EU Data Act – Curse or Chance for Automotive OEMs?

As data becomes an indispensable asset, the automotive industry faces urgent challenges with the enforcement of the EU Data Act on January 11, 2024. This legislation demands immediate and strategic action from automotive OEMs, fundamentally altering the dynamics of data accessibility and usage. Beyond merely adjusting to regulatory changes, companies must view this as a critical opportunity to redefine their approach to user-generated vehicle data. With the European Commission pushing for a digital economy rooted in transparency and user rights, the time for automotive companies to act is now. Delayed adaptation could lead to financial setbacks and diminished competitiveness in a rapidly evolving industry. In this article, we delve into the EU Data Act and its significant implications for automotive OEMs, emphasizing the necessity for proactive strategies to effectively leverage this new regulatory framework. 

What is the EU Data Act? 

The EU Data Act defines legal rights and obligations in the context of connected products and related digital services. Connected products (aka smart devices) are products that are connected to the internet and collect or generate data, such as connected vehicles. Related services include services that steer the behavior of the product, e.g. remote vehicle control. In essence, the EU Data Act enables users of these products and services to access the data they co-create and share it. 

It differentiates between 

• users that have bought, leased, subscribed to or rented a product or service (both private and commercial users), 
• manufacturers/providers of connected products or services, 
• data holders that have control over data and its processing (often identical with manufacturer/provider) and 
• third parties, mostly other companies or authorities. 

It applies to data that is directly or indirectly generated through the use of a product or service. It includes personal data, non-personal data and meta data.  

Under the EU Data Act, manufacturers of products and providers of services will be required to create products/services in a way that data can be easily extracted (“access by design”). Within the Automotive industry, this will be an exercise for R&D departments and their software units. Data holders on the other hand will be obliged to  

• create transparency in the form of clear information about how data is collected and processed (contractual basis), 
• share data to users and third parties upon request by users, 
• assure data availability in a structured, commonly used and machine-readable format to enable easy access and use (real-time), 
• assure interoperability of data supporting compatibility with other systems and services (e.g. by implementing standards), 
• act in a non-discriminative manner, i.e. providing equal access to all users and third parties under the same conditions (Fair, Reasonable and Non-Discriminatory (“FRAND”)) and 
• comply with other regulations, such as GDPR. 

Data holders will need to comply with most of these obligations starting September 12, 2025. Violations can be penalized under the rules of GDPR, i.e. up to EUR 20m or 4% of the firm’s annual revenue, whichever amount is higher. 

Underlying all this is the objective to extend the idea of the European Single Market to data by reducing barriers to access data and making it available to others. Ultimately, this market is supposed to form a platform upon which new innovative data-driven business models can be developed, grown and operated, e.g. for aftermarket services (secondary market). 

What is at Stake for the Automotive OEMs? 

Today, all new vehicles rolling off the production line are equipped with built-in connectivity. Over the past years, OEMs have placed significant emphasis on increasing the customer activation rate of connectivity features at the point of vehicle handover. Most young used vehicles also feature connected services nowadays. Vehicle-related services and functions on-demand are supposed to become major new revenue streams along a vehicle’s lifecycle. Stellantis aims for EUR 20b annual revenues generated by software-enabled product offerings and subscriptions (EUR 4bn by 2026). Mercedes-Benz aims for EUR 1b annual EBIT by 2025. In other words, established OEMs have millions of connected vehicles in Europe, constantly generating vast amounts of data that are crucial to key aspects of their future business models. 

At first glance, the EU Data Act may seem similar to GDPR, with an obvious course of action: comply with the legal obligations and move on. While compliance is certainly a part of the process, the implications extend far beyond that. OEMs are now confronted with a strategic threat to their digital services offerings. As their vehicle data can no longer be used exclusively or shared only with selected partners, the market for vehicle-related digital services is expected to become increasingly dynamic. New entrants will likely emerge, offering similar and innovative services that span multiple OEMs and brands. In the B2B sector, providing digital services for mixed fleets composed of vehicles from different manufacturers will become more straightforward, particularly relevant for commercial vehicles and trucks. This will require only a few API integrations with manufacturers, eliminating the need for costly retrofitting hardware solutions to integrate vehicles into a single digital services platform. In other words, the barriers to entry will be minimal.  

Figure 1: Relations in EU data act

Figure 1 illustrates the key relationships established by the EU Data Act. Users of connected vehicles, typically OEM customers, can request the OEM (data holder) to share their data with one or more third parties. The OEM must provide this data in a machine-readable format, usually via an API. Once permission is granted, the third party—such as an independent digital services provider—can access the relevant data until the user withdraws consent. OEMs will maintain control over the vehicle interface, meaning they are not obligated to grant third parties direct access to in-vehicle data.  

The OEM may charge the third party a reasonable fee for data access, enabling the third party to offer services to the user, such as fleet management solutions. The launch of independent data market places is expected to facilitate data exchange/trading between data holders and 3rd parties further catalyzing this development.  

