Vehicle data under control: what the EU Data Act means for dealers and fleet owners

For business entities such as dealers and fleet owners, this represents a fundamental shift: as businesses operating connected vehicles, they now have formal rights and responsibilities over vehicle data. However, access and control often remain complex in practice. Those responsible for the data must also be equipped to manage it. This article outlines exactly what has changed with the Data Act, what impact it has on business users like dealers and fleet owners, and what specific situations will arise in 2026 regarding data rights, liability and cooperation in the chain.

What exactly is the EU Data Act? 

The Data Act is European legislation that gives users of connected products, such as cars, greater control over the data these products generate. These are the key points:

• Access to data: Users, such as drivers, fleet owners and dealers, have the right to access data generated by their vehicles.

• Mandatory data sharing: Manufacturers are obliged, under certain conditions, to share data with third parties such as maintenance companies, insurers and mobility apps.

• Security requirements: Both personal and non-personal data are subject to strict security standards such as encryption and access management.

• Interoperability: Data must be available in a standard format, suitable for reuse and transferability.

The scope of the EU Data Act covers raw and pre-processed vehicle data generated by connected vehicles, but generally excludes inferred or derived data created through proprietary algorithms. This means that only certain categories of vehicle data fall within the regulation’s scope, and not all insights or analytics based on that data are subject to sharing obligations.

These rules are not optional. Anyone who wants to use or pass on data must be able to demonstrate that this is done securely, transparently and in line with the law.

Vehicle data: you are responsible for it 

The Data Act makes users the formal owners of vehicle data. That may sound abstract, but the consequences are very concrete.

A dealer with demo cars or stock models is often a temporary user and therefore the legal owner of the vehicle data.

A fleet owner is responsible for managing data such as trip data, error codes and maintenance records.

Example: A dealer who receives battery status or error codes for a used EV must now be able to demonstrate on what grounds that data is being processed and shared. This includes clarifying the lawful basis for processing under the Data Act, such as whether the data is refined or transformed after collection before being used or transmitted, for example, with a universal maintenance network.

The data is yours, but you don’t (yet) have control over it 

Much of this data is still locked away in closed OEM platforms, making accessing vehicle data challenging due to OEM restrictions. But the Data Act breaks this monopoly.

Now users can:

• Obtain a data package containing specific data points from their vehicles and require vehicle data to be forwarded to a service provider of their choice.

• Expect data to be available in a usable and transferable format, for example via an API or a standard data structure such as ISO ExVe or COVESA VSS.

Example: A fleet owner with vehicles from multiple brands wants to switch to a single fleet management system. Thanks to the Data Act, they can demand that data from different OEM systems be merged into a single interface. The types of data points available may vary depending on the vehicle brand or OEM system.

Sharing vehicle data: you bear the responsibility 

The Data Act enables data sharing, but this comes with clear obligations. Dealers and fleet owners must be able to demonstrate:

• What relevant data has been requested and shared with third parties, with clear records of the provision of such data.

• That sensitive data, such as location or driving style, is only shared with explicit consent.

The provision of vehicle data to third parties must follow clear contractual agreements, and rights to use connected vehicle data may be contractually transferred to the receiving party.

Example: A fleet owner connects his vehicles to an external maintenance partner who proactively performs maintenance based on live vehicle data. If this third party uses data for other purposes, such as commercial profiling, or a data breach occurs, the fleet owner may be held jointly liable unless audit trails, contracts and logging show that appropriate arrangements have been made and control mechanisms are in place.

Estimated volume and storage: what you need to know

With the rise of connected vehicles, the amount of vehicle data generated every day is staggering—and it’s only set to increase. The EU Data Act now requires original equipment manufacturers (OEMs) to provide clear information about the estimated volume of data generated by each vehicle. This means that whether you’re a dealer managing demo cars or a fleet owner overseeing hundreds of commercial vehicles, you’ll know exactly how much data is being collected, stored, and processed.

Understanding where this data is stored is just as important. Vehicle data can reside on the device itself, such as the car’s onboard systems, or be transmitted to remote servers managed by the OEM or third-party providers. The Data Act ensures that users have the right to access and retrieve their data, regardless of where it is stored. This transparency gives you greater control over your data, allowing you to make informed decisions about data usage, storage, and sharing.

For businesses in the automotive sector, this means you can now request detailed descriptions of the data collected, including its estimated volume and storage location. This not only helps with compliance but also supports better data management and security practices. Ultimately, the Data Act empowers you to take charge of your vehicle data, ensuring it is stored securely and accessed only when you need it.

