1. Background: Why Dispute over Vehicle Data are rising sharply
Access to vehicle and diagnostic data has become one of the most dynamic areas of dispute in automotive and competition law in recent years. The reason is a fundamental structural conflict: while vehicle manufacturers control their digital ecosystems and security architectures, EU law and case-law require open, non-discriminatory data access for independent operators.
The key legal framework is Article 61 ff. of Regulation (EU) 2018/858 (“Manufacturers’ obligations to provide vehicle OBD information and vehicle repair and maintenance information”). The purpose of this provision is to safeguard competition in the aftermarket and to ensure that independent repairers, spare parts distributors and diagnostic tool providers have access to vehicle repair and maintenance information (RMI).
In parallel, new layers of regulation—particularly the EU Data Act—further increase the importance of data access rights.
Against this background, an intensive litigation practice has emerged, increasingly shaped by decisions of the Court of Justice of the European Union.
2. Current CJEU Case-Law: Far-Reaching Access to RMI Data
Two decisions from 2023 are shaping the current debate:
a) Unrestricted access to the direct vehicle data stream
In its judgment of 5 October 2023, Case C-296/22, A.T.U. Auto-Teile-Unger GmbH & Co. KG and Carglass GmbH v FCA Italy SpA., the CJEU clarified that vehicle manufacturers must grant independent operators comprehensive access to repair and diagnostic data. This also includes access to vehicle OBD information and diagnostic tools. In particular, access must not be limited to mere “read-only” access.
b) Prohibition of additional access hurdles
A key point of dispute concerns technical access restrictions. In its judgment of 5 October 2023, Case C-296/22, the CJEU held that vehicle manufacturers may not introduce additional conditions that go beyond the EU requirements, such as:
- registration requirements
- server-based access systems
- paid subscriptions
- proprietary diagnostic solutions
According to the court, such measures impair competition in the vehicle repair and maintenance market.
c) Requirements on format and usability
The form in which information is provided is also regularly the subject of disputes. In its judgment C-319/22, Gesamtverband Autoteile-Handel e. V. v Scania CV AB., the CJEU required that RMI be provided in an electronically processable, machine-readable form; purely static PDF presentations are not sufficient.
d) Data protection and cybersecurity as limited objections
Neither data protection arguments nor cybersecurity obligations can, as a rule, prevent access. Instead, security measures must be implemented “by design” without blocking access. They may therefore provide only those restrictions that are genuinely necessary to prevent concrete risks—something the CJEU underlined in its judgment of 5 October 2023, Case C-296/22.
3. Typical Dispute Points in Practice
Litigation practice shows recurring patterns and areas of conflict.
a) Access hurdles and technical barriers
Disputes most frequently arise over additional conditions for access, such as registration requirements or proprietary hardware solutions. These can lead both to regulatory proceedings and to civil and competition law claims.
b) Data format and automation capability
In some cases, information is not provided in a format that can be processed further without additional effort. Proceedings regularly concern the interpretation of what it means for information to be “electronically processable”.
c) Competition conflicts in the aftermarket
A key driver of disputes is economic interest: independent repairers and spare parts distributors view restrictive data strategies as a distortion of competition. Competition law claims based on abuse of a dominant position therefore play an increasing role.
d) Conflicts with new data regimes
With the application of the Data Act, additional delineation questions arise between sector-specific RMI access and general data access rights. This is likely to generate further litigation.
4. Area of Tension with DIN EN ISO 18541
The technical standard DIN EN ISO 18541 plays an important role in the practical implementation of RMI access. However, a tension with CJEU case-law is increasingly apparent: contrary to the established DIN EN ISO 18541 approach, case-law calls for more flexible access possibilities. Divergence between standardisation and case-law is not unusual as such, but it creates major challenges for companies that (for good reason) rely (or have relied) on the stability of corresponding requirements.
DIN EN ISO 18541 is a technical implementation standard and primarily governs:
- portal structures
- authentication processes
- data formats
- interoperability
It does not, however, contain independent statements on competition law access obligations.
In practice, three areas of tension arise in particular:
a) Authentication mechanisms
DIN EN ISO 18541 expressly provides for registration and role-based access systems, while the CJEU critically assesses additional access hurdles.
b) Access to the direct vehicle data stream
ISO standards primarily focus on information access, whereas case-law increasingly requires direct access to the direct vehicle data stream.
c) Security measures
While DIN EN ISO 18541 allows extensive security mechanisms, the CJEU requires a balancing exercise in favour of competition.
As a result, vehicle manufacturer systems may be ISO-compliant but still contrary to EU law.
5. Challenges for Vehicle Manufacturers
Vehicle manufacturers face significant compliance and litigation risks:
a) System architecture and “extended vehicle” models
Centralised data architectures may come into conflict with open access obligations.
b) Multi-regime compliance
Vehicle manufacturers must consider simultaneously:
- type-approval law
- competition law
- data protection law
- cybersecurity regulation
- Data Act requirements
This parallel application creates substantial legal uncertainty.
c) Liability and market surveillance risks
Infringements may lead to:
- administrative measures
- sales restrictions
- fines
- injunctive relief and damages actions
6. Litigation Strategies and Recommended Actions
a) Conduct a legal gap analysis
ISO compliance may alone not be sufficient; EU law compliance is decisive.
b) Implement security-by-design approaches
Security measures must be designed in a competition-neutral manner.
c) Integrate data access early into vehicle architectures
Subsequent modifications are regularly cost-intensive.
d) Assess competition law risks
Data access strategies may be classified as an abuse of market power.
7. Outlook
The conflict over vehicle data will continue to intensify. In particular, the (EU) Data Act will significantly expand access rights and raise new disputes concerning the delimitation of data categories and security interests.
For vehicle manufacturers, this means a fundamental transformation from a data-exclusive business model to a data-open business model—combined with correspondingly increasing litigation risks.
Access to vehicle data is thus developing into a central battleground at the intersection of regulation, competition and digitalisation. Current CJEU case-law shifts the balance clearly in favour of open data access rights—and places established technical standards such as DIN EN ISO 18541 under considerable adaptation pressure that must be anticipated early in practice.
