Anyone involved in the practical implementation of data analytics concepts and the development of data platforms should consider the future legal framework in their data strategy from the outset. We provide an overview of new legislation that is already important today as part of the EU Digital Strategy. Of particular relevance are the Cyber Resilience Act, the EU Data Act, and the Artificial Intelligence Act.
If you are considering a data platform based on the Data Lakehouse concept, you should be aware of their implications and consider them in your planning. In essence, these laws emphasize the importance of a holistic and proactive approach to a modern data strategy for several reasons. Complying with them is crucial for efficient risk management, avoiding legal and financial consequences, and safeguarding your reputation. Building a data strategy aligned with these new laws also promotes responsible innovation and can provide a clear competitive advantage in a market where partners and consumers increasingly value data privacy and ethical AI.
Particularly relevant are the three EU regulations: the Cyber Resilience Act, the Data Act, and the Artificial Intelligence Act. Together, they form a comprehensive framework aimed at addressing the legal challenges arising from the rapid developments in the Internet of Things (IoT). Here’s an overview:
This law focuses on improving the overall cybersecurity of devices and systems. It is planned to come into effect in 2024, impacting all products in early concept phases or already in development today. The implications include:
The EU Data Act, which came into force at the beginning of 2024 and will become directly applicable law throughout the EU from 12 September 2025, is intended to modernize and harmonize data protection laws within the European Union. Building upon the General Data Protection Regulation (GDPR), it seeks to provide users with control over their personal data and enable them to better understand how their data is used. Clear rules for international data flows and interoperability between different data platforms and formats are intended to foster data trade growth within the EU. It regulates:
Expected to come into force in 2026, the AI Act aims to regulate AI systems, including those embedded in IoT devices and related platforms. Its key implications for data and security include:
These laws will shape data usage and security from various perspectives. While they are set to take effect in the coming years, their impacts and compliance should already be considered in the planning of digital processes. In summary, these laws focus on data management, security, and transparency and are best aligned with existing architectures and products today. One thing is clear: the more unified, secure, and straightforward data systems are organized, the less complex and cumbersome the practical implementation of these new requirements becomes.
A Lakehouse architecture, such as the one offered by Databricks, can significantly assist in this regard. It allows companies to store, manage, and analyze data in a unified manner by combining data engineering and analytics. Additionally, it provides tools for data governance, quality assurance, or enhanced cybersecurity for your data platform. At Databricks, this solution layer is known as the Unity Catalog – we’ll delve deeper into that in part 3 of our blog series.
Delivering excellence in IoT. We are an IoT Solution Provider for Smart Products, Connected Vehicles, Smart City, Smart Energy and Smart Production.