This Act matters for businesses building data products, identity checks, open finance tools, online services or customer data workflows. For most small businesses, the immediate point is not to panic. It is to know where customer data is collected, shared, verified or automated so future commencement, regulator guidance and customer requests can be handled cleanly.
Main laws
United Kingdom Act
Data (Use and Access) Act 2025
The Data (Use and Access) Act 2025 changes parts of the UK data, digital verification and smart data framework.
In forceUnited KingdomPlain-English guide4 practical checks
Plain-English explainers, not legal advice. Use the linked official source for section-level detail, and get advice for your situation.
Get legal helpStart here
Quick read
- This Act matters for businesses building data products, identity checks, open finance tools, online services or customer data workflows.
- For most small businesses, the immediate point is not to panic.
Likely relevant if
- Digital platforms and SaaS businesses
- Fintech and open banking products
- Businesses using digital identity or verification services
Check first
- Map customer, user and business data flows before changing product features
- Check whether digital verification or smart data rules affect the service
- Keep privacy notices, processor contracts and consent journeys aligned
What this means in practice
Key points
- The law is a reform framework, so timing and guidance matter.
- Data sharing features need product, legal and security input together.
- Do not promise customers new access or portability features until the operational process is clear.
When this law usually matters
Most businesses do not need to memorise the whole law. The useful starting point is to know when it is likely to affect a contract, customer journey, employee process, data flow or company decision.
Key points
- Digital platforms and SaaS businesses
- Fintech and open banking products
- Businesses using digital identity or verification services
- Organisations sharing customer or business data with third parties
What to check first
Sense check
- Map customer, user and business data flows before changing product features
- Check whether digital verification or smart data rules affect the service
- Keep privacy notices, processor contracts and consent journeys aligned
- Track commencement and regulator guidance before relying on a new process
Documents and workflows to review
Key points
- Data map
- Privacy policy
- Processor and data-sharing agreements
- Product requirements for data access
- Identity verification vendor contracts
Related topics
How Sprintlaw can help
Update history
New13 June 2026
Data use and access reform added for UK digital businesses
The Data (Use and Access) Act 2025 is now tracked for smart data, digital verification and customer data workflows.