FRAMEWORK .legal | EU Data Act Frameworks

Map your obligations and track your progress within the Data Act.

Data Act compliance framework dashboard showing task management and progress tracking in .legal platform

Interactive Data Act compliance navigation tool mapping 25 articles to specific compliance tasks

DATA ACT FRAMEWORK Navigate confidently through Data Act Compliance

The EU Data Act will come into force on 12 September 2025. It entails complex rules, multiple roles and overlapping requirements. We have mapped it all out in a clear, action-oriented framework for optimal Data Act compliance.

Complete Data Act framework with 25 articles mapped to specific tasks
Select only the requirements that apply to your organisation – save time and resources
Real-time compliance tracking shows exactly where you stand with the Data Act
Reuses existing GDPR and NIS2 tasks - don't do thing twice

Checklist showing which organisations need Data Act compliance - IoT manufacturers, cloud providers, and data controllers

DATA ACT FRAMEWORK Who needs the Data Act Framework?

Not sure if the Data Act applies to your organisation? The Data Act Framework helps you identify your obligations quickly and accurately.

You are covered by the Data Act if you:

Manufacture products with internet connectivity (IoT products) that collect data
Offer services working with connected products and sell in the EU
Control or have access to data from connected products
Receive data from other companies or users in the EU
Are a public institution requesting data from private companies
Provide cloud services (IaaS, SaaS, PaaS)

Customisable Data Act framework interface allowing role-based compliance selection for manufacturers, data holders, and cloud providers

DATA ACT FRAMEWORK Tailor your Data Act compliance approach

Our Data Act Framework maps all 25 operational articles, but not every rule applies to every organisation. Customise your compliance strategy efficiently:

How to design your framework:

Identify your role - manufacturer, data holder, or cloud provider
Find applicable chapters that affect your business operations
Focus on relevant articles to prioritise your compliance efforts
Assess risk and impact for strategic implementation

Framework Modules by Role:

IoT Products

Do you manufacture smart products or offer related services? Chapter II applies, covering data accessibility requirements and user rights
Cloud Services

Cloud service providers must comply with Chapter VI on cloud switching - making it easier for customers to change providers and avoid vendor lock-in.
Public authority

Public authorities gain special data request rights under Chapter V but must follow strict procedural requirements and safeguards.
SME Advantages

Small businesses receive enhanced protection against unfair contract terms and special benefits under compensation rules.

Framework integration diagram showing how Data Act synergises with GDPR, NIS2, ISO 27001, and AI Act compliance

DATA ACT FRAMEWORK Leverage synergies with existing compliance frameworks

The Data Act Framework integrates seamlessly with your existing compliance programmes. Don't repeat work - maximise the value of your current investments:

Framework Synergies:

The same security controls can meet multiple requirements at the same time
Documentation and processes can be reused across frameworks
Investing in one area strengthens compliance on several fronts
Less duplication of work and resources

Examples of overlapping frameworks

GDPR

Personal data handling, consent and data subjects' rights. The Data Act complements the GDPR with extended portability rights for IoT data.
NIS2 Security

Cybersecurity requirements for critical infrastructure overlap with the Data Act's requirements for protection against illegal data access from third countries.
ISO 27001

Information security management and risk management directly support the Data Act's requirements for technical and organisational security measures.
AI Act Transparence

Requirements for openness and explainability in AI systems have similarities with the Data Act's transparency obligations towards users of IoT products.