Think and Act Strategically 

We do not anticipate an explosive emergence of a secondary market immediately following the enforcement of the regulations in September 2025. Instead, we foresee a gradual shift in the market, contingent on how the broad guidelines of the Data Act are further clarified by sector-specific regulations and court rulings. Despite this slower evolution, OEMs must reassess their strategic position in the market for vehicle-related digital services to ensure their investments are well-directed. Failure to do so may pose a significant risk of becoming marginalized in this increasingly competitive landscape over time. 

In general, we identify three major strategic directions for OEMs: 

• Retract: Concentrate resources on providing and selling high-value data products and services that go beyond the requirements of the Data Act. Leave the market for data-based vehicle-related services (e.g. fleet solutions) to other players and become a supplier to this secondary market. 
• Defend: Protect your digital services offerings by minimizing data exposure. Given the Data Act’s ambiguity, OEMs can exploit the lack of specificity—until further clarifications arise from legislators or court decisions—to maintain significant barriers that prevent third parties from extracting value from the data, thereby safeguarding their own products. 
• Attack: Expand aggressively into the digital services market to become a genuine multi-brand digital services provider. This involves acting as a third party towards other OEMs, leveraging network effects and first-mover advantages. This approach is a logical progression for OEMs that have already launched digital service offerings under separate brands, such as RIO by MAN. However, it requires substantial resource investment, speed, and a long-term commitment, as it is unlikely to yield quick returns. 

Considering the industry-wide economic pressures, we anticipate that most OEMs will adopt a defensive strategy. This approach allows them to bide their time and monitor market developments without relinquishing their position too soon. However, it also ties up resources that might be more effectively deployed elsewhere. Despite this, having a clear strategic direction is crucial. It lays the foundation for the necessary IT strategies and solution approaches as OEMs begin to prepare for compliance with the EU Data Act requirements in their role as data holders. 

Build a Solid Foundation 

As data holders, OEMs must develop the necessary capabilities to meet the obligations outlined in the EU Data Act by September 2025. This encompasses five key areas of action: 

1. Data inventory: OEMs need to have a comprehensive understanding of the user-generated data created by their products, including how it is processed, by whom, and where it is stored. 
2. Revised End User License Agreements (EULAs): OEMs must update their EULAs and ensure that customers renew their acceptance to establish a contractual basis for processing user-generated data. It is crucial to explore whether user acceptance can be linked to the purchase of the connected product. In cases where a contractual basis is lacking, data must not be processed and should be deleted. 
3. Partner and consent management: OEMs should implement a robust partner and consent management system to oversee customers, third parties, their agreements, and access rights. This serves as the foundation for legally compliant data access management. Additionally, adherence to GDPR for all user-generated data that is also personal data must be ensured. Managing scenarios with frequently changing drivers (e.g. car-sharing fleets) can introduce significant complexity. 
4. Data platform: The data platform integrates user-generated data from source systems (e.g. vehicle or vehicle backend) and makes it available to users and 3rd parties in near real-time. It provides workflow automation to facilitate request and approval of data access and supports billing integration for charging 3rd parties for data access. Most likely, it also has a persistence layer for a pre-aggregation of data from various sources before sharing. 
5. Interface: This sharing layer enables customers and third parties to access and retrieve data, typically through a set of API endpoints that allow third parties to connect directly with the data stream. 

As indicated above, there remains considerable uncertainty regarding the precise requirements of the EU Data Act, as it is a broad regulation not specifically tailored to the automotive sector. Although the European Commission has announced sector-specific regulations intended to clarify these rules, these have yet to be published. Consequently, many design decisions must be made amid this uncertainty, particularly concerning the scope and type of data that must be shared. For aftermarket services, raw vehicle data (e.g. sensor codes) typically holds limited value compared to processed data that incorporates relevant semantics essential for drawing meaningful conclusions. OEMs will need to decide where to draw the line, depending on their strategic choice.  

Given this uncertainty, OEMs should preserve flexibility in their platform design by adopting a modular approach that loosely integrates individual solution components. This structure will facilitate necessary adaptations in response to future regulations or court rulings, which are indeed expected in the coming years. 

Ready for Transformation? 

At Senacor Technologies, we specialize in guiding you through this digital transformation. We come with in-depth automotive expertise and tech competence. Both is underpinned by our profound experience in the fulfillment of similar government regulations in the financial services sector. 

Our expertise spans the entire value chain: 

• Strategic Framing: We identify the critical design choices and help you find a stable path to navigate this uncertain environment safeguarding your IT invests and enabling your future business. 
• Concept & Delivery: We design, shape and implement a flexible data platform that matches your strategic priorities, fulfills the EU Data Act requirements and remains flexible for future adaptations. 
• Comprehensive Transformation: Our portfolio extends to guiding the entire transformation towards data leadership, considering both technical and business facets.
  

Together, we can propel your business to the next level in the increasingly digitalized and competitive Automotive aftermarket. 

About Us 

Within Automotive, Senacor Technologies combines tech competence with in-depth business knowhow in the areas of Automotive marketing & sales, financial services and after sales. We help build and scale new innovative digital ecosystems around the vehicle. Our focus on business-oriented value-add solutions ensures that our clients can navigate challenges while unlocking new revenue streams in the evolving automotive landscape. 

MICHAEL ESCHWEILER
Partner Automotive

mobility@senacor.com