EU Data Act Vehicle Guidance 2025: What Automotive OEMs Must Share by September 2026

The European Commission issued definitive guidance in September 2025 clarifying which vehicle data automotive manufacturers must share under the EU Data Act.

With enforcement beginning September 2026, OEMs must provide access to raw and pre-processed vehicle data while protecting proprietary algorithms. Direct user access is free, but B2B data sharing can be monetized under reasonable compensation rules.

As the September 2026 deadline nears, the European Commission has issued comprehensive guidance that clarifies exactly which vehicle data must be shared and how. For automotive manufacturers still planning their compliance strategy, it’s now essential to understand these details.

Why This Guidance Matters for Automotive OEMs?

EU Data Act becomes enforceable in September 2026, requiring all connected vehicle manufacturers to provide direct data access to end users and their chosen third parties. While the regulation itself established the legal framework, the Commission’s guidance document – published September 12, 2025 – provides automotive specific interpretation that removes much of the ambiguity manufacturers have faced.

This is no longer just a paper exercise. If you fall short, expect:

  • Heavy financial consequences
  • Serious business risk and reputational damage
  • Potential legal exposure across EU markets
  • A competitive disadvantage as compliant competitors gain market access

For OEMs without appropriate technological infrastructure or clear understanding of these requirements, the deadline is rapidly approaching.

What Vehicle Data Must Be Shared?

The September 2025 guidance establishes clear boundaries between data that falls within and outside the Data Act’s scope, resolving one of the most contested issues in implementation planning.

In-Scope Data: Raw and Pre-Processed Vehicle Data

Manufacturers must provide access to data that characterizes vehicle operation or status. The guidance defines two categories that must be shared:

Raw Data Examples:

  • Sensor signals: wheel speed, tire pressure, brake pressure, yaw rate
  • Position signals: windows, throttle, steering wheel angle
  • Engine metrics: RPM, oxygen sensor readings, mass airflow
  • Raw image/point cloud data from cameras and LiDAR
  • CAN bus messages
  • Manual command results: wiper on/off, air conditioning usage; component status: door locked/unlocked, handbrake engaged

Pre-Processed Data Examples:

  • Temperature measurements (oil, coolant, engine, battery cells, outside air)
  • Vehicle speed and acceleration
  • Liquid levels (fuel, oil, brake fluid, windshield wiper fluid)
  • GNSS-based location data
  • Odometer readings
  • Fuel/energy consumption rates
  • Battery charge level
  • Normalized tire pressure
  • Brake pad wear percentage
  • Time or distance to next service
  • System status indicators (engine running, battery charging status) and malfunction codes and warning indicators

Bottom line is this: If the data describes real-world events or conditions captured by vehicle sensors or systems, it’s in scope – even when normalized, reformatted, filtered, calibrated, or otherwise refined for use.

The guidance clarifies that basic mathematical operations don’t exempt data from sharing requirements. Calculating current fuel consumption from fuel flow rate and vehicle speed still produces in-scope data that must be accessible.

Out-of-Scope Data: Inferred and Derived Information

Data excluded from mandatory sharing requirements represents entirely new insights created through complex, proprietary algorithms:

  • Dynamic route optimization and planning algorithms
  • Advanced driver-assistance systems outputs (object detection, trajectory predictions, risk assessment)
  • Engine control algorithms optimizing performance and emissions
  • Driver behavior analysis and eco-scores
  • Crash severity analysis
  • Predictive maintenance calculations using machine learning models

The main difference is this: The guidance emphasizes that exclusion isn’t about technical complexity alone – it’s about whether the data represents new information beyond describing vehicle status. Predictions of future events typically fall out of scope due to their inherent uncertainty and the proprietary algorithms required to generate them.

However, if predicted data relates to information that would otherwise be in-scope, and less sophisticated alternatives are readily available, those alternatives must be shared. For example, if a complex machine learning model predicts fuel levels, but a simpler physical fuel sensor provides similar data, the physical sensor data must be accessible.

How Must Data Access Be Provided?

The Data Act takes a technology-neutral approach as of September 2025, allowing manufacturers to choose how they provide data access – whether through remote backend solutions, onboard access, or data intermediation services. However, three essential requirements apply:

1. Quality Equivalence Requirement

Data provided to users and third parties must match the quality available to the manufacturer itself. This means:

  • Equivalent accuracy – same precision and correctness
  • Equivalent completeness – no missing data points
  • Equivalent reliability – same uptime and availability
  • Equivalent relevance – contextually useful data
  • Equivalent timeliness – real-time or near-real-time as per manufacturer’s own access

The guidance clearly prohibits discrimination: data cannot be made available to independent service providers at lower quality than what manufacturers provide to their own subsidiaries, authorized dealers, or partners.