+360

companies
+10.000

users
+79.000

contracts
+14.000

processing activities

Lægeforeningen Michael Berner (Lawyer)

.legal has been the right choice for us. .legal are professional and welcoming with skilled employees.
Min By Media Tinna Schultz (HR manager)

It just works! It is so easy and user-friendly, and the overview of processing activities is brilliant.
Bech-Bruun Mikkel Friis Rossa (Partner)

.legal's team has consistently demonstrated a commitment to innovation while being responsive to the needs of our mutual clients.
DMJX Kaspar Rochholz (GDPR coordinator)

.legal has really understood what it means to create a user-friendly and efficient solution. Privacy is an attractive product compared to price and functionality.
Axel Kaufmann ApS Julie Lundkvist Andreasen (Lawyer and Head of Customer Service)

.legal continuously update the platform to ensure their customers always remain compliant. In our view, any other choice would be a downgrade.
Molecule Consultancy Nanna Rodian Christensen (HR & Operational Manager)

Firstly, it means that not all the work is in one place (me), and secondly, that the understanding of GDPR is implemented throughout the organisation.

Framework prices Data Act Framework Prices

Start using Data Act in your .legal platform today.

See all prices Book product demo

Frameworks

From €135

pr. month

Unlimited number of users
Unlimited number of frameworks
Combine with data protection and information security

Book a demo

All prices are exclusive of VAT and any taxes.
Monthly payments in advance, annual commitment.

.legal Compliance Hub

Read all about .legals compliance on our compliance hub.

ISAE 3402

Get a copy of .legal A/S's latest ISAE3402 (type 2) IT security statement

ISAE 3402 statement
ISAE 3000

Get a copy of .legal A/S's latest ISAE3000 (type 2) statement of our GDPR compliance

ISAE 3000 statement
Data Processing Agreement (DPA)

Find .legal A/S's data processing agreement here.

Data processing agreement
IT security

All .legal A/S's implemented and approved IT security measures are described here.

IT Security Measures

What is the EU Data Act Framework?

The EU Data Act Framework is a comprehensive compliance solution that maps all 25 operational articles of the Data Act (Regulation EU 2023/2584) into actionable tasks. It helps organisations understand their obligations, track compliance progress, and integrate with existing frameworks like GDPR and NIS2.

When does the Data Act come into force?

The EU Data Act comes into force on 12 September 2025. Organisations covered by the regulation must be compliant by this date, making it crucial to start preparation now.

Does the Data Act apply to companies outside the EU?

Yes, if you place connected products on the EU market or offer related services to EU users. The Data Act has extraterritorial reach similar to GDPR, requiring non-EU companies to comply when serving EU markets.

How does the Data Act interact with GDPR?

The Data Act complements and enhances GDPR, particularly around data portability rights for IoT devices. GDPR rules take precedence for personal data processing, while the Data Act covers broader data sharing obligations including non-personal data.

Learn more: GDPR and Data Act Interaction

What are connected products under the Data Act?

Connected products are items that can generate, obtain, or collect data about their use, performance, or environment, and can communicate this data. This includes smart home appliances, industrial machinery, medical devices, vehicles, and consumer electronics.

Can I use existing compliance documentation for the Data Act?

Yes, the Data Act Framework is designed to leverage existing GDPR, NIS2, and ISO 27001 documentation. Many security controls and risk management processes can satisfy multiple regulatory requirements simultaneously.

Learn more: Information Security Management

What happens if my organisation doesn't comply with the Data Act?

Member States will establish penalties for non-compliance. Additionally, data protection authorities can impose GDPR fines for violations involving personal data under the Data Act. Early preparation is essential to avoid penalties and ensure smooth operations.

How can .legal help with Data Act compliance?

.legal's Data Act Framework provides role-specific compliance tracking, integrates with existing frameworks, offers expert-designed templates, and includes real-time progress monitoring. Our platform simplifies complex regulatory requirements into manageable tasks.

Start your compliance journey: Book a Demo

Is the Data Act Framework suitable for small businesses?

Yes, the Data Act includes special protections for SMEs, and our framework is designed to scale for organisations of all sizes. Small businesses benefit from enhanced protection against unfair contract terms and streamlined compliance processes.

Can I integrate the Data Act Framework with other compliance modules?

Absolutely. The Data Act Framework integrates seamlessly with our GDPR, NIS2, ISO 27001, and other compliance modules, allowing you to manage all regulatory requirements from a single platform.

See all modules: Compliance Frameworks