AVM Introduces 25 New Usage Provisions in Response to the EU Data Act
AVM, a leading router manufacturer based in Berlin, has taken a significant step in compliance with the EU Data Act by introducing 25 new usage provisions. This initiative came with the release of FritzOS 8.25 on July 5, 2026, making AVM the first major company to adapt to the privacy and data protection framework set by the EU. These changes represent an important development in the industry as hardware manufacturers align their systems with evolving regulatory standards.
Scope of the New Regulations
With the introduction of these updated rules, AVM aims to enhance the transparency and security of user data. The new provisions cover a variety of technical data points, including MAC addresses, provider identifiers, operating system versions, country settings, diagnostic information, and smart home data.
AVM has committed to not using this information for marketing purposes or sharing it with third parties. Additionally, users have the option to object to data collection. While their routers will continue to function, certain services may have limited accessibility, emphasizing user choice in data sharing.
Stricter AI Regulations by the EU
Concurrent with the Data Act, the EU has also tightened regulations regarding Artificial Intelligence (AI). On June 29, 2026, the EU Council approved the “Digital Omnibus on AI,” which includes binding compliance deadlines. Key timelines include the implementation of transparency obligations starting August 2, 2026, and specific prohibitions on deepfake applications set to take effect on December 2, 2026.
High-risk AI systems face stricter deadlines: independent systems must comply by December 2027, while embedded systems have until August 2028. Violations could result in fines of up to €35 million or 7% of a company’s worldwide annual revenue, with personal liability on company executives for serious breaches.
Simplifying Data Protection Oversight
In Germany, the fragmented landscape of data protection oversight has drawn criticism for years. In response, Hamburg is pushing for a federal initiative, set to be discussed on July 10, 2026, to streamline these processes. The proposal aims to consolidate data protection oversight into a single authority for companies and research institutions operating across multiple states, creating a more cohesive framework.
This aligns with broader efforts to bolster digital sovereignty, shifting how public entities evaluate data location in tenders, particularly under the bidding acceleration law effective from July 1, 2026.
Clarity from the European Court of Justice
The European Court of Justice has also weighed in on data rights, clarifying that even a first data request under the GDPR may be deemed excessive if made with malicious intent. Additionally, claimants for damages must demonstrate actual harm rather than basing claims on mere speculation of potential damage.
Recent discussions among the coalition government in Germany suggest new regulations that would tie data access rights to a legitimate interest while possibly anonymizing the names of public servants in agencies—decisions that some former data protection commissioners criticize as a setback for transparency.
Risks to Transatlantic Data Exchange
The ongoing inconsistencies in data protection oversight create financial and operational challenges for companies in Germany as well. With personal liability risks looming for executives, there is increasing pressure to document data flows accurately and employ encryption techniques while exploring European cloud alternatives for better compliance.
Moreover, uncertainties surrounding the data exchange framework between the EU and the U.S. have intensified. A recent ruling by the U.S. Supreme Court challenging the independence of the Federal Trade Commission (FTC) could jeopardize the EU-U.S. Data Privacy Framework, prompting experts to urge proactive measures from businesses in safeguarding their data dealings.
Conclusion
As AVM leads the way in adapting to the EU Data Act, its actions underscore a critical shift that businesses must navigate in an increasingly regulated landscape. Knowledge and proactive adaptation are essential for firms striving to remain compliant while protecting user privacy and data security as legislative developments unfold.

