EU Digital Decade 2030: Data law, Data Act & eIDAS 2 – what needs to be implemented in 2025

Brief overview: The “Digital Decade 2030 Policy Program” bundles four goals (skills, infrastructures, economy, public services) and links them with binding roadmaps and monitoring. The data law core is crucial for companies: the Data Act, Data Governance Act and the new European identity (eID wallet) will set concrete project and contractual requirements in 2025.

Legal framework and objectives: From objectives to implementation

Decision (EU) 2022/2481 establishes targets for 2030 and a governance mechanism with an annual progress report and national roadmaps. Central targets: Cloud/big data/AI use in companies, high-performance networks, digital public services and a digital identity that can be used throughout Europe. In practice, this means accelerated digitalization projects in companies and administration, flanked by data access and interoperability rules.

Data access & use: Data Act and Data Governance Act

From September 2025, the Data Act (Regulation (EU) 2023/2854) will widely regulate access to usage data of connected products and services (B2C/B2B), data portability also for non-personal data, interoperability of data processing services and collision protection when switching to the cloud. Manufacturers and providers of networked products should adapt their contract and technology design as early as 2025: Data categories, recipients, formats, APIs, SLAs, exit clauses, migration deadlines and fee models.

The Data Governance Act (Regulation (EU) 2022/868) has been in force since September 2023. Its core elements are data intermediation services with neutrality requirements, data altruism and common European data spaces. New data submarkets are emerging for sectors such as healthcare, mobility, energy and finance – with opportunities for data-based products, but also compliance obligations (transparency, purpose limitation, data security).

Digital identity & signatures: eIDAS 2 as an enabler

Regulation (EU) 2024/1183 introduces the European Digital Identity (EUDI wallet). Member States must provide wallets once the technical implementing act has been adopted; from 2025/26, companies can expect broad integration in onboarding, proof of age/identity, qualified electronic signatures and seals, proof of diploma/license or KYC processes. In practical terms, this means: recognition and integration of the wallet in accounts, workflows and contracts, including proof and signature clauses, mapping to Art. 25 of the eIDAS regime and technical relying party certifications.

Practical roadmap 2025: contracts, technology and governance

1. Data inventory & mappings: product/usage data, telemetry, platform logs; lawfulness bases (GDPR/contractual); assignment to data act rules (access, transfer, formats).
2. Product & cloud interoperability: API specifications, switching-by design, migration SLAs, price structure for exports; vendor lock-in clauses in GTC/MSA/SaaS contracts.
3. Data sharing models: check role as data intermediary (neutrality, registration), data altruism projects, participation in EU data spaces; clear liability/IP rules (UrhG, Section 31 (5) UrhG; license structure).
4. EUDI wallet readiness: signature/seal workflows, proof of mandate/representation, attribute certificates; adapt burden of proof and form requirements in contract templates.
5. Governance & audit: roles, internal guidelines, access controls, privacy/data-by-design (Art. 25 GDPR), exit tests for data migration, incident response and annual management reviews.
6. Funding and consortium options: Examine multi-country projects (e.g. data infrastructure, cloud interoperability, cybersecurity) and draft clean contracts (IP split, consortium governance, state-aid issues).

Conclusion: The Digital Decade is not a political buzzword, but a binding implementation framework. Those who align contracts, product architecture and compliance with the Data Act, DGA and eIDAS 2 in 2025 will secure market access, interoperability and evidentiary advantages – and reduce subsequent conversion costs.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.