Citation, interpretation and extent

1.—(1) These Regulations may be cited as the Data (Use and Access) Act 2025 (Commencement No. 1) Regulations 2025.

(2) In these Regulations “ the Act ” means the Data (Use and Access) Act 2025 .

(3) These Regulations extend to England and Wales, Scotland and Northern Ireland, except paragraph 23 of Schedule 12A to the Data Protection Act 2018(2) (inserted by Schedule 14 of the Act, commenced by regulation 2(z)), which extends to England and Wales and Northern Ireland only.

Commencement

2. The following provisions of the Act, so far as not already in force (see section 142(2)(h) of the Act), come into force on 20th August 2025—

(a)Part 1 (access to customer data and business data);

(b)section 72 (processing in reliance on relevant international law), except—

(i)subsection (3), and

(ii)subsection (7), to the extent that it refers to Article 8A(3)(e) in the insertion of section 9A (processing in reliance on relevant international law) in the Data Protection Act 2018;

(c)section 74 (processing of special categories of personal data);

(d)section 84 (law enforcement processing and codes of conduct);

(e)section 91 (duties of the Commissioner in carrying out functions);

(f)section 92 (codes of practice for the processing of personal data);

(g)section 93 (codes of practice: panels and impact assessments);

(h)section 95 (analysis of performance);

(i)section 102 (annual report on regulatory action);

(j)section 104 (court procedure in connection with subject access requests);

(k)section 106 (protection of prohibitions, restrictions and data subject’s rights);

(l)section 107 (regulations under the UK GDPR);

(m)section 108 (further minor provision about data protection);

(n)section 109 (the PEC Regulations);

(o)section 110 (interpretation of the PEC Regulations), except subsection (2)(a) and (b) and subsection (3);

(p)section 111 (duty to notify the Commissioner of personal data breach: time periods);

(q)section 113 (emergency alerts: interpretation of time periods);

(r)section 117 (the Information Commission), except subsection (4)(a);

(s)section 125 (information for research about online safety matters);

(t)section 129 (the eIDAS Regulation);

(u)section 134 (time periods: the eIDAS Regulation and the EITSET Regulations);

(v)section 135 (economic impact assessment);

(w)section 136 (report on the use of copyright works in the development of AI systems);

(x)section 137 (progress statement);

(y)Schedule 11 (further minor provision about data protection), except paragraphs 22, 23, 25, 28, 29, 30, 31 and 32;

(z)Schedule 14 (the Information Commission).