About the Course
Introduction
This CLE webinar will provide an overview of the new EU Data Act and its implications for U.S. businesses. The panel will highlight the sections of the Act that are most relevant for U.S. companies, the implications of the Act on data processing and sharing services, compliance challenges and requirements, and immediate steps U.S. companies need to take to ensure compliance.
Description
On Sept. 12, 2025, the new EU Data Act took effect. This new law has sweeping implications for any company offering internet-connected products, related digital services, or cloud and other data processing services in the EU and outside the EU. Even if a company does not directly serve EU customers, the scope of the Act is so broad that if a company's products or services ultimately reach EU users through any supply chain, they must comply with the Act's requirements. The extraterritorial reach of the Act means that it applies to many U.S. businesses. Thus, counsel must understand the obligations and requirements of this new legal framework to ensure their clients are in compliance.
The Act is a significant shift in the governance of data generated by connected devices, particularly the Internet of Things environment. It introduces a comprehensive legal framework geared towards enhancing data portability and interoperability and minimizing dependency on individual service providers. Under the Act, users of covered devices and services, whether businesses or individuals, have the right to switch "data processing services" and the right to the data generated by their connected products. These switching rights can also impact device manufacturers as well as providers of software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).
In light of the Act's new requirements, companies must assess whether their services and products are governed by the Act, review and update contracts and services to ensure compliance with the new regulatory framework, develop and implement internal processes for managing and responding to data access and portability requests from users and third parties, and protect intellectual property with robust technical and contractual measures before entering into data-sharing agreements. Impacted companies should also increase transparency for users by providing clear and comprehensive information explaining how their data is generated, how it can be accessed, and their rights to such data under the Act.
Listen as our authoritative panel provides practical considerations and guidance for companies navigating compliance with the Act's new requirements and obligations.
Presented By
Mr. Baker’s cross-disciplinary practice focuses on data privacy, cybersecurity, crisis management, and incident response for a broad range of industries. He is well-versed in multi-jurisdictional privacy compliance; cyber risk identification, mitigation, and response strategies; complex information governance and data management issues; and cross-border electronic discovery. Mr. Baker routinely counsels clients on considerations arising under a wide range of domestic and international privacy and security laws, standards, and best practices. In addition, he has managed dozens of cyber and privacy incidents for multinational companies through all aspects of investigation, remediation, notification, regulatory engagement, and litigation.
Mr. Beverley-Smith advises customers and suppliers on a wide range of international transactions and regulatory issues, including technology, telecommunications and business process outsourcing, complex services agreements, IP ownership and licensing. He counsels clients on privacy and cybersecurity issues and helps navigate regulatory hurdles and operational and commercial risks. Mr. Beverley-Smith advises on international privacy compliance programs, particularly in respect of the EU GDPR, for U.S. and European clients in numerous sectors, including banks, insurers, IT and telecom vendors, health care providers, pharmaceutical companies, medical device manufacturers, publishers and retailers. He also advises on strategic contracting and risk issues on international transactions throughout EMEA, the U.S. and Asia for both customers and suppliers. In these matters, he works with multidisciplinary teams of finance, sales, HR, procurement, privacy, security and tax professionals. Mr. Beverley-Smith is the author of several books and articles on IP and privacy, including "Rights in Data and Information" in the Oxford Handbook of Intellectual Property Law.
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
-
Date + Time
- event
Wednesday, March 11, 2026
- schedule
1:00 PM E.T.
I. Summary and overview of the EU Data Act
II. Compliance timelines and enforcement priorities
III. Extraterritorial reach of the Act and its implications for U.S. companies
IV. How the Act changes access and sharing obligations to EU data
V. Products and services covered by the Act
VI. Compliance: legal, contractual, business, and financial
VII. Privacy, security, and compliance risks
VIII. Key considerations and steps U.S. companies must take to maintain compliance
IX. Practitioner pointers and key takeaways
The panel will address these and other key considerations:
- What are the significant provisions and key compliance timelines for U.S. companies under the new EU Data Act?
- What entities and services are within the Act's scope?
- How does the Act impact data access and sharing obligations?
- What are some key legal, contractual, technical, and operational challenges relating to the Act, and how should companies address these issues?
- What actions do U.S. companies need to take immediately to ensure compliance with the Act?
Related Courses
Impact of New EU Data Act on U.S. Businesses: Extraterritorial Reach, Compliance Risks, Operational Challenges
Wednesday, March 11, 2026
1:00 PM E.T.
Telephone Consumer Protection Act and Communications Programs: Recent Developments, Ensuring Compliance, Mitigating Risks
Wednesday, January 28, 2026
1:00 PM E.T.
