EU Data Act¶
The EU Data Act aims at enabling fair access for users of Connected Products or Related Services to data generated by those Connected Products or Related Services and by the users interacting with them. The Data Act (Regulation (EU) 2023/2854) establishes a set of rules on data access and use that respects the protection of fundamental rights. It increases data availability – in particular industrial data – and encourages data‑driven innovation while ensuring fairness in the allocation of data value among all actors in the data economy. For an introduction to the Data Act, please visit the Data Act Explained fact page. The Data Act is applicable as of 12 September 2025. The content of the Data Act goes beyond the requirements of the GDPR, but the provisions of the GDPR remain valid. This is not limited to personal data, meaning that machine and device data are also affected by the Data Act.
Note
This summary focuses on Proemion’s interpretation of EU Data Act (REGULATION (EU) 2023/2854 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL) in regard to Proemion’s DataPlatform offering. This document shall not be taken as legal advice.
Main Scopes for Proemion and Proemion Customers¶
For the relation between Proemion and Proemion customers, the EU Data Act defines these main scopes:
- User requested access to data
- Protection of the data
- Switch of Data Processing Service to a different provider
Terminology¶
Proemion understands the terms used in the EU Data Act (Article 2) as follows:
| Term | Definition |
|---|---|
| Connected Product | A product, e.g. a mobile working machine, that collects data and transmits it to a Data Processing Service (e.g. Proemion DataPlatform). Proemion’s TCU (e.g. CANlink mobile) is not itself a Connected Product. It is the gateway that makes a machine a Connected Product. |
| Related Service | A service that augments the Connected Product or works together with it, enabled by the Data Processing Service (e.g. remote diagnostics, remote update, maintenance planning automation). |
| Data Processing Service | A service that enables access to the data and Related Services (Proemion DataPlatform). |
| Data | Any readily available digital representation of information in relation to the operation of the Connected Product. |
| Product Data | Data recorded on the machine and sent to the Data Processing Service (e.g. time‑series data, DTCs, location, …). |
| Related Service Data | Includes events triggered by the Connected Product Actions API, GeoLeash events, and user activity logs with regard to the Connected Product on DataPlatform (e.g. sending an action to a machine, logging a maintenance task for a machine, changing a geofence). User activities not related to the Connected Product (e.g. DataPlatform login, DataPortal administration) are excluded. Proemion is preparing a EU Data Act - List of Data that fall into Related Service Data. |
| Metadata | Information required to interpret and make use of the Product Data or Related Service Data. |
| Derived Information | Information derived from data as an outcome of additional investments (e.g. combined datasets, machine‑learning insights, maintenance events derived by DataPlatform automation). Derived Information does not fall into the scope of the EU Data Act. |
| User | Natural or legal person owning or using the Connected Product or Related Service (usually: machine owner). |
| Data Holder | The entity that determines and controls access to the readily available data from the Connected Product. In practice, this is usually the OEM / machine manufacturer. Proemion supplies the technical means (APIs, DataPlatform) but does not normally decide who is entitled to access and is therefore generally not the data holder unless it directly governs access under specific arrangements. |
Note
The detailed EU Data Act – List of Data is provided upon request to OEMs and authorized users, as it contains technical and configuration-dependent information.
User Data Access Rights¶
The EU Data Act allows Users to request access to Product Data from Connected Products (Article 4(1)). Access to readily available data (raw data) has to be granted free of charge to the User and continuous or in real time where relevant.
The User needs to be informed about what data the Connected Product creates, how it can be accessed, how long it is retained, and how it can be deleted (Article 3(2)). Proemion provides general information about what data is created by the Related Service (DataPlatform). This information can be included by the OEM. Proemion currently enables access to Product Data and a certain subset (except User activity logs) of Related Service Data on demand via its REST API or scheduled via DataPump (for Product Data).
Proemion enables data sharing according to the EU Data Act by using REST API Clients. For this purpose, the Operational:View Permission Set has been introduced, allowing access to readily available Product Data and selected Related Service Data without granting administrative or configuration privileges. For detailed information on the available endpoints that are compatible with the Operational:View Permission Set, please refer to the Proemion REST API.
OEMs can make the REST API description and the relevant endpoints available to Users requesting data access. Proemion considers DataPlatform’s user management to be sufficient for the User identification requirements described in the EU Data Act. For connecting to another system (“sharing with 3rd party” – Article 5), e.g. rental management systems, Proemion provides the standardized AEMP API (ISO 15143 -3). The standardized interface allows for easy integration without platform‑specific programming and provides access to the subset of data as described in the standard. In order to retrieve all available Product Data, the Proemion REST API can be used.
Example endpoints:
For cases that do not require API integration, the DataPortal functionality Fleet Data Export can be used. Additionally, Users can request to forward the data to a third party within the EU. The data holder is not obliged to share data with a non‑EU recipient based on the EU Data Act. This can be implemented by deploying Proemion’s DataPump. Extra protection is required when sharing data containing trade secrets.
Data Protection and Trade Secrets¶
The EU Data Act requires that data, including non‑personal data, is protected against unauthorized access.
Proemion deploys measures against unauthorized access to customers’ machine and personal data. To formalize these processes, Proemion established an Information Security Management System (ISMS) according to ISO/IEC 27001.
More information is available on Proemion´s Trust Center.
Switching of Data Processing Services¶
OEM Switching Providers¶
If an OEM wants to change the Data Processing Service provider (exit from Proemion), Proemion will support this request with a migration project. Data can be extracted as required, or a DataPump forwarding telematics data of the existing fleet to the new provider can be established. This will be handled as a project and – for the period until 12 January 2027 – invoiced based on effort.
Machine Owner Switching Providers¶
For the switch of a machine owner to a different telematics provider, Proemion currently cannot support a cloud switching service. A third party may request the data via REST API or the data can be sent via DataPump. A switch of the TCU to a third party currently cannot be supported.
Transparency and Information Obligations¶
As the OEM designs the Connected Product and offers it with the Related Services to their customers, the EU Data Act defines some additional obligations. As Proemion provides the Data Processing Service and at least the foundation for the Related Services, Proemion needs to fulfill some additional obligations towards the OEM. The following lists here are non-exclusive.
OEM Pre‑Contractual Obligations¶
Before closing a contract (sale, rent, lease) for a Connected Product, the User needs to be informed about (Article 3(2)):
- which data is collected,
- what format the data is in,
- what data volume the product generates,
- whether the data is generated continuously and in real time,
- where and how long it is stored,
- how to access, retrieve or, where relevant, erase the data.
Data Access by Design¶
Connected Products placed on the market after 12 September 2026 must be designed in a way that access to data is possible for Users. By using Proemion DataPlatform as described in the section User requested access to Data, access to data is already possible today. A DataPortal account with visualizations and analytics qualifies as a value‑added service which the OEM can re‑sell, provided that Users can still obtain their raw machine data free of charge through another channel.
Proemion Pre‑Contractual Obligations¶
Before closing a contract for the provision of DataPlatform, Proemion customers have the right to be informed about what data DataPlatform is retrieving, storing, and generating to provide the services (Article 3(3)).
Proemion provides this information via EU Data Act – List of Data. The pre‑contractual information additionally includes:
- where the data is stored,
- how to contact Proemion,
- how to request data sharing,
- whether trade secrets are involved.