3rd ICAI 2024

International Conference on Automotive Industry 2024

Mladá Boleslav, Czech Republic

and obligations on independent operators that the Regulation itself does not impose. • However, the scope of the Regulation is limited to OBD information for repair and maintenance (as specified in Annex X), although it should be recognised that this information may be applicable not only for repair but also for the development of replacement parts and generic diagnostic tools. While this provides the basis for someone other than the manufacturer or their authorised repairer to be able to ‘reach into’ the vehicle’s systems and replace something, it falls far short of what the connected cars aftermarket case refers to as ‘access to in-vehicle data, functions and resources’. Thus, the regulation does not envisage information that is not used for repair and maintenance (car user preferences, driving and route information, data from externally targeted sensors and vehicle cameras...) and could be of interest to assistance providers, insurance, infotainment, car sharing, management of their corporate fleets. It does not think of independent developers of new vehicle features, because they would need access to the whole IT environment of the vehicle, including the possibility of adding new software to it, and thus they are interested in access not only to data but precisely to the “functions and resources” they need to use to extend or improve them. 1 • The regulation also tends to a model whereby data that will not be read directly from the OBD port of the vehicle (incl. through remote access) will be held by the manufacturer on its server, which will be accessed by independent operators (under the favourable conditions given by the Regulation). However, this is consistent with the so-called “Extended vehicle concept” model, which still leaves the most interesting data preferentially in the possession of the manufacturer (thus preserving for them the unwanted gatekeeping position from a competition perspective) and forces independent operators, dissatisfied with the way the manufacturer makes the data available, to go into years of protracted litigation. Independent studies and the aftermarket, on the other hand, prefer either an independent “Shared server” solution, where all car-generated data would be collected under the supervision of an independent trustee, or – in the future – a much more demanding “On-board application telematic platform”, where car users themselves would become sovereigns over car-generated data and its sharing, and (except for data shared directly by law) would decide what data to share and with whom (Kerber, 2019; Whitaker, 2019). Let us now see whether the new EU Data Act makes any difference to the shortcomings just identified.

1 E.g. to optimise fuel consumption, extend remote vehicle control or its connection to a smart home, add or improve assisted driving features such as lane keeping, emergency breaking, blind spot identification, etc. But to do this, external providers also need access to in-vehicle sensors, possibly adding new sensors but connected to the vehicle IT system, access to communication and control modules... which of course raises many more issues related to safety and cybersecurity, as well as the privacy of car users.

153