requirements for the manufacturer, which concern not only the product, but also transparency and information obligations, for example about the type and scope of data collection. These considerable interventions in the product design may only apply to new products and must be taken into account via corresponding lead times for the production and development of the corresponding products, especially since such interventions may require renewed product certification with a process period of at least one year.
Such interventions in the product design could, moreover, endanger the functionalities of the products quite considerably. If, for example, an industrial steering system has tobe designed in such a way that it had to grant data access from within itself - and not via additional modules - special characteristics of a steering system (deterministics, equidistance) could suffer. Precisely because industrial controls must focus entirely on their function at the I/O level, they are deliberately equipped exclusively with minimum functions that are necessary for commissioning the control. For this reason, access should be limited to only those data that are actually being transmitted: For example, there is sometimes data that is generated during use, but - at least so far - remains in the product and is not utilised because there is no meaningful application scenario for it at this point in time. If all data generated by the use of the asset were affected by the Data Act, this would create an unintended incentive to generate as little data as possible. If this data were also covered by the mandatory access option, manufacturers
