The EC’s Data Act guidance on vehicle data

The guidance focuses on key questions: what qualifies as vehicle-related data, which data must be shared, and how access should be provided. The guidelines are aimed at helping OEMs, suppliers, aftermarket service providers, and insurers navigate their obligations under Chapter II of the Data Act, which governs data sharing in both Business-to-Consumer (B2C) and Business-to-Business (B2B) contexts.

Vehicle-related services

Following our previous blog, in which we discussed the meaning of the terms ‘connected products and related services’ extensively, the Commission has now clarified what constitutes a ‘vehicle-related service’, providing multiple illustrative examples. According to the guidance, a vehicle-related service is one that involves a bi-directional data exchange between the vehicle and a service provider (either the manufacturer or a third party) and directly affects the vehicle’s operation or behaviour. Examples include remote control features like locking/unlocking doors or starting the engine, predictive maintenance services based on driver behaviour, cloud-based personalization (e.g. seat or mirror settings) and route optimization using real-time vehicle data.

On the other hand, services that do not influence the vehicle’s functioning – such as insurance based on driving behaviour, offline repairs, or financial consulting – are not considered vehicle-related. These lack either the digital interaction or the operational impact required to meet the definition.

Categorization of vehicle data

Another key element of the guidance is the categorization of vehicle data into three types: raw, pre-processed, and inferred or derived. Only raw and pre-processed data fall within the scope of mandatory access rights. These include sensor signals, vehicle speed, fuel levels, and GNSS-based location data. In contrast, inferred or derived data, such as trajectory predictions, eco-driving scores, and outputs from proprietary algorithms, are excluded from mandatory disclosure, as they represent new insights generated through significant investment or complex processing. The guidance document provides dozens of examples of both data that fall within the scope of the Data Act, and data that are considered inferred or derived, and therefore excluded from mandatory access obligations.

Access Rights and Mechanisms (Articles 3, 4 and 5)

One of the core features of Chapter II of the Data Act is the user’s right to access and use vehicle-generated data, including the right to share it with third parties of their choice. According to the Commission’s guidance, this access can be granted either directly (Article 3(1)), for example, via the vehicle itself, or indirectly (Article 4(1)), such as through backend systems managed by the OEM. However, direct access is only required where it is relevant and technically feasible, giving manufacturers discretion in how they design connected vehicles. Where direct access is not feasible, OEMs must ensure indirect access to readily available data, defined as data that can be obtained without disproportionate effort. In practice, much of this data is already transmitted from the vehicle to backend systems operated by the manufacturer. The Commission confirms that such backend data – often collected under the extended vehicle concept – is considered readily available and therefore falls within the scope of the Data Act’s access obligations. That said, OEMs may opt not to retrieve or store certain data points, even if the vehicle’s architecture technically supports their transmission. This decision may stem from limitations in bandwidth, processing capacity, or a lack of perceived business relevance. However, the Commission clarifies that such data may still be considered “readily available” if it can be lawfully accessed without disproportionate effort. In evaluating this, OEMs are expected to take into account factors such as technical complexity and associated costs. Importantly, users can also instruct OEMs to share this data with third parties (Article 5(1)).

Quality, Usability, and Design Considerations

The Commission emphasizes that data must be made available in a non-discriminatory and high-quality manner. This means that independent service providers, such as repair shops, must receive data of the same quality as that available to OEMs or their authorized partners. Access must also be facilitated and user-friendly, without unnecessary costs or technical barriers. For example, if access is provided through a standard vehicle interface (such as the diagnostic port), users should not be required to purchase specialized tools or possess advanced technical skills. Finally, while the Data Act only applies to data designed to be retrievable, OEMs are encouraged to consider the importance of certain data points – like odometer readings or GNSS location – for aftermarket services when designing vehicle systems.

Conclusion

The Commission’s guidance provides clarity on how the Data Act applies to vehicle data, setting expectations for data access, categorization, and sharing obligations. For clients in the automotive ecosystem – whether OEMs, suppliers, or aftermarket service providers – this means preparing for a more transparent and user-centric data environment. Companies should assess their technical infrastructure, data governance policies, and contractual frameworks to ensure compliance and to seize new opportunities for innovation and service delivery.

For more insights and related updates, explore our EU Data Act hub.