--- title: "Data Act FAQ for Aftermarket Repair and Mobility Services" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services" author: "Sorena AI" description: "FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services." published_at: "2026-05-06" updated_at: "2026-05-06" keywords: - "EU Data Act" - "vehicle data" - "aftermarket repair" - "mobility services" - "third-party data access" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # Data Act FAQ for Aftermarket Repair and Mobility Services FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. *FAQ* *EU* *Data Act* ## EU Data Act Aftermarket Repair and Mobility Services FAQ Answers for teams handling vehicle-data requests from users, repairers, fleets, insurers, and mobility-service providers. Use this FAQ to separate vehicle data from vehicle functions, decide what must be shared, apply third-party limits, and document GDPR, security, and trade-secret boundaries. The Data Act gives users of connected products, including connected vehicles, rights to access product data and related service data and to have readily available data shared with third parties of their choice. For aftermarket repair and mobility services, the practical question is not whether every vehicle function must be opened. It is whether the requested data is in scope, readily available to a data holder, requested by or for a qualifying user, and shareable subject to security, trade-secret, and personal-data limits. ## Does the Data Act give repairers and mobility-service providers a direct right to connected-vehicle data? The Data Act context is the starting point for this answer. Usually, the route is user-driven. Article 5 requires the data holder, on request by a user or by a party acting on behalf of a user, to make readily available product data and related service data available to a third party. In vehicle workflows, that third party may be an independent repair shop, fleet service provider, insurer, leasing provider, mobility platform, or other service provider chosen by the user. The third party does not get a general entitlement to all vehicle systems. The request must be anchored to a user, a connected product or related service, and data that the data holder lawfully obtains or can lawfully obtain without disproportionate effort going beyond a simple operation. - Verify the requester is the user, or is acting on behalf of the user, before treating the request as an Article 5 sharing request. - Identify the data holder, which may be an OEM, manufacturer, or related-service provider depending on who has the right or obligation to make the data available. - Keep the request scoped to product data, related service data, and the metadata needed to interpret and use that data. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines users, data holders, data recipients, readily available data, and the user-requested third-party sharing right. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Explains how Chapter II access rules apply to vehicle data and automotive stakeholders. ## What vehicle data is likely to matter for repair, maintenance, fleet, and mobility use cases under the Data Act? The Data Act context is the starting point for this answer. The vehicle-data guidance treats raw and pre-processed vehicle data as the core Chapter II access category. Examples include wheel speed, tyre pressure, brake pressure, yaw rate, oxygen sensor readings, CAN bus messages, component status, vehicle speed, acceleration, GNSS-based location, odometer value, battery level, fault codes, malfunction indicators, brake-pad wear, and time or distance to next service when those data are not predictions outside the guidance boundary. That makes the Data Act highly relevant for diagnostic, maintenance, fleet-management, charging, routing, leasing, insurance, and mobility workflows. But it does not turn every analytics output into shareable vehicle data: inferred or derived information created through additional investment, such as driving scores, risk assessments, object classification, trajectory predictions, or certain optimal-route outputs, can fall outside the mandatory access scope. - Classify requested fields as raw, pre-processed, inferred, derived, unavailable, personal, non-personal, or mixed before responding. - For service workflows, document whether the requested data describes vehicle operation or status, or instead represents a new insight created by additional processing. - Include relevant metadata, such as basic context and timestamps, when needed to make the data usable. Sources for this answer: - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Lists illustrative raw and pre-processed vehicle-data examples and distinguishes inferred or derived vehicle data. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines product data, related service data, readily available data, and relevant metadata. ## Are regular repair and maintenance services themselves related services under the Data Act? The Data Act context is the starting point for this answer. Not usually. The vehicle-data guidance says traditional aftermarket services such as auxiliary consulting, analytics, financial services, and regular repair and maintenance are generally not vehicle-related services where they do not affect vehicle operation and do not transmit data or commands to the vehicle. Manual brake replacement or oil changes, for example, are not treated as related services just because they concern a connected vehicle. The distinction matters because a provider of a vehicle-related service can itself become a data holder for data generated during that service. A digital repair, predictive maintenance, remote control, charging, cloud preference, or route optimization service may be different if it involves bidirectional data exchange and adds to, adapts, or affects vehicle functionality. - Do not classify an offline workshop activity as a related service merely because vehicle data was used to diagnose the issue. - Check whether the service transmits commands or data back to the vehicle and affects vehicle operation or behaviour. - If the service provider generates related service data, identify whether it becomes a data holder for that data. Sources for this answer: - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Explains vehicle-related services and why regular offline repair and maintenance are generally outside that definition. