UK progresses implementation of new Data Act

The Data (Use and Access) Act 2025 (Commencement No. 1) Regulations 2025 (SI 2025/904) have been made and published. The Regulations bring certain key provisions of the Data (Use and Access) Act 2025 (DUAA) into force from 20 August. The DUAA is a UK law that updates existing data protection regulations, aiming to promote innovation and economic growth while maintaining strong data protection standards. It introduces changes to how personal and non-personal data is managed. Last week, the Financial Conduct Authority and the Information Commissioner's Office discussed the importance to the UK's open finance vision of secure, consent-driven data sharing, supported by the UK's Smart Data framework and the newly enacted Data Use and Access Act.

The key provisions being commenced under this statutory instrument include: (i) Part 1, which enables access to customer and business data to support Smart Data schemes; (ii) specified provisions within Part 5, which introduce amendments to existing UK data protection laws, including the UK General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003; (iii) Part 6, which establishes the Information Commission, a new regulatory body responsible for overseeing data use and access; and (iv) Part 7, which introduces amendments to the Online Safety Act 2023, the UK's implementation of Regulation (EU) No 910/2014 on electronic identification and trust services and provisions relating to the use of copyrighted works in the development of AI. This is the first set of commencement regulations under the Act, with some other provisions of the DUAA having come into force automatically—some on Royal Assent under section 142(2), and others two months later under section 142(3).

Return to main site.