2. Ease of Access Requirement

The “easily available” mandate means manufacturers cannot impose:

  • Undue technical barriers requiring specialized knowledge
  • Prohibitive costs for end-user access
  • Complex procedural hurdles

In practice: If data access requires specialized tools like proprietary OBD-II readers, manufacturers must either provide these tools at no additional cost with the vehicle or implement alternative access methods such as remote backend servers.

3. Readily Available Data Obligation

The guidance clarifies that “readily available data” includes:

  • Data manufacturers currently collect and store
  • Data they “can lawfully obtain without disproportionate effort beyond a simple operation”

For OEMs implementing extended vehicle concepts where data flows to backend servers, this has significant implications. Even if certain data points aren’t currently transmitted due to bandwidth limitations, cost considerations, or perceived lack of business use-case, they may still fall within scope if retrievable through simple operations.

When assessing whether obtaining data requires “disproportionate effort,” manufacturers should consider:

  • Technical complexity of data retrieval
  • Cost of implementation
  • Existing vehicle architecture capabilities

What Are Vehicle-Related Services Under the Data Act?

The September 2025 guidance distinguishes between services requiring Data Act compliance and those that don’t.

Services Requiring Compliance (Vehicle-Related Services)

Vehicle-related services require bi-directional data exchange affecting vehicle operation:

  • Remote vehicle control: door locking/unlocking, engine start/stop, climate pre-conditioning, charging management
  • Predictive maintenance: services displaying alerts on vehicle dashboards based on driver behavior analysis
  • Cloud-based preferences: storing and applying driver settings (seat position, infotainment, temperature)
  • Dynamic route optimization: using real-time vehicle data (battery level, fuel, tire pressure) to suggest routes and charging/gas stations

Services NOT Requiring Compliance

Traditional aftermarket services generally aren’t considered related services:

  • Auxiliary consulting and analytics services
  • Financial and insurance services analyzing historical data
  • Regular offline repair and maintenance (brake replacement, oil changes)
  • Services that don’t transmit commands back to the vehicle

The key distinction: services must affect vehicle functioning and involve transmitting data or commands to the vehicle to qualify as “vehicle-related services” under the Data Act.

Understanding the Cost Framework for Data Sharing

The guidance issued in September 2025 draws a clear line in the Data Act’s cost structure that directly impacts business models.

Free Access for End Users

When vehicle owners or lessees request their own vehicle data – either directly or through third parties they’ve authorized – this access must be provided:

  • Easily and without prohibitive costs
  • Without requiring expensive specialized equipment through user-friendly interfaces or methods

Paid Access for B2B Partners

Under Article 9 of the Data Act, manufacturers can charge reasonable compensation for B2B data access. This applies when business partners request data, including:

  • Fleet management companies
  • Insurance providers
  • Independent service providers
  • Car rental and leasing companies
  • Other commercial third parties

For context: The Commission plans to issue detailed guidelines on calculating reasonable compensation under Article 9(5), which will provide specific methodologies for determining fair pricing. This forthcoming guidance will be crucial for manufacturers developing their data plans to monetize data while ensuring compliance.

Key Limitation: These compensation rights have no bearing on other existing regulations governing automotive data access, including technical information necessary for roadworthiness testing. The Data Act’s compensation framework applies specifically to the new data sharing obligations it creates.

Practical Implementation Considerations for September 2026

Backend Architecture and Extended Vehicle Obligations

The extended vehicle concept, where data continuously flows from vehicles to manufacturer backend servers, creates both opportunities and obligations. This architecture makes data readily available to OEMs, who must then provide equivalent access to users and third parties.

Action items:

  • Audit which data points your current architecture makes readily available
  • Ensure access mechanisms can deliver this data with equivalent quality to all authorized recipients
  • Evaluate whether data points not currently collected could be obtained “without disproportionate effort”

Edge Processing and Data Retrievability

Data processed “on the edge” within the vehicle and immediately deleted isn’t subject to sharing requirements. However, the September 2025 guidance encourages manufacturers to consider the importance of certain data points for independent aftermarket services when deciding whether to design these data points as retrievable.

Critical data points for aftermarket services:

  • Accelerometer readings
  • Vehicle speed
  • GNSS location
  • Odometer values

Making these retrievable benefits the broader automotive ecosystem and may provide competitive advantages in partnerships.

Technology Choices and Flexibility

While the Data Act is technology-neutral, chosen access methods must meet quality requirements. If a particular implementation – such as requiring users to physically connect devices to OBD-II ports – results in data that is less accurate, complete, or timely than backend server access, it fails to meet the quality obligation.

Manufacturers should evaluate access methods based on:

  • Data quality delivered to recipients
  • Ease of use for different user types
  • Cost-effectiveness of implementation
  • Scalability for B2B partnerships
  • Integration with existing digital infrastructure

Databoostr: Purpose-Built for EU Data Act Compliance

Grape Up’s Databoostr platform was developed specifically to address the complex requirements of the EU Data Act. The solution combines specialized legal, process, and technological consulting with a proprietary data sharing platform designed for automotive data compliance.

Learn more about Databoostr and how it can help your organization meet EU Data Act requirements.

Addressing the EU Data Act Requirements

Databoostr’s architecture directly addresses the key requirements established in the Commission’s guidance:

Quality Equivalence: The platform ensures data shared with end users and third parties matches the quality available to manufacturers, with built-in controls preventing discriminatory access patterns.

Ease of Access: Multiple access methods—including remote backend integration and user-friendly interfaces – eliminate technical barriers for end users while supporting sophisticated B2B integrations.

Readily Available Data Management: The platform handles both currently collected data and newly accessible data points, managing the complexity of determining what constitutes “readily available” under the guidance.

Modular Architecture for Compliance and Monetization

Databoostr’s modular design addresses both immediate compliance needs and strategic opportunities. Organizations implementing the platform for EU Data Act requirements can seamlessly activate additional modules for data monetization:

  • Data catalog management for showcasing available data products
  • Subscription and package sales for B2B partners
  • Automatic usage calculation tracking data sharing volumes
  • Billing infrastructure supporting the Article 9 reasonable compensation framework

This setup supports both compliance and revenue growth from a single platform, reducing IT complexity while meeting the guidance’s technical requirements.

Comprehensive Implementation Methodology

The Databoostr implementation approach aligns with the guidance’s requirements through:

Legal Consulting

  • Analyzing regulatory requirements specific to your vehicle types
  • Translating Data Act provisions into specific organizational obligations
  • Interpreting the September 2025 guidance within your business context
  • Creating individual implementation roadmaps

Process Consulting

  • Designing compliant data sharing workflows for end users and B2B partners
  • Determining which data points fall in-scope based on your architecture
  • Establishing quality equivalence controls
  • Planning for reasonable compensation structures

Technical Consulting

  • Pre-implementation analysis of existing data infrastructure
  • Solution architecture tailored to your extended vehicle implementation
  • Integration planning with backend systems
  •  Addressing readily available data retrieval requirements

Platform Customization

  • Integration with existing digital ecosystems
  • Custom components for specific vehicle architectures
  • Access method implementation (backend, onboard, or hybrid)
  • Quality assurance mechanisms

Comprehensive Testing

  • Quality equivalence validation
  • Integration verification with existing IT infrastructure
  • Security testing ensuring compliant data sharing
  • Functional testing confirming alignment with guidance requirements

Post-Implementation Support

With the extended vehicle concept creating readily available data obligations, manufacturers need ongoing platform management. Databoostr provides:

  • Continuous monitoring of platform operation
  • Response to technical or functional issues
  • Supervision of ongoing compliance with Data Act requirements
  • Platform updates reflecting evolving regulatory interpretations

Timeline: What Automotive OEMs Should Do Now

Now – March 2026: Complete data inventory, classify according to guidance definitions, design technical architecture, begin platform implementation

March – July 2026: Finalize platform integration, conduct comprehensive testing, establish B2B partnership frameworks, train internal teams

July – September 2026: Run parallel systems, validate compliance, prepare documentation for regulatory authorities, establish monitoring processes

September 2026 and Beyond: Full enforcement begins, ongoing compliance monitoring, response to

Commission’s forthcoming compensation calculation guidelines

The Path Forward: Clear Requirements, Fixed Deadline

The Commission’s September 2025 guidance removes ambiguity that has delayed planning for some organizations. With regulatory requirements now precisely defined and less than eleven months until enforcement begins, manufacturers should be finalizing their compliance plans and beginning implementation.

The guidance encourages affected industry stakeholders to engage in dialogue achieving balanced implementation. The Commission also emphasizes coordination between Data Act enforcement authorities and other automotive regulators, including those overseeing type approval and data protection, to ensure smooth interplay between regulations.

For automotive manufacturers, three facts are now clear:

  1. The requirements are defined: The September 2025 guidance specifies exactly which data must be shared, at what quality level, and through what access methods
  2. The deadline is fixed: September 2026 enforcement is approaching rapidly
  3. The consequences are significant: Non-compliance risks financial penalties, business disruption, and competitive disadvantage

Organizations that haven’t yet begun implementation should treat the Commission’s guidance as a final call to action.

Leave a Comment