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines related services and the role of related-service providers in product and related-service data. ## What access quality must a data holder provide to independent repairers or service providers chosen by the user under the Data Act? For indirect access under Article 4 and third-party sharing under Article 5, the Data Act requires readily available data to be made available without undue delay, in the same quality available to the data holder, easily, securely, free of charge to the user, in a comprehensive, structured, commonly used and machine-readable format, and where relevant and technically feasible continuously and in real time. The vehicle-data guidance makes that practical for the automotive sector: access methods can vary, including remote backend access, onboard access, or data intermediation, but the chosen method must not give users or independent service providers lower-quality data than the data holder, subsidiaries, authorised partners, dealers, or authorised repairers receive in comparable circumstances. - Compare quality, accuracy, completeness, relevance, and timeliness against the data available to the data holder itself. - Avoid access routes that create undue barriers, costs, procedural hurdles, or specialist-tool dependencies for the user or chosen third party. - Record any format, latency, API, portal, or onboard-access limitation and the source-linked reason for it. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Sets Article 4 and Article 5 access conditions for user access and third-party sharing. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Clarifies non-discrimination, access quality, and vehicle-data access methods for independent repairers and service providers. ## Can a manufacturer or data holder refuse aftermarket data access for trade-secret, safety, or security reasons under the Data Act? A trade-secret label is not enough by itself to block access. The Data Act requires trade secrets to be preserved through proportionate technical and organisational measures, such as confidentiality agreements, strict access protocols, technical standards, model contractual terms, or codes of conduct. Withholding or suspension is possible where measures are not agreed or implemented, and refusal is reserved for exceptional case-by-case situations where serious economic damage is highly likely despite safeguards. Safety and security are also limited grounds. Article 4 allows users and data holders to restrict or prohibit access or further sharing only where processing could undermine legally laid down security requirements of the connected product and result in a serious adverse effect on health, safety, or security. Decisions to refuse, withhold, or suspend should be reasoned, written, notified to the competent authority where required, and open to challenge through competent authorities, dispute settlement, or courts. - Identify the exact trade-secret data or security requirement, rather than relying on broad confidentiality or cybersecurity wording. - Choose proportionate controls first; refusal should be reserved for the narrow situations supported by Articles 4 and 5. - Keep written reasons, safeguard terms, authority notifications, and the user or third-party challenge route in the request file. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Sets the Article 4 and Article 5 trade-secret, withholding, refusal, and security mechanisms. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Explains the trade-secrets handbrake and safety/security handbrake in Data Act access workflows. ## What may a third-party repairer, insurer, fleet provider, or mobility service do with vehicle data it receives under the Data Act? The Data Act context is the starting point for this answer. Article 6 limits third-party use to the purposes and conditions agreed with the user, subject to data-protection law where personal data is involved. That means the request should state the service purpose: diagnosis, repair estimate, maintenance alert, fleet optimization, insurance product, charging support, leasing service, or another specific use. The third party may not use the data for prohibited purposes such as developing a competing connected product, making the data available to a Digital Markets Act gatekeeper, using the data for profiling unless necessary to provide the requested service, undermining security, disregarding agreed trade-secret measures, or passing the data onward except on the permitted contractual basis. - Tie each data field to the user-agreed service purpose and erase it when no longer necessary unless otherwise agreed for non-personal data. - Do not use Article 5 access to build or improve a competing connected product. - Prevent onward sharing to gatekeepers and require any permitted onward recipient to maintain agreed trade-secret safeguards. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Sets Article 6 obligations and prohibited uses for third parties receiving data at the user's request. