Reuschlaw

Data Act: New requi­re­ments for the auto­mo­ti­ve industry

With the Data Act, the Euro­pean legis­la­tor has crea­ted a far-reaching set of rules that impo­ses new requi­re­ments on the pro­ces­sing of non-personal data. The regu­la­ti­ons will gra­du­al­ly be appli­ed from 12 Sep­tem­ber 2025. Due to the lar­ge num­ber of net­work­ed vehic­le com­pon­ents, the auto­mo­ti­ve indus­try is par­ti­cu­lar­ly affec­ted by the requi­re­ments of the legal act. The fol­lo­wing artic­le explains the most important requi­re­ments and pro­vi­des prac­ti­cal advice on how to imple­ment them.

What data is affected?

The Data Act regu­la­tes access to data from net­work­ed pro­ducts (IoT) and rela­ted ser­vices. It coll­ects non-personal data gene­ra­ted by net­work­ed vehic­le com­pon­ents and digi­tal ser­vices, for exam­p­le, inclu­ding sen­sor data, ope­ra­ting data, meta­da­ta and dia­gno­stic data. At the same time, the pro­tec­tion of per­so­nal data under the Gene­ral Data Pro­tec­tion Regu­la­ti­on remains unaffected.

To do

  • Check whe­ther the manu­fac­tu­red pro­ducts are affected.
  • Cate­go­ri­se the pro­ces­sed data.

New requi­re­ments for access to data

A key ele­ment is the right of users to access pro­duct and usa­ge data. Manu­fac­tu­r­ers and ope­ra­tors of net­work­ed vehic­le com­pon­ents and digi­tal plat­forms must take this into account as ear­ly as the pro­duct deve­lo­p­ment stage (access by design). The pro­vi­si­on must be secu­re, free of char­ge and machine-readable. Users can also ins­truct third par­ties to access the data. This requi­res a clear tech­ni­cal and con­trac­tu­al design of data access.

To do

  • Ensu­re that data can be pro­vi­ded in a stan­dar­di­sed and machine-readable format.

New requi­re­ments for the dis­clo­sure of data

The Data Act also affects the sha­ring of data in the B2B sec­tor. Data hol­ders must pro­vi­de access on fair, reasonable and non-discriminatory terms (FRAND prin­ci­ple). Unfair con­trac­tu­al clau­ses that allow for uni­la­te­ral con­trol over data are pro­hi­bi­ted. Trade secrets and sen­si­ti­ve com­pa­ny data are excluded. As a result, many com­pa­nies need to revi­se their sup­p­ly, deve­lo­p­ment and data licen­sing agreements.

To do

  • Con­tract review and, if neces­sa­ry, adapt­a­ti­on of exis­ting data licensing.
  • Review non-disclosure agree­ments and safeguards.

Impact on the sup­p­ly chain 

OEMs and sup­pli­ers work with com­plex sup­p­ly chains in which data is exch­an­ged bet­ween seve­ral part­ners. The Data Act requi­res com­pli­ance checks along the enti­re sup­p­ly chain to ensu­re that all par­ties invol­ved meet the new requi­re­ments. The respon­si­bi­li­ty not only lies with the OEMs, but also with the sup­pli­ers who sup­p­ly net­work­ed sys­tems and com­pon­ents. Com­pa­nies must the­r­e­fo­re coor­di­na­te with their part­ners at an ear­ly stage to avo­id con­trac­tu­al risks and regu­la­to­ry pitfalls.

To do

  • Iden­ti­fy data flows in the sup­p­ly chain.
  • Draf­ting, revie­w­ing and sup­ple­men­ting data licen­sing agree­ments in the sup­p­ly chain.

Act now and imple­ment requirements

The Data Act repres­ents a chall­enge for the auto­mo­ti­ve indus­try, but also an oppor­tu­ni­ty. Tho­se who imple­ment the new requi­re­ments at an ear­ly stage can posi­ti­on them­sel­ves stra­te­gi­cal­ly and secu­re com­pe­ti­ti­ve advan­ta­ges. Espe­ci­al­ly in the field of net­work­ed vehic­les, intel­li­gent sen­sor tech­no­lo­gy and data-based mobi­li­ty ser­vices, the avai­la­bi­li­ty of data is beco­ming a key fac­tor for inno­va­ti­on and mar­ket position.

back

Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.