New EU Guidance for Automotive Stakeholders on Implementing Chapter II of the EU Data Act

The European Commission’s Guidance on Vehicle Data (C(2025) 6119 final) (the “Vehicle Data Guidance”) provides the automotive sector with a roadmap for applying Chapter II of the EU Data Act (Regulation 2023/2854) to data generated through the use of connected products and related services.
This article distills the key points to help OEMs, suppliers, aftermarket service providers, and insurers meet their obligations while identifying strategic opportunities.

1. The Data Act: Context and Legal Framework

The EU Data Act sets harmonised rules for accessing and using non-personal data generated by connected products and related services across the Union.
The provisions in Chapter II of the EU Data Act are central: they define data-holder duties toward users, establishing three core principles:

1. Contractual Use of Data – A data holder may use non-personal data only under a contract with the user (Art. 4(13) EU Data Act).

2. User Right of Access – Data holders (e.g., manufacturers, service providers) must give users direct or indirect access to the data generated (Art. 3(1) EU Data Act).

3. Pre-Contract Information – Sellers or service providers must inform users about the data generated before contract conclusion (Art. 3(2) EU Data Act).

The Vehicle Data Guidance focuses on the right of access in point 2 and does not interpret the other obligations.

The Commission emphasises that this guidance is sector-specific and complements – without replacing – other laws, including:

• Type-Approval Regulation (EU) 2018/858 (e.g., on-board diagnostics)

• EU competition rules on motor-vehicle vertical agreements

• GDPR (Reg. 2016/679) for personal-data processing

Notwithstanding the Vehicle Data Guidance, binding interpretation of the Data Act remains the sole prerogative of the Court of Justice of the EU.

2. Determining Scope: What Vehicle Data Must Be Shared

Chapter II requires data holders to share data generated by a user’s use of connected products or related services. What does this mean for the automotive industry?

2.1 Connected Products

A “connected product” collects or generates data about its use or environment and can transmit it electronically, where data storage or processing is not its main function. Most modern vehicles meet this definition; OEMs must assess whether their verhicles qualify.

2.2 Related Services

A “related service” is a digital service – other than mere telecommunications – essential to a connected product’s functions or added post-purchase to update or adapt those functions.

Examples of vehicle-related services include:

• Remote control (locking, engine start/stop, EV charging)

• Predictive maintenance requiring bi-directional data exchange

• Cloud-based driver-preference services

• Dynamic route optimisation linked to real-time vehicle status

• Pay-how-you-drive insurance

By contrast, routine manual repairs or offline maintenance generally do not qualify.

2.3 Data Categories

Not all data is subject to the accessing requirements under Chapter II of the EU Data Act. Only product data (Art. 2(15)) and related-service data (Art. 2(16)) – including the metadata needed to interpret them – are covered. The Commission distinguishes:

1. Raw Data – Unaltered sensor or user signals (e.g., wheel-speed readings, CAN-bus messages, raw camera feeds).

2. Pre-Processed Data – Data refined for comprehension (e.g., odometer values, calculated fuel consumption).

3. Inferred/Derived Data – New insights created by complex or proprietary algorithms (e.g., object detection, predictive-maintenance models).

Only raw and pre-processed data, plus required metadata, fall under the mandatory access regime; inferred or derived data remain out of scope, although the underlying raw inputs remain shareable.

The Vehicle Data Guidance provides extensive examples of each category and clarifies borderline cases such as simple mathematical operations (still in scope) versus complex sensor-fusion analytics (out of scope).

3. Access Rights and Delivery Mechanisms

Chapter II EU Data Act grants users the right to access and use product and related-service data and to share it with third parties.

3.1 Core User Rights

Articles 3–5 EU Data Act create a three-tier model:

• Direct Access (Art. 3): Users must be able to retrieve data directly from the vehicle when technically feasible.

• Indirect Access (Art. 4): If direct access is impracticable, the data holder must provide “readily available data” through alternative channels, such as backend servers.

• Third-Party Sharing (Art. 5): At a user’s request, the data holder must transmit the same (and “readily available”) data to a designated third party.

“Readily available data” includes data the holder can lawfully obtain without disproportionate effort, even if not routinely stored.

3.2 Quality and Non-Discrimination

Data provided to the user must match the holder’s own in accuracy, completeness, and timeliness. OEMs cannot degrade data for independent repairers or impose undue costs or technical barriers.
If, for example, access is provided through the OBD-II port inside the vehicle, the OEM must supply a compatible tool or an equivalent remote method to the user at no extra cost.

3.3 Design Implications

The Act obliges sharing only of data “designed to be retrievable,” excluding data processed solely on-board and immediately deleted. Nonetheless, OEMs are encouraged to design vehicle architectures so key data (e.g., GNSS location, odometer readings) remain retrievable for independent service providers.

4. Compensation Rules

Under Article 9 EU Data Act, data holders required to share data in B2B contexts may seek reasonable compensation. The Commission will issue separate guidance on calculating such compensation (Art. 9(5) EU Data Act).

5. Compliance and Governance

The Commission calls for coordination among Data Act authorities, type-approval regulators, and data-protection agencies, with the European Data Innovation Board facilitating cross-sector dialogue.

Recommended steps for industry actors:

• Data Mapping & Classification – Audit and categorise all vehicle data streams (raw, pre-processed, derived).

• Access Infrastructure – Build secure mechanisms for direct and indirect access.

• Contractual Updates – Revise customer terms and third-party agreements to reflect Data Act rights.

• Privacy Safeguards – Integrate GDPR compliance for any personal data.

• Ongoing Monitoring – Establish internal review processes to track new guidance and CJEU rulings.

6. Strategic Opportunities

Beyond compliance, the Data Act can create value:

• Aftermarket Growth – Easier third-party access fosters innovative maintenance, insurance, and mobility services.

• Customer Trust – Transparent data-sharing builds consumer confidence and brand loyalty.

• Standardisation Leadership – Early movers can shape EU data standards and gain a competitive edge.

The Commission encourages industry-wide collaboration and the development of interoperable standards to support fair competition and technological progress.

Next Steps

Automotive stakeholders seeking an early-mover advantage should consider:

1. Data-Act Readiness Audit – Map data flows and identify gaps in access design.

2. Platform Development – Build or upgrade access systems that meet “same quality” and usability requirements.

3. Regulatory Engagement – Participate in shaping practical standards and compensation models.

4. Team Education – Train staff and partners on user rights and the raw/pre-processed/derived data distinction.

Our firm assists OEMs, suppliers, and service providers from legal risk assessments to contract drafting and technical implementation planning. We invite you to explore a tailored compliance strategy to leverage the Data Act as a driver of innovation and stronger customer relationships.