Regulation (EU) 2023/2854 “Data Act”

BWP recons that EU regulations do and will have a significant impact on the technical design of our products: According to Regulation (EU) 2023/2854 (“Data Act”), which will apply from 12 September 2025 onwards, networked products will be required to make user data (product data, service data, metadata) available free of charge in a simple form in a structured, commonly used and machine-readable format (Article 3 Data Act). According to this provision, this access must be made directly (where technically feasible), i.e. independently for the user of the Integrated Product (customer) by operating the Integrated Product or accessing data via a cloud server (Recital 22 Data Act). According to the Cyber Resilience Act, which is expected to enter into force in May 2027, products with digital elements (i.e. including the Integrated Product) may only be made available on the market if, among other things, the requirements of Annex I of the Regulation are met, such as (a) the products have a level of cyber security appropriate to the risks, (b) vulnerabilities are identified and documented, (c) mechanisms for the secure (automatic) distribution of software updates are integrated, (d) technical protection against unauthorized access as well as logging and monitoring functions have been integrated or (e) data deletion by the user is possible. BWP takes the necessary technical and organizational measures in good time to meet the above legal requirements when they become applicable, to comply with the aforementioned as well as with any other applicable future EU data regulations.