- eco formulates five key requirements for implementation in Germany
Berlin, 30 September 2025 – The European Data Act has been in effect since 12 September: Companies in Germany must implement the requirements – but there is still a lack of clear procedural rules and a coherent national supervisory structure. The German federal government plans to soon discuss the implementation law for the Data Act in the cabinet. eco – Association of the Internet Industry welcomes this step, but warns: the German federal government has let valuable time to slip away during the long transition period. Now, swift action must be taken to avoid placing unnecessary obstacles in the path of German companies.
“The Data Act can be a decisive impetus for Europe’s data economy – but Germany must not squander this momentum through bureaucracy and unclear responsibilities,” says Alexander Rabe, eco’s Managing Director. “Those who pass laws in Europe must also ensure proper implementation. This means clear administrative structures, practical support for companies and proportionate sanctions.”
eco particularly emphasises the role of the German Federal Network Agency (BNetzA): the current draft provides for the BNetzA to be designated as the central supervisory authority for the Data Act – with German Federal Commissioner for Data Protection (BfDI) clearly responsible on data protection matters.
eco explicitly welcomes this decision, as it lays the foundation for uniform interpretation in Germany, creates legal certainty and supports data use. What is crucial now is that the BNetzA is sufficiently strengthened in terms of personnel and finances. Only then can it fulfil its role not only as a supervisory authority, but also as an active partner to business – with guidelines, recommendations for action and direct connection to industry practice.
To ensure successful implementation, eco has formulated five key demands for Germany:
- Streamlined supervision: Establishment of a coherent supervisory structure, preferably with the German Federal Network Agency (BNetzA) as the central authority, and clear responsibility of the German Federal Commissioner for Data Protection (BfDI) for data protection issues.
- Sanctions with a sense of proportion: Proportionate fines, clear distinction from the GDPR and a possible moratorium for SMEs and start-ups at the beginning of the application period. In addition, minor violations – as already foreseen in the draft – should be addressed with warnings, since SMEs often lack large legal departments and could otherwise be discouraged from using data.
- Support, not just control: Supervision should also as a point of contact and supporter with practical guidelines.
- Europe-wide legal certainty: Address overlaps with the GDPR and DGA, develop guidelines and use the planned Data Code as a central solution.
- Dispute resolution: Establishment of independent dispute resolution bodies modelled on the Telecommunications Arbitration Board. These are currently missing from the draft implementation law – however, from eco’s point of view, such an addition would be crucial to ensure independent and fair out-of-court conflict resolution.
“Germany must not become a stumbling block in the European Single Market when it comes to the Data Act,” Rabe continues. “What matters now is to use the remaining time: for swift, practice-oriented implementation and for a clear signal to companies that they can rely on support rather than legal uncertainty.”
The German-language position paper “eco Core Requirements for the Implementation of the Data Act” can be found here. eco’s German “Statement on the Draft Bill for a Law on the Implementation of Regulation (EU) 2023/2854 (Data Act Implementation Act – DA-DG)” can be found here.
