The European Commission issued definitive guidance in September 2025 clarifying which vehicle data automotive manufacturers must share under the EU Data Act.

With enforcement beginning September 2026, OEMs must provide access to raw and pre-processed vehicle data while protecting proprietary algorithms. Direct user access is free, but B2B data sharing can be monetized under reasonable compensation rules.

As the September 2026 deadline nears, the European Commission has issued comprehensive guidance that clarifies exactly which vehicle data must be shared and how. For automotive manufacturers still planning their compliance strategy, it’s now essential to understand these details.

Why this guidance matters for automotive OEMs?

EU Data Act becomes enforceable in September 2026, requiring all connected vehicle manufacturers to provide direct data access to end users and their chosen third parties. While the regulation itself established the legal framework, the Commission's guidance document - published September 12, 2025 - provides automotive specific interpretation that removes much of the ambiguity manufacturers have faced.

This is no longer just a paper exercise. If you fall short, expect:

•  Heavy financial consequences
•  Serious business risk and reputational damage
•  Potential legal exposure across EU markets
•  A competitive disadvantage as compliant competitors gain market access

For OEMs without appropriate technological infrastructure or clear understanding of these requirements, the deadline is rapidly approaching.

At Grape Up, our expert team and  Databoostr platform have already helped multiple OEMs achieve compliance before the September deadline.  Learn more about our solution .

What vehicle data must be shared?

The September 2025 guidance establishes clear boundaries between data that falls within and outside the Data Act's scope, resolving one of the most contested issues in implementation planning.

In-scope data: Raw and pre-processed vehicle data

Manufacturers must provide access to data that characterizes vehicle operation or status. The guidance defines two categories that must be shared:

 Raw Data Examples:

•  Sensor signals: wheel speed, tire pressure, brake pressure, yaw rate
•  Position signals: windows, throttle, steering wheel angle
•  Engine metrics: RPM, oxygen sensor readings, mass airflow
•  Raw image/point cloud data from cameras and LiDAR
•  CAN bus messages
•  Manual command results: wiper on/off, air conditioning usage; component status: door locked/unlocked, handbrake engaged

 Pre-Processed Data Examples:

•  Temperature measurements (oil, coolant, engine, battery cells, outside air)
•  Vehicle speed and acceleration
•  Liquid levels (fuel, oil, brake fluid, windshield wiper fluid)
•  GNSS-based location data
•  Odometer readings
•  Fuel/energy consumption rates
•  Battery charge level
•  Normalized tire pressure
•  Brake pad wear percentage
•  Time or distance to next service
•  System status indicators (engine running, battery charging status) and malfunction codes and warning indicators

 Bottom line is this: If the data describes real-world events or conditions captured by vehicle sensors or systems, it's in scope - even when normalized, reformatted, filtered, calibrated, or otherwise refined for use.

The guidance clarifies that basic mathematical operations don't exempt data from sharing requirements. Calculating current fuel consumption from fuel flow rate and vehicle speed still produces in-scope data that must be accessible.

Out-of-scope data: Inferred and derived information

Data excluded from mandatory sharing requirements represents entirely new insights created through complex, proprietary algorithms:

•  Dynamic route optimization and planning algorithms
•  Advanced driver-assistance systems outputs (object detection, trajectory predictions, risk assessment)
•  Engine control algorithms optimizing performance and emissions
•  Driver behavior analysis and eco-scores
•  Crash severity analysis
•  Predictive maintenance calculations using machine learning models

 The main difference is this: The guidance emphasizes that exclusion isn't about technical complexity alone - it's about whether the data represents new information beyond describing vehicle status. Predictions of future events typically fall out of scope due to their inherent uncertainty and the proprietary algorithms required to generate them.

However, if predicted data relates to information that would otherwise be in-scope, and less sophisticated alternatives are readily available, those alternatives must be shared. For example, if a complex machine learning model predicts fuel levels, but a simpler physical fuel sensor provides similar data, the physical sensor data must be accessible.

How must data access be provided?

The Data Act takes a technology-neutral approach as of September 2025, allowing manufacturers to choose how they provide data access - whether through remote backend solutions, onboard access, or data intermediation services. However, three essential requirements apply:

1. Quality equivalence requirement

Data provided to users and third parties must match the quality available to the manufacturer itself. This means:

•  Equivalent accuracy - same precision and correctness
•  Equivalent completeness - no missing data points
•  Equivalent reliability - same uptime and availability
•  Equivalent relevance - contextually useful data
•  Equivalent timeliness - real-time or near-real-time as per manufacturer's own access

The guidance clearly prohibits discrimination: data cannot be made available to independent service providers at lower quality than what manufacturers provide to their own subsidiaries, authorized dealers, or partners.

2. Ease of access requirement

The "easily available" mandate means manufacturers cannot impose:

•  Undue technical barriers requiring specialized knowledge
•  Prohibitive costs for end-user access
•  Complex procedural hurdles

 In practice: If data access requires specialized tools like proprietary OBD-II readers, manufacturers must either provide these tools at no additional cost with the vehicle or implement alternative access methods such as remote backend servers.