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Summarizes third-party use limits, including agreed purpose, competing products, and gatekeeper restrictions. ## How should teams handle GDPR when vehicle data contains driver, passenger, or location data under the Data Act? The GDPR boundary is central. Article 1(5) says the Data Act is without prejudice to EU and national personal-data law, and the Commission FAQ states that GDPR rules prevail in a conflict. The Data Act can complement GDPR access and portability rights, but it is not a free-standing legal basis for giving personal data to a user who is not the data subject or to a third party. In vehicle contexts, personal data can appear in location data, driving behaviour, user accounts, in-vehicle preferences, and multi-user or rental situations. If the user is not the data subject, the data holder must assess a valid GDPR legal basis, relevant special-category conditions where applicable, and ePrivacy limits where relevant, or provide anonymised data where that is the compliant route. - Separate personal data, non-personal data, and mixed datasets before fulfilling an aftermarket or mobility request. - Where multiple users or data subjects are involved, avoid exposing another person's personal data without a valid legal basis. - Use anonymisation, pseudonymisation, minimisation, and purpose limits where needed, but do not use privacy techniques to evade valid Data Act access rights. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Confirms that personal-data and privacy law prevail and sets the GDPR legal-basis boundary for Articles 4 and 5. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Explains GDPR interaction, user/data-subject scenarios, controller duties, and legal-basis checks. ## What should an aftermarket vehicle-data request record contain under the Data Act? The Data Act context is the starting point for this answer. A useful request record should be concrete enough for a later complaint, dispute, authority question, or contract review. It should show who the user is, who the third party is, who the data holder is, which vehicle or related service is involved, which data fields and metadata were requested, which fields were delivered or excluded, and why. For high-volume repair, fleet, insurance, and mobility workflows, maintain an access matrix rather than deciding from scratch each time. The matrix should identify common use cases, standard data categories, GDPR status, trade-secret or security safeguards, access route, expected latency, compensation position for B2B recipients where relevant, refusal or escalation triggers, and evidence owner. - Log the user request or user authorisation, recipient identity, requested purpose, data categories, access method, decision, delivery date, and safeguards. - Keep written reasons for excluded inferred or derived data, unavailable data, trade-secret restrictions, safety/security restrictions, and personal-data limits. - Review the matrix when vehicle architecture, backend storage, partner access, authorised repairer access, service design, or Commission guidance changes. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Provides the source obligations for request verification, access conditions, safeguards, compensation, and dispute routes. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Provides vehicle-specific implementation points for in-scope data, access quality, backend availability, and independent service providers. ## What Data Act source evidence should teams keep for the Aftermarket Repair And Mobility Services FAQ decision? For aftermarket repair and mobility services, the Data Act record should keep the cited Article 4, 5, 6, or 7 basis, the Commission vehicle-data guidance reference, the actor role, the data categories affected, the request or contract trigger, and the approver who signed off on the interpretation. Keep the external source URL, decision date, reviewer, unresolved assumptions, and implementation artifact together so the answer stays auditable when the same repair or mobility case returns later. - Link each decision to the specific Data Act clause or vehicle-data guidance passage used. - Record the owner, affected workflow, evidence artifact, and any follow-up review date. - Store the reasoning for why a field was included, excluded, or treated as in scope or out of scope. ## How should teams assign ownership for Data Act Aftermarket Repair And Mobility Services implementation work? For aftermarket repair and mobility services, the Data Act workflow should name a single accountable owner for each operational change, such as legal, product, procurement, cloud, support, or security. That owner should coordinate the affected workflow and decision record, while consulting other teams as needed and keeping evidence dependencies separate so implementation can be updated without reopening the whole legal analysis. - Assign one owner per action and one backup reviewer for the vehicle-data workflow. - Record the teams consulted, the system or contract touched, and the current status of implementation. - Tie each ownership record to the same cited Data Act source URL used for the decision. ## Which Data Act implementation evidence makes the Aftermarket Repair And Mobility Services answer usable later? For aftermarket repair and mobility services under the Data Act, the most useful evidence is the material that lets a later reviewer reconstruct the decision without guessing. That usually means the source article or guidance cited, the data inventory or request log, the contract clause or access rule, the security or trade-secret control used, and the approval record. If the workflow changes, the evidence should show what changed and when. That makes it easier to compare a repair request, fleet request, or mobility-service request across versions instead of re-litigating the same scope question from scratch. - Keep source URLs, request logs, contract clauses, technical controls, notices, and approval records in one file set. - Note which evidence supports scope, which supports access method, and which supports security or privacy limits. - Retain the review trigger and the date of the last substantive decision. ## When should the Data Act Aftermarket Repair And Mobility Services FAQ answer be reviewed again by the team? For aftermarket repair and mobility services, the Data Act answer should be reviewed whenever the product architecture, service model, dataset, customer role, or contract terms change in a way that could change who controls the data or how it is shared. It should also be revisited when Commission guidance, the vehicle-data implementation approach, or the security and privacy setup changes, because those are the points most likely to affect repair, fleet, insurance, or mobility workflows. - Set a review date plus event triggers for product, service, and contract changes. - Review again after architecture changes, new data fields, new third-party recipients, or updated compliance guidance. - Keep the owner and reviewer on the record so the next review has a clear accountable path. ## Primary sources - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for Chapter II connected-product access, third-party sharing, data-holder duties, safeguards, GDPR boundary, compensation, and dispute settlement. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Official vehicle-data guidance for automotive stakeholders, including OEMs, suppliers, aftermarket service providers, and insurance providers. - [European Commission vehicle-data guidance page](https://digital-strategy.ec.europa.eu/en/library/guidance-vehicle-data-accompanying-data-act?ref=sorena.io) - Commission publication page confirming the vehicle-data guidance scope and automotive-sector focus. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for GDPR interaction, trade-secret and safety/security handbrakes, user verification, and third-party use limits. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview for Data Act chapters, connected-product access, B2G requests, cloud switching, interoperability, and implementation support. ## Topic Guides - [Data Act and Common European Data Spaces](/artifacts/eu/data-act/data-act-and-common-european-data-spaces.md): How Data Act Article 33 connects data-space participation with metadata, vocabularies, APIs, access terms, data quality, governance, and standards monitoring. - [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md): FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md): FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md): FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - [Data Act B2B Data-Sharing Contract Clauses](/artifacts/eu/data-act/b2b-data-sharing-contract-clauses.md): Clause guide for EU Data Act B2B data sharing: FRAND terms, compensation, trade secret safeguards, recipient limits, termination, logs, and GDPR boundaries. - [Data Act B2B Data-Sharing Contract Template](/artifacts/eu/data-act/b2b-data-sharing-contract-template.md): A usable EU Data Act B2B data-sharing template outline covering access requests, data schedules, permitted use, trade secrets, security, compensation, GDPR boundaries, audit records, and termination. - [Data Act B2G Exceptional-Need Requests](/artifacts/eu/data-act/b2g-exceptional-need-requests.md): A grounded guide to EU Data Act Chapter V requests from public bodies: exceptional need, public emergencies, request contents, limits, safeguards, costs, and records. - [Data Act Cloud Switching Compliance Checklist](/artifacts/eu/data-act/cloud-switching-compliance-checklist.md): A grounded EU Data Act checklist for cloud and data processing service providers covering switching clauses, notices, export formats, charges, interoperability, and evidence. - [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md): FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md): FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md): FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md): FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md): FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md): FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md): FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md): FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md): FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md): FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - [Data Act Smart Contracts for Data Sharing](/artifacts/eu/data-act/smart-contracts-for-data-sharing.md): Data Act Article 36 smart contract guide for data-sharing agreements: scope, robustness, access control, termination, interruption, archiving, standards status, and conformity evidence. - [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md): FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md): FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - [Data Act Trade Secrets and Protection Measures](/artifacts/eu/data-act/trade-secrets-and-protection.md): Data Act guide for protecting trade secrets during access and sharing: classification, safeguards, refusal thresholds, notices, evidence records, and reviews. - [Data Act Unfair Contractual Terms | Article 13 B2B Contract Review](/artifacts/eu/data-act/unfair-contractual-terms.md): Review B2B data-sharing clauses under EU Data Act Article 13: unilateral terms, always unfair examples, presumed unfair terms, model clauses, evidence, and remediation. - [Data Act Vehicle Data Guidance](/artifacts/eu/data-act/vehicle-data-guidance.md): Commission-grounded guide to Data Act vehicle data access: connected vehicles, vehicle-related services, raw and pre-processed data, aftermarket use cases, access routes, safeguards, and GDPR boundaries. - [Data Act vs GDPR: connected-product data access](/artifacts/eu/data-act/data-act-vs-gdpr.md): Compare EU Data Act connected-product access duties with GDPR personal-data rules: scope, roles, lawful basis, data subject rights, third-party sharing, trade secrets, and conflicts. - [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md): FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - [EU Data Act Applicability Test](/artifacts/eu/data-act/applicability-test.md): Check whether a product, related service, data holder, cloud service, data-space role, smart contract, or B2G request is in scope of the EU Data Act. - [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md): FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - [EU Data Act Article 3 Pre-Contract Information](/artifacts/eu/data-act/pre-contractual-information-obligations.md): What Article 3 of the EU Data Act requires before connected-product purchase, rent, lease, or related-service contracting: data categories, access, data holder identity, third-party sharing, complaints, and evidence. - [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md): FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md): FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md): FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md): When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - [EU Data Act Checklist for Product, Cloud, and Contract Teams](/artifacts/eu/data-act/checklist.md): A grounded EU Data Act checklist for connected-product data access, third-party sharing, B2G requests, cloud switching, unfair terms, smart contracts, personal data boundaries, evidence, and owners. - [EU Data Act Cloud Switching and Exit Plans](/artifacts/eu/data-act/cloud-switching-and-exit-plans.md): A grounded EU Data Act guide for data processing service exit plans: switching contracts, exportable data, assistance, charges, interoperability, retrieval, erasure, and records. - [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md): Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - [EU Data Act Compliance Program](/artifacts/eu/data-act/compliance.md): Build a Data Act compliance program for connected-product data access, contracts, B2G requests, cloud switching, smart contracts, GDPR boundaries, records, and ownership. - [EU Data Act Connected Product Scope and Data Types](/artifacts/eu/data-act/scope-connected-products-and-data-types.md): Classify EU Data Act connected products, related services, product data, related-service data, readily available data, metadata, and excluded derived outputs. - [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md): FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - [EU Data Act Data Processing Service Switching](/artifacts/eu/data-act/data-processing-services-switching.md): A grounded EU Data Act guide for provider and customer switching duties: exit assistance, exportable data, contract clauses, charges, interoperability, retrieval, and erasure. - [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md): FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - [EU Data Act deadlines and compliance calendar](/artifacts/eu/data-act/deadlines-and-compliance-calendar.md): A source-linked calendar for EU Data Act application dates, product design timing, contract remediation, cloud switching charges, response periods, standards work, and evidence records. - [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md): FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md): FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - [EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates](/artifacts/eu/data-act/faq.md): Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. - [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md): FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md): FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - [EU Data Act Penalties and Enforcement](/artifacts/eu/data-act/penalties-and-fines.md): Grounded guide to Data Act penalties under Article 40, Member State enforcement, penalty factors, complaints, judicial remedies, and the GDPR enforcement boundary. - [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md): FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md): FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md): FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md): FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - [EU Data Act requirements](/artifacts/eu/data-act/requirements.md): Source-grounded EU Data Act requirements for connected-product data access, B2B sharing terms, B2G exceptional needs, cloud switching, smart contracts, interoperability, GDPR boundaries, and records. - [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md): Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md): FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md): FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md): FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - [EU Data Act User Access and Portability Rights](/artifacts/eu/data-act/access-rights-and-portability.md): Practical guide to EU Data Act user access, connected-product data portability, third-party sharing, trade secret safeguards, and the GDPR boundary. - [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md): FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md): FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - [EU Data Act vs Data Governance Act](/artifacts/eu/data-act/data-act-vs-data-governance-act.md): Compare the EU Data Act with the Data Governance Act: connected-product access, cloud switching, B2B/B2G duties, protected public-sector reuse, intermediaries, altruism, governance, and enforcement. *Recommended next step* *Placement: after evidence section* ## Data Act Build a vehicle-data access matrix Map common aftermarket repair, fleet, insurance, and mobility requests to data categories, user authority, recipient controls, GDPR checks, trade-secret safeguards, and delivery routes. - [Open Research Copilot](/solutions/research-copilot.md): Get cited answers on Data Act vehicle-data access and connected-product sharing duties. - [Discuss Vehicle Data Access](/contact.md): Review repair, mobility, fleet, insurance, and third-party recipient workflows against Data Act safeguards. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services