The so-called Data Act is intended to define future rules for access to vehicle data. The aim is to ensure that the use of data between OEMs, users and repair shops or parts dealers is fair and legally safe. For the first time, this will create a uniform legal framework for access to IoT data (Internet of Things - a network of linked objects and devices) in the aftermarket. Such data includes sensor data, operating data, metadata and diagnostic data, for example.
The regulation on harmonised rules for fair data access and fair data use (Data Act) was adopted by the Council of the European Union in November 2023. It came into force on 11 January 2024 and will become directly applicable law throughout the European Union from 12 September 2025.
What is the Data Act?
The aim is to define regulations so that data can be used more and more effectively in different areas of life. This includes, among other things, regulations for passing on data by companies to consumers or other companies, as well as obligations for data owners who are obliged to provide data under EU law (including remuneration regulations in the B2B area).
What does the Data Act regulate in the automotive industry?
Specifically, the Data Act regulates user rights. All users of a vehicle, such as the owner, the leasing company or the fleet operator, have the right to access the data recorded during the use of the vehicle. They also have the right to pass this data on to third parties, e.g. to an independent repair shop, a parts wholesaler, insurance, etc. This provides users with more robust rights with regard to their vehicle data.
The importance for the aftermarket
Who can access which data under what conditions? By introducing harmonised rules, the Data Act aims to finally provide clarity. Until now, there have only been a number of different national regulations in place. The Data Act relies on the concept of cogeneration of data. Because this data occurs through the use of networked products. In line with this, all rights to the use of the data should also be fair. This does not mean that data must be made available free of charge, appropriate remuneration is permitted and criteria should be drawn up in guidelines. This represents real added value for the aftermarket, as workshops, parts wholesalers and service platforms receive legally secure access to relevant vehicle data for the first time. However, two conditions must be met: On the one hand, the vehicle user must agree, on the other hand, the EU Commission expects third-party providers to fulfil the necessary data processing capabilities. In other words, the OEM must provide the data, but not process it.
Criticism
According to the Gesamtverband Autoteile-Handel e.V. (GVA), the Data Act does not yet go far enough. It calls for sector-specific regulations for the automotive sector. Another criticism is that the Data Act only includes vehicle-generated data, but not vehicle functions and vehicle resources, which play an important role in vehicle diagnostics. These issues would be mitigated by an independent control for an SSL (Secure Sockets Layer).