All Posts

Open Finance

EU Data Act for Automotive: What OEMs Need to Know About Connected Vehicle Data

How the EU Data Act affects automotive OEMs and fleet operators. Covers vehicle data obligations, telematics sharing, and compliance requirements.

Connected vehicles generate enormous volumes of data — telematics, diagnostics, battery status, location, driving patterns, and sensor readings. Under the EU Data Act, vehicle users now have the legal right to access this data and to direct it to third parties of their choice. For automotive OEMs and fleet operators, this creates new obligations around data sharing, consent, and infrastructure.

How the EU Data Act Applies to Connected Vehicles

The EU Data Act classifies connected vehicles as connected products — products that obtain, generate, or collect data concerning their use or environment, and can communicate that data via an electronic communications service. Modern vehicles clearly meet this definition.

This means vehicle manufacturers (OEMs) are data holders under the Act, and vehicle owners/operators are users with data access rights. The obligations have been in effect since September 12, 2025.

What Vehicle Data Must Be Shared

The Act covers data generated by the use of the vehicle. This includes:

  • Telematics data — location, speed, acceleration, braking patterns, route history
  • Diagnostic data — engine/motor health, fault codes (DTCs), warning alerts, service intervals
  • Battery and energy data — state of charge, charging history, energy consumption, range estimates (for EVs and hybrids)
  • Sensor data — tyre pressure, ambient temperature, fuel/energy levels, fluid levels
  • Usage data — mileage, trip data, driving modes, feature usage
  • Infotainment data — connected service usage patterns (not content)

Data that is derived from the raw data through proprietary algorithms (e.g., predictive maintenance scores, driver behaviour ratings) is not required to be shared. Only the underlying recorded data must be made available.

Who is Affected

Vehicle OEMs

Any manufacturer selling connected vehicles in the EU market. This includes passenger car OEMs, commercial vehicle manufacturers, and motorcycle manufacturers. The obligation applies regardless of where the vehicle was manufactured — what matters is that it is sold and used in the EU.

Fleet Operators and Leasing Companies

Organisations that operate connected vehicle fleets (logistics companies, rental agencies, leasing firms) are users under the Act and have data access rights. They may direct vehicle data to third-party fleet management platforms, insurance telematics providers, or maintenance service providers.

Tier 1 Suppliers and Connected Service Providers

If you provide connected services that generate data from vehicle use (telematics platforms, connected navigation, remote diagnostics), you may also be classified as a data holder with sharing obligations.

Why This Matters for the Automotive Industry

Vehicle data has been a contested topic in the automotive industry for years. OEMs have historically controlled access to connected vehicle data through proprietary platforms, creating a commercial advantage in aftermarket services, insurance partnerships, and fleet management.

The EU Data Act changes this dynamic by giving vehicle users (and the third parties they designate) a legal right to the data. This has significant implications:

Aftermarket competition. Independent repair shops, insurance companies, and fleet management providers can now access vehicle data through the user, reducing OEMs' control over aftermarket data flows.

Insurance telematics. Drivers can share their driving data with insurers of their choice, enabling usage-based insurance products without requiring the insurer to partner directly with the OEM.

Fleet management. Fleet operators can consolidate vehicle data from multiple OEMs into a single fleet management platform, reducing vendor lock-in.

New service models. Third-party developers can build services on top of vehicle data — from personalised driving insights to predictive maintenance to energy management for EVs.

Technical Implementation Challenges

Volume and Frequency

Modern connected vehicles generate terabytes of data annually. The Act requires data to be provided without undue delay, and where feasible, continuously or in real time. For high-frequency sensor data, this means streaming API infrastructure, not batch downloads.

Multi-Stakeholder Consent

Vehicle data can involve multiple parties. The owner, the primary driver, and secondary drivers may all have different data-sharing preferences. Fleet vehicles add organisational consent on top of individual consent. Your consent management system needs to handle these overlapping relationships.

Data Categorisation

You need to distinguish between data you must share (user-generated usage data), data you may protect (trade secrets, proprietary algorithms), and data subject to other regulations (personal data under GDPR). This categorisation drives your API scope and access controls.

Cross-Border Considerations

Vehicles move across EU member states, each with potentially different enforcement frameworks and penalty structures. Your compliance infrastructure needs to be consistent across the EU, while respecting member state variations in enforcement.

What OEMs Should Build

To comply with the EU Data Act, automotive OEMs need:

  1. A data access portal for vehicle owners to view and download their data in machine-readable formats (JSON, CSV).
  2. APIs for third-party access that allow authorised third parties to receive data when directed by the user, with appropriate authentication and rate limiting.
  3. Consent management infrastructure to handle user-directed data sharing, record consent decisions, and enable revocation.
  4. FRAND pricing framework for charging third parties, with transparent terms and cost-based pricing for SMEs.
  5. Audit logging for all data access events, supporting regulatory reporting and dispute resolution.
  6. "Data by design" product architecture (by September 2026) ensuring new vehicles are designed with direct data accessibility built in.

The Competitive Opportunity

While the EU Data Act creates compliance obligations, forward-thinking OEMs are treating it as an opportunity:

Data platform as a service. Build a data sharing platform that not only complies with the Act but offers premium data services (enriched analytics, predictive insights) to third parties on commercial terms.

Ecosystem enablement. By making vehicle data easily accessible, you attract third-party developers who build services that make your vehicles more valuable to users.

Customer trust. OEMs that handle data sharing transparently and give users genuine control build stronger customer relationships than those who resist or delay compliance.

Fiskil's Data Provider platform provides the API infrastructure, consent management, and audit capabilities that automotive OEMs and connected product manufacturers need for EU Data Act compliance. Learn how we help with EU Data Act compliance.

Related articles

The EU Data Act Is Already in Effect: What Companies Need to Do Now

The EU Data Act Is Already in Effect: What Companies Need to Do Now

The EU Data Act's main obligations are already enforceable. What companies with connected products need to do now to comply and avoid penalties.

EU Data Act for Connected Product Manufacturers: What You Need to Share and How

EU Data Act for Connected Product Manufacturers: What You Need to Share and How

What the EU Data Act requires connected product manufacturers to do. Covers data-sharing obligations, technical requirements, and implementation options.

Building EU Data Act Compliant Data Sharing Infrastructure: A Technical Guide

Building EU Data Act Compliant Data Sharing Infrastructure: A Technical Guide

How to build data-sharing infrastructure that meets EU Data Act requirements. Covers API architecture, consent flows, formats, and security patterns.