One Grid, Many Rules: Where the EU Data Act Meets Energy Regulation
This is the fifth article in a series exploring regulatory themes from ENODA's participation in the European Blockchain Sandbox (EBS).
One of the most complex challenges facing European flexibility isn't physics or hardware. It's data: who has it, who's allowed to see it, who's allowed to act on it, and under which rules.
Brussels has not been idle. The EU Data Act has applied since September 2025. The Electricity Directive and Regulation were updated in 2024. A Network Code on Demand Response is in the final stages of adoption. And the European Commission has tabled a Digital Omnibus Regulation that would meaningfully change the Data Act before most companies have finished reading the original.
This is a critical concern for anyone building infrastructure that coordinates Distributed Energy Resources (DERs) across borders. It shapes architecture, contracts, and the markets you can credibly operate in.
The regulatory landscape
The framework is primarily shaped by three instruments.
The EU Data Act establishes horizontal rules for data generated by connected products: how that data must be made accessible to users, and how it can be shared with third parties. Most provisions are now live; the "data access by design" obligation under Article 3(1) only bites for products placed on the market after 12 September 2026, giving manufacturers a measure of runway.
Sector-specific energy law sets its own data-sharing obligations, layered on top of the Data Act rather than replaced by it. The Electricity Directive and Regulation, as amended by the 2024 Electricity Market Design Reform, require Member States to ensure that consumers, and the parties they authorise (e.g. suppliers, aggregators, energy service providers) can access metering and consumption data held by DSOs or designated metering data administrators. The Implementing Act on Interoperability supplies the detail.[AB1]
The Network Code on Demand Response is the piece still settling into place. The Agency for the Cooperation of Energy Regulators (ACER) submitted its final proposal to the European Commission in March 2025; adoption is expected during 2026 and national implementation by 2027. The Code will set the framework for harmonization of aggregation models, baselining, market-based procurement of flexibility, and data sharing between aggregators, Balance Service Providers (BSPs), Transmission System Operators (TSOs), and Distribution System Operators (DSOs). [AB2] It travels alongside accompanying amendments to the Electricity Balancing Regulation, the System Operation Regulation, and the Demand Connection Network Code, each taken forward as a separate legal instrument to keep the wider rulebook consistent.
A coordination platform sitting in this landscape is governed by all four at once. The first question is which one wins where they disagree.
Article 44 and the precedence question
The Data Act answers this in Article 44. Sector-specific obligations on data availability that predate the Act are unaffected. New sectoral rules can specify further requirements in light of a sector's needs. In practice, sectoral law takes precedence where it conflicts with the horizontal regime. Which sounds cleaner than the reality.
Energy-sector data law was written for a world of metering and consumption flowing between fixed actors with stable roles: supplier, DSO, customer. The Data Act was written for a world of connected products generating data that users, manufacturers, and third parties might all want access to. Coordination platforms sit precisely on the seam. A behind-the-meter battery is a connected product; the data it generates may flow through aggregators into balancing markets; those aggregators interact with TSOs and DSOs governed by sector-specific access rules. Which regime applies to which segment of the data flow is rarely obvious from the texts alone.[AB3]
The EBS dialogues brought this view into focus. The answer depends on how a platform is architected, what counts as product data versus metering data, who is the data holder and who the recipient is at each stage, and how the contracts between them are drafted. Two well-engineered platforms doing functionally similar things can sit in materially different positions under EU data law, separated only by design choices that appeared minor at the time.
The smart contracts question
When the Data Act was adopted, Article 36 introduced "essential requirements" for smart contracts used in data-sharing arrangements: robustness, access control, safe termination, conformity assessment. The drafting was aimed at enterprise software automating bilateral agreements, but read more broadly as catching almost anything running on a ledger that happened to touch data sharing.
The Digital Omnibus Regulation, tabled by the European Commission in November 2025, removes Article 36 entirely, without replacement. The Commission's own explanatory memorandum is unusually candid: smart contracts in data sharing remain experimental, no harmonised standards have emerged, and the original wording risked sweeping in distributed-ledger architectures that did not match the underlying assumption.
If adopted as proposed, with trilogue negotiations expected through spring 2026 and adoption likely by mid-2026, this is genuine progress for anyone using Distributed Ledger Technology (DLT) for evidence and accounting in regulated sectors. It removes a compliance question that had no clear answer.
The Omnibus narrows business-to-government data access from "exceptional need" to "public emergencies", adjusts the switching regime for legacy cloud contracts, and reshapes data-breach notification under the General Data Protection Regulation. Those building data architecture into a product roadmap should follow the trilogue, not the November text.
What the Network Code on Demand Response should sharpen
Once the Network Code on Demand Response is in force, some of the current ambiguity will narrow. The draft harmonises how aggregators interact with system operators on questions that today vary widely between Member States: the data-flow obligations between BSPs, Balance Responsible Parties (BRPs), TSOs, and DSOs across prequalification, dispatch, and settlement; baselining methodologies validated by the National Regulatory Authority (NRA); the priority between market-based and non-market-based procurement of flexibility; and the order in which aggregation models are constructed, with balance responsibility first, compensation flows next, and metering architecture last.
If the final text holds the spirit of ACER's proposal, the Article 44 precedence test becomes easier to apply, because sectoral law will simply be more precise. It will also create new obligations. Aggregators will face sharper expectations on data quality, dispatch evidence, and settlement reporting, none of which is softened by anything in the Data Act or the Omnibus.
As national rules following the Network Code are expected by 2027, timing is now of the essence. We must plan ahead and take into account any divergence in how Member States implement them, as seen with the Network and Information Security Directive (NIS2).
What this means in practice
Three design implications stand out.
Not all data is regulated equally under EU law. Telemetry from a smart inverter, metering data accessed by a DSO, settlement evidence committed to a ledger, and personal data belonging to an active customer sit under different regimes, with different access rights and different lawful bases. A platform that treats them as a single bucket will struggle to demonstrate compliance under any of them.
It’s important to note that contracts can provide clarity, where classification falters. Where the legal taxonomy is ambiguous, well-drafted agreements between platform, users, aggregators, BRPs, and system operators do the work of clarifying who is the data holder, who is the recipient, and on what terms.
Optionality is worth paying for in both the technical build and the contract drafting. [AB4] With the Omnibus still in trilogue and the Network Code on Demand Response heading towards national implementation, the rules will look meaningfully different in eighteen months. Architectures that hard-wire current assumptions about smart contract requirements, data-sharing protocols, or who plays which role age badly. The cost of building optionality in is almost always lower than the cost of rebuilding without it.
Energy markets and digital regulation were not bult to converge yet as digitalisation accelerates, the overlap between them is growing rapidly – and becoming increasingly difficult to separate.
While the Data Act, the energy network codes, and the Digital Omnibus are each individually defensible; the interplay between them is genuinely contested ground, and the contestation will continue. For platforms working at that intersection, the only credible posture is to expect ambiguity, design for flexibility, and stay close to the people writing the rules.
ENODA is building a coordination and settlement platform for Distributed Energy Resources. The next article in this series will examine how energy and digital regulation define overlapping market roles, and what that means for platforms that touch several of them at once.