The Data (Use and Access) Act 2025, which received Royal Assent on the 19 June 2025, represents a major milestone in the UK’s digital regulation agenda.
As part of the UK Government’s broader National Data Strategy, the Act is designed to promote fair, innovative, and secure use of data across the economy, particularly between businesses, and the public and private sectors.
For the IT community, this legislation introduces both technical and strategic implications in areas such as data portability, system interoperability, cloud switching, and smart device data access.
How Did the Act Come About?
The Data (Use and Access) Act 2025, simply known as the Data Act, builds on a growing recognition that data is a key driver of innovation and productivity, yet much of its value remains locked away in silos, especially in the private sector.
Following the UK’s departure from the European Union, the government launched the National Data Strategy (2020), aiming to establish the UK as a global data leader. This included commitments to improve data availability, trust in data use, and cross-sector data collaboration.
The Act also includes the creation and adoption of secure digital identities to help with daily life such as employment checks, moving house, operating bank/building society accounts and buying age-restricted goods and services. The Government believing that this will improve efficiency, improve the online user experience and reduce fraud.
In parallel, the EU was developing its own Data Act and Data Governance Act, prompting UK policymakers to craft a distinctively British approach – one that fosters innovation while avoiding heavy-handed regulation. After public consultations and input from industry and academia, the Data (Use and Access) Act received its first reading in October 2024, passing into law in June 2025.
Key Provisions for IT Professionals
1. Data Portability and Interoperability
The Act strengthens user rights to access and transfer their data, particularly in cloud services and digital platforms. IT teams should assess system architectures for compatibility, standard formats, and API readiness to enable smooth switching.
2. Business-to-Business (B2B) Data Sharing
While not mandatory, the Act encourages fair and transparent data-sharing practices between businesses. Organisations with large datasets, especially in IoT, transport, or health, may face increased expectations to enable secure third-party access.
3. Public Sector Data Requests
Public authorities are granted powers to request privately held data for purposes such as crisis response, infrastructure planning, or AI development in public services. IT leaders should implement governance and compliance processes for responding to these requests quickly and securely.
4. Smart Device and Consumer Data Access
The Act gives users greater rights to access and share data generated by connected products and services. Developers should ensure user interfaces and APIs provide practical tools for exporting, managing, and sharing data.
What Should You Do Now?
- Review system designs for data portability and compatibility
- Audit cloud and platform services for compliance with switching rights
- Develop internal data governance policies to respond to public sector data requests
- Work with legal teams to revise data-sharing agreements and consumer transparency
The Data (Use and Access) Act 2025 is a forward-looking piece of legislation that seeks to unlock the UK’s digital potential. For the IT community, it’s both a compliance requirement and an opportunity to lead in the next phase of the data economy.
If you’d like to explore how the Data Act 2025 could impact your IT strategy, data architecture, or compliance planning, we’re here to help.
Image Copyright Unsplash
Comments are closed.