Introduction
On 12 September 2025, the European Commission published the “Guidance on Vehicle Data, accompanying Regulation 2023/2854 (Data Act).” The document defines the categories of data falling within the scope of Chapter II of the Regulation and outlines the access rights granted to users and to third parties designated by them.
The Data Act in brief
The Data Act—published in the Official Journal of the European Union on 22 December 2023 and entered into force on 11 January 2024, but applicable starting from 12 September 2025—is a horizontal regulation governing fair access to and use of data in the European Union. It applies to all economic sectors and introduces a series of obligations for data holders—those entitled or obliged to use or make available data generated by the use of a connected product or a related service—while simultaneously granting new rights to data users.
The innovative scope of the Regulation lies in transforming data into an asset legally usable by multiple parties: in the automotive sector, the vehicle user acquires the right to access, reuse, and share data generated by their own car, while third parties authorized by them (for example, independent workshops, insurance companies, or telematics start-ups) may request direct access to such data from the data holder, under the conditions set out in Articles 5 and 9 of the Regulation. This represents a paradigm shift requiring companies in the sector to reassess their contractual models, compliance processes, and the technical structure of their data collection systems.
Connected product and related service
The guidelines clarify, first of all, that a vehicle qualifies as a “connected product” when it meets two cumulative requirements: it must generate or collect data concerning its use or its surrounding environment, and it must have the ability to communicate such data via an electronic communications service, a physical connection, or on-device access. It is irrelevant whether the product’s primary function is different from data storage or transmission; what matters is its technical capability to exchange information.
“Related services,” on the other hand, are digital services—distinct from traditional electronic communications—that are linked to the vehicle in such a way that their absence would prevent the operation of one or more vehicle functions, or services subsequently connected to add, update, or adapt such functions. Examples include a remote-control app enabling locking or unlocking of doors, a route optimization software that adjusts charging strategy in real time, or a predictive maintenance service based on driving behavior.
Excluded from this category are traditional assistance, consulting, or repair services that do not digitally interact with the vehicle and do not affect its operational performance.
Raw data, pre-processed data, inferred or derived data
A crucial aspect of the guidelines concerns the taxonomy of data, as its classification determines the obligation to (or exemption from) sharing with other entitled parties.
Raw data are primary, essentially unmodified data generated automatically by sensors or by user actions: from tire pressure and engine rotation to ignition commands. These data fully fall within the scope of the Data Act and must be made accessible, where “technically feasible,” directly to the user or, alternatively, via the data holder.
Pre-processed data are data that have undergone normalization, filtering, or aggregation operations in order to render them understandable and reusable, without altering their descriptive nature of the vehicle’s state or functioning. Corrected readings such as temperature, speed, fuel level, average consumption, and GPS tracking typically fall into this category. These are subject to the same access regime as raw data and cannot be withheld by the manufacturer on the grounds of protecting proprietary investments in software, since the transformation performed has purely preparatory purposes.
Inferred or derived data are information resulting from complex processing, often based on proprietary algorithms, which generate new and distinct content. Examples include driver-assistance systems classifying road objects, eco-driving scores, trajectory forecasts, or energy consumption optimization through machine learning. According to the Commission, such data fall outside the disclosure obligation, as they result from additional investments and represent know-how deserving protection.
Legal implications for the automotive ecosystem
The segmentation of data translates into significant technical and contractual obligations. First, car manufacturers will need to assess whether their system architecture effectively makes raw and pre-processed data “retrievable,” failing which they risk being challenged for non-compliance. While safeguarding technological neutrality, the Regulation requires that the data provided be of the “same quality” as those directly accessed by the data holder, imposing a non-discrimination regime toward independent workshops and aftermarket operators. This makes it necessary to implement access interfaces—such as remote backends or on-board ports—that do not require costly proprietary tools for the end user.
On the contractual side, Article 9 grants data holders the right to “reasonable” compensation, to be calculated according to criteria that the Commission will clarify in dedicated guidelines.
Conclusions
For industry players, new business opportunities are emerging—new forms of monetization, value-added services, alternative maintenance solutions—but also challenges in terms of compliance, architectural adaptation, and revision of licensing policies and contractual templates. Manufacturers will need to consider how to reconcile the protection of their technological assets with the new access rights, while independent service providers will be able to compete on a more level playing field.
|
|
