Navigating the Data Act: EU Commission guidance for the automotive sector

On 12 September 2025, the EU Data Act entered into application, imposing significant obligations on businesses across all sectors. While most rights and obligations of the regulation are now fully applicable, the European Commission has yet to finalise its (non-binding) Model Contractual Terms (“MCT”) for data sharing, and Standard Contractual Clauses (“SCC”) for cloud computing contracts. The Data Act raises many questions and businesses lack clear guidance on many aspects. At least for the automotive industry, more guidance is now available.

Sector-specific guidance for automotive stakeholders with relevance beyond the sector

The automotive sector faces particular challenges under the Data Act given the industry's rapid evolution towards connected and automated driving technologies, which generate vast quantities of data. Recognising these unique circumstances and also in response to political pressure in this sector, the European Commission published its 'Guidance on vehicle data, accompanying Regulation 2023/2854 (Data Act)' on 12 September 2025. This document is designed to assist automotive stakeholders in implementing their data sharing obligations under Chapter II of the Data Act. It provides valuable clarification on essential obligations and includes practical examples of data categories falling within the regulation's scope, that are relevant beyond the sector.

Understanding key data categories

The Data Act distinguishes between three critical data categories, each carrying different regulatory implications. The Commission's guidance provides practical definitions and examples to help stakeholders assess their obligations:

Raw data: This category encompasses unmodified source data points that are automatically generated without further processing. Examples include:

• Sensor signals (wheel speed, tyre pressure, brake pressure, oxygen sensor readings)
• Vehicle component status (doors, hood and windows locked/unlocked)
• Data directly resulting from manual commands (wiper on/off, air conditioning usage)
• Sound waves captured by microphones

Pre-processed data: Pre-processed data consists of data points that have undergone processing to enhance usability and comprehensibility whilst retaining their original informational essence. Examples include:

• Temperature measurements (oil, coolant, engine, battery cells, catalyst, outside air)
• Vehicle speed and acceleration data
• Liquid and battery levels
• Trip summaries (time of day when vehicle is driven, average distance travelled)

Information inferred or derived: This category describes data that has been subjected to complex processing, creating new information and insights that represent different values from the original data. Importantly, this category falls outside the scope of the Data Act's application. Examples of excluded data include:

• Advanced driver-assistance system data (object detection and classification, risk assessment, emergency braking)
• Driver analysis system outputs (driving or eco-scores)
• Data resulting from engine control algorithms (optimising fuel efficiency, emissions and performance)
• Analysis of crash severity

Implementation flexibility and technical requirements

The Data Act establishes a right for users to access data from connected products (defined in detail within the guidance), creating corresponding obligations for data holders to facilitate such access. Notably, the regulation maintains technological flexibility, allowing data holders discretion in determining how to fulfil these obligations. This enables stakeholders to design solutions that align with their specific operational requirements, provided they meet the regulatory standards.

Key requirements include:

• Ensuring readily available data remains accessible to users and authorised third parties upon request
• Delivering data of the same quality as is available to the data holder
• Eliminating unnecessary obstacles, costs, or procedural challenges for data recipients
• Avoiding requirements for special equipment to retrieve data, or providing such tools when necessary

Industry calls for strong enforcement

The European Association of Automotive Suppliers (“CLEPA”) has issued a joint statement urging the European Commission to uphold robust implementation of the Data Act. In response to calls from certain technology industry groups for delayed enforcement and relaxed interoperability definitions, CLEPA emphasises the critical importance of applying the regulation as enacted.

CLEPA's position reflects the interests of small and medium-sized enterprises and small mid-caps, for whom the Data Act provides essential protections against unfair contractual terms and lock-in practices. The regulation's provisions are designed to level the playing field and foster innovation - outcomes that require strong enforcement to move beyond theoretical benefits and effect genuine change in market practices.

Next steps for automotive stakeholders

With the Data Act now fully applicable, stakeholders can no longer defer compliance efforts. The Commission's guidance provides a foundational framework for understanding and implementing the regulation's requirements. However, immediate action is essential, and includes conducting comprehensive data audits to identify relevant data categories, assessing current technical architectures for compliance gaps and developing detailed implementation roadmaps with clear timelines.

Our multidisciplinary team stands ready to support clients across all these critical areas, offering practical guidance on data categorisation, access mechanism design, compensation frameworks, and risk mitigation strategies.

For more information on the Data Act visit:

Our Data Act Hub here: EU Data Act - Bird & Bird

& Data Act Tracker here: Data Act Tracker - Bird & Bird.