Access and licensing: new rules for using vehicle data

The EU Data Act introduces a new era of fair access to vehicle data across the automotive sector. Under Chapter II of the Data Act, OEMs are now required to provide third-party service providers—such as maintenance companies, insurers, and digital service platforms—with access to relevant vehicle data, provided the data is technically retrievable. This opens up new opportunities for innovative services, from personalized insurance rates to advanced fleet management solutions.

As a user—whether a dealer, fleet owner, or operator—you have the right to decide who can access your vehicle data. OEMs must equip you with straightforward tools to manage your data access preferences, putting you firmly in control. You can grant or deny access to specific service providers, ensuring your data is only used for services you approve.

Licensing is another key aspect of the Data Act. The regulation sets out clear rules for how vehicle data can be licensed to third parties, ensuring that your rights as a data owner are protected. This framework not only encourages competition and innovation in the automotive sector but also guarantees that your data is used transparently and responsibly. By understanding and leveraging these new rules, you can unlock the full potential of your vehicle data while maintaining control and compliance.

Control over data, without it becoming complex 

The reflex response to new rules is often to introduce yet another tool, portal or form. But the Data Act calls for governance, not more bureaucracy.

Consider:

• Clear roles: who is allowed to see and do what with the data?

• Transparent workflows: for example, digital transfer of vehicle information upon delivery. Digital services facilitate these processes by enabling secure and efficient data management.

• Controlled access: for example, giving transporters temporary access to charging status, interaction data, or position data. Note that the information provided in these workflows does not constitute a full description of the vehicle, its options, or associated services; contractual descriptions determine the vehicle’s nature.

Example: A car transporter delivering a load of new electric cars to a dealer is given temporary access to the battery charge status of each vehicle. This prevents surprises when unloading the EVs and increases transparency in the chain.

And what about shared and rental cars? 

Not every user is an owner. With shared mobility and rental cars, the responsibility lies elsewhere:

• Short-term rental (car rental): The rental company is the formal user of the vehicle and therefore responsible for the product data and product data generated by the vehicle. The renter only has the right to access or use the data if this is stipulated in the contract. Operators must be able to communicate product data to users or third parties as required by the Data Act.

• Operational lease or long-term rental: The fleet owner or driver is the actual user. This party may request product data and product data generated by the vehicle and share it with third parties under the Data Act. Operators are also required to communicate product data upon request.

• Shared cars (car sharing): The operator of the sharing platform is the legal user. Individual users, who book a ride via an app, have no ownership rights to the product data or product data generated by the vehicle. However, they do have rights under the GDPR, such as access to or correction of personal data, for example ride history or location.

Please note: The Data Act and the GDPR coexist. This means that even if you are not the owner of the data, you can still claim your personal data under the GDPR.

The future of vehicle data management

As connected vehicles become the norm, the future of vehicle data management will be defined by the principles set out in the EU Data Act. The sheer volume and diversity of data generated by modern vehicles will require OEMs and service providers to adopt new technologies and strategies for secure, efficient data handling.

Expect to see a growing reliance on electronic communications services, physical connections, and on-device access to facilitate seamless data sharing and retrieval. These advancements will make it easier for users to access their data in real time, whether for optimizing fleet operations, enhancing vehicle-related services, or integrating with digital platforms.

The Data Act will continue to play a pivotal role in shaping this landscape, ensuring that vehicle data is collected, stored, and shared in a fair, transparent, and secure manner. For automotive businesses, this means greater opportunities to innovate and compete, while users benefit from enhanced control and data protection. By embracing these changes, the automotive sector can look forward to a future where data-driven services are not only more accessible but also more trustworthy and user-centric.

Why all this matters 

The Data Act is not an IT law, but an economic one. Its aim is to promote fairer competition, transparent access to data and innovation. The Data Act also shapes the market for connected vehicles and data-driven services by establishing a regulatory framework for data access and sharing. In the automotive sector, this means that:

• Dealers can offer cross-brand maintenance.

• Fleet owners gain better control over their data flows and compliance.

• Thanks to data sharing, car transporters gain real-time insight into vehicle status, which reduces errors during transfer. The result is a smoother process and more transparent communication.

Technical infrastructure, such as electronic communications services, remote servers, and physical connections, are essential for enabling access to and sharing of vehicle data. Key data points like speed can be accessed and used for innovative services, supporting compliance and new business models.

Those who are already investing in data governance, interoperability and clear agreements have a head start. Tomorrow’s car will not only be connected, but also part of a data chain in which trust, control and cooperation make all the difference.