3. Readily available data obligation

The guidance clarifies that “readily available data” includes:

•  Data manufacturers currently collect and store
•  Data they “can lawfully obtain without disproportionate effort beyond a simple operation”

For OEMs implementing extended vehicle concepts where data flows to backend servers, this has significant implications. Even if certain data points aren’t currently transmitted due to bandwidth limitations, cost considerations, or perceived lack of business use-case, they may still fall within scope if retrievable through simple operations.

When assessing whether obtaining data requires “disproportionate effort,” manufacturers should consider:

•  Technical complexity of data retrieval
•  Cost of implementation
•  Existing vehicle architecture capabilities

What are vehicle-related services under the Data Act?

The September 2025 guidance distinguishes between services requiring Data Act compliance and those that don’t.

Services requiring compliance (vehicle-related services)

Vehicle-related services require bi-directional data exchange affecting vehicle operation:

•     Remote vehicle control:    door locking/unlocking, engine start/stop, climate pre-conditioning, charging management
•     Predictive maintenance:    services displaying alerts on vehicle dashboards based on driver behavior analysis
•     Cloud-based preferences:    storing and applying driver settings (seat position, infotainment, temperature)
•     Dynamic route optimization:    using real-time vehicle data (battery level, fuel, tire pressure) to suggest routes and charging/gas stations

Services NOT requiring compliance

Traditional aftermarket services generally aren't considered related services:

•  Auxiliary consulting and analytics services
•  Financial and insurance services analyzing historical data
•  Regular offline repair and maintenance (brake replacement, oil changes)
•  Services that don't transmit commands back to the vehicle

 The key distinction: services must affect vehicle functioning and involve transmitting data or commands to the vehicle to qualify as "vehicle-related services" under the Data Act.

Understanding the cost framework for data sharing

The guidance issued in September 2025 draws a clear line in the Data Act's cost structure that directly impacts business models.

Free access for end users

When vehicle owners or lessees request their own vehicle data - either directly or through third parties they've authorized - this access must be provided:

•  Easily and without prohibitive costs
•  Without requiring expensive specialized equipment through user-friendly interfaces or methods

Paid access for B2B partners

Under Article 9 of the Data Act, manufacturers can charge reasonable compensation for B2B data access. This applies when business partners request data, including:

•  Fleet management companies
•  Insurance providers
•  Independent service providers
•  Car rental and leasing companies
•  Other commercial third parties

 For context: The Commission plans to issue detailed guidelines on calculating reasonable compensation under Article 9(5), which will provide specific methodologies for determining fair pricing. This forthcoming guidance will be crucial for manufacturers developing their data plans to monetize data while ensuring compliance.

 Key Limitation: These compensation rights have no bearing on other existing regulations governing automotive data access, including technical information necessary for roadworthiness testing. The Data Act's compensation framework applies specifically to the new data sharing obligations it creates.

Practical implementation considerations for September 2026

Backend architecture and extended vehicle obligations

The extended vehicle concept, where data continuously flows from vehicles to manufacturer backend servers, creates both opportunities and obligations. This architecture makes data readily available to OEMs, who must then provide equivalent access to users and third parties.

Action items:

•  Audit which data points your current architecture makes readily available
•  Ensure access mechanisms can deliver this data with equivalent quality to all authorized recipients
•  Evaluate whether data points not currently collected could be obtained "without disproportionate effort"

Edge processing and data retrievability

Data processed "on the edge" within the vehicle and immediately deleted isn't subject to sharing requirements. However, the September 2025 guidance encourages manufacturers to consider the importance of certain data points for independent aftermarket services when deciding whether to design these data points as retrievable.

Critical data points for aftermarket services:

•  Accelerometer readings
•  Vehicle speed
•  GNSS location
•  Odometer values

Making these retrievable benefits the broader automotive ecosystem and may provide competitive advantages in partnerships.

Technology choices and flexibility

While the Data Act is technology-neutral, chosen access methods must meet quality requirements. If a particular implementation - such as requiring users to physically connect devices to OBD-II ports - results in data that is less accurate, complete, or timely than backend server access, it fails to meet the quality obligation.

Manufacturers should evaluate access methods based on:

•  Data quality delivered to recipients
•  Ease of use for different user types
•  Cost-effectiveness of implementation
•  Scalability for B2B partnerships
•  Integration with existing digital infrastructure

Databoostr: Purpose-built for EU Data Act compliance

Grape Up's Databoostr platform was developed specifically to address the complex requirements of the EU Data Act. The solution combines specialized legal, process, and technological consulting with a proprietary data sharing platform designed for automotive data compliance.

 Learn more about Databoostr and how it can help your organization meet EU Data Act requirements.

Addressing the EU Data Act requirements

Databoostr's architecture directly addresses the key requirements established in the Commission's guidance:

 Quality Equivalence: The platform ensures data shared with end users and third parties matches the quality available to manufacturers, with built-in controls preventing discriminatory access patterns.

 Ease of Access: Multiple access methods—including remote backend integration and user-friendly interfaces - eliminate technical barriers for end users while supporting sophisticated B2B integrations.

 Readily Available Data Management : The platform handles both currently collected data and newly accessible data points, managing the complexity of determining what constitutes "readily available" under the guidance.

 Check our case studies :  EU Data Act Connected Vehicle Portal and  Connected Products Data Sharing Platform

Modular architecture for compliance and monetization

Databoostr's modular design addresses both immediate compliance needs and strategic opportunities. Organizations implementing the platform for EU Data Act requirements can seamlessly activate additional modules for data monetization:

•  Data catalog management for showcasing available data products
•  Subscription and package sales for B2B partners
•  Automatic usage calculation tracking data sharing volumes
•  Billing infrastructure supporting the Article 9 reasonable compensation framework

This setup supports both compliance and revenue growth from a single platform, reducing IT complexity while meeting the guidance's technical requirements.

Comprehensive implementation methodology

The Databoostr implementation approach aligns with the guidance's requirements through:

 Legal Consulting

•  Analyzing regulatory requirements specific to your vehicle types
•  Translating Data Act provisions into specific organizational obligations
•  Interpreting the September 2025 guidance within your business context
•  Creating individual implementation roadmaps

 Process Consulting

•  Designing compliant data sharing workflows for end users and B2B partners
•  Determining which data points fall in-scope based on your architecture
•  Establishing quality equivalence controls
•  Planning for reasonable compensation structures

 Technical Consulting

•  Pre-implementation analysis of existing data infrastructure
•  Solution architecture tailored to your extended vehicle implementation
•  Integration planning with backend systems
•  Addressing readily available data retrieval requirements

 Platform Customization

•  Integration with existing digital ecosystems
•  Custom components for specific vehicle architectures
•  Access method implementation (backend, onboard, or hybrid)
•  Quality assurance mechanisms

 Comprehensive Testing

•  Quality equivalence validation
•  Integration verification with existing IT infrastructure
•  Security testing ensuring compliant data sharing
•  Functional testing confirming alignment with guidance requirements

Post-implementation support

With the extended vehicle concept creating readily available data obligations, manufacturers need ongoing platform management. Databoostr provides:

•  Continuous monitoring of platform operation
•  Response to technical or functional issues
•  Supervision of ongoing compliance with Data Act requirements
•  Platform updates reflecting evolving regulatory interpretations

Timeline: What automotive OEMs should do now

 Now - March 2026: Complete data inventory, classify according to guidance definitions, design technical architecture, begin platform implementation

 March - July 2026: Finalize platform integration, conduct comprehensive testing, establish B2B partnership frameworks, train internal teams

 July - September 2026: Run parallel systems, validate compliance, prepare documentation for regulatory authorities, establish monitoring processes

 September 2026 and Beyond: Full enforcement begins, ongoing compliance monitoring, response to Commission's forthcoming compensation calculation guidelines

The path forward: Clear requirements, fixed deadline

The Commission's September 2025 guidance removes ambiguity that has delayed planning for some organizations. With regulatory requirements now precisely defined and less than eleven months until enforcement begins, manufacturers should be finalizing their compliance plans and beginning implementation.

The guidance encourages affected industry stakeholders to engage in dialogue achieving balanced implementation. The Commission also emphasizes coordination between Data Act enforcement authorities and other automotive regulators, including those overseeing type approval and data protection, to ensure smooth interplay between regulations.

For automotive manufacturers, three facts are now clear:

1.     The requirements are defined:    The September 2025 guidance specifies exactly which data must be shared, at what quality level, and through what access methods
2.     The deadline is fixed:    September 2026 enforcement is approaching rapidly
3.     The consequences are significant:    Non-compliance risks financial penalties, business disruption, and competitive disadvantage

Organizations that haven't yet begun implementation should treat the Commission's guidance as a final call to action.

Right To Repair and EU Data Act as a step towards data monetization.

Legislators try to shape the future

In recent years the automotive market has witnessed a growing amount of laws and regulations protecting customers across various markets. At the forefront of such legislation is the European Union, where the most significant disruption for modern software-defined vehicles come from the EU Data Act and EU AI Act. The legislation aims to control the use of AI and to make sure that the equipment/vehicle owner is also the owner of the data generated by using the device. The vehicle owner can decide to share the data with any 3rd party he wants, effectively opening the data market for repair shops, custom applications, usage-based insurance or fleet management.

Across the Atlantic, in the United States, there is a strong movement called “Right to Repair”, which effectively tries to open the market of 3rd party repair of all customer devices and appliances. This also includes access to the data generated by the vehicle. While the federal legislation is not there, there are two states that that stand out in terms of their approach to Right to Repair in the automotive industry – Massachusetts and Maine.

Both states have a very different approach, with Maine leaning towards an independent entity and platform for sharing information (which as of now does not exist) and Massachusets towards OEMs creating their own platforms. With numerous active litigations, including lawsuits OEMs vs State, it’s hard to judge what will be the final enforceable version of the legislation.

The current situation

Both pieces of legislation impose a penalty when it’s not fulfilled – severe in the case of EDA (while not final, the fines are expected to be substantial, potentially reaching up to €20 million or 4% of total worldwide annual turnover!), