The European Commission has been releasing updated FAQ documents on the Data Act since before it entered full application in September 2025. Version 12, published in late 2025, is the most significant update yet — particularly for companies navigating the data portability requirements under Articles 4 and 5.
What changed in version 12
Previous FAQ versions provided general guidance on data portability without addressing the technical implementation in detail. Version 12 adds significant specificity on three fronts: the definition of "real-time" access, the format requirements for portable data, and the relationship between the Data Act portability obligations and existing sector-specific data requirements (particularly in energy and finance).
The most consequential clarification concerns what "real-time" access actually means. The FAQ now specifies that access should be available within a timeframe consistent with the technical capabilities of the device — in practice, continuous streaming or very short polling intervals for high-frequency sensor data, with batch export acceptable only for devices with significant technical constraints on connectivity.
The portability clarifications
Version 12 also expands on the format requirements for portable data exports. The guidance is clear that proprietary formats do not satisfy the portability requirement unless an open conversion layer is provided. Data must be exportable in at least one format that can be ingested by "commonly available" software — the guidance names JSON, CSV, and XML as examples, while noting that sector-specific formats (like COSEM/DLMS for energy metering) are acceptable where they are genuinely interoperable.
The third major addition concerns the relationship between Data Act portability and GDPR data portability under Article 20. Version 12 clarifies that the Data Act creates additional portability rights that operate independently of GDPR — meaning companies cannot satisfy their Data Act obligations by pointing to their GDPR portability implementation. The obligations are additive, not substitutable.
"Version 12 removes the ambiguity that many companies were using as a reason to delay implementation. The expectations are now specific enough that ‘waiting for clarity’ is no longer a defensible posture."Steelbridge · Regulatory Update
What to do now
For teams that have been waiting for regulatory clarity before committing to a compliance architecture, Version 12 provides the specificity needed to make those decisions. The key questions to address: Does your current API provide access at a frequency that meets the "real-time" standard for your product category? Does your data export support at least one genuinely interoperable format? Have you assessed your Data Act portability obligations separately from your GDPR obligations?
Version 12 is available on the European Commission’s Data Act resources page. We recommend a specific review against Articles 4 and 5 in light of the updated guidance — and a gap assessment against your current access and export architecture.
About Steelbridge
Steelbridge Oy is a Helsinki-based compliance infrastructure company. Our platform handles the technical and legal obligations of the EU Data Act as a managed service, enabling IoT and connected-device manufacturers to go live in weeks rather than months.
Contact: contact@steelbridge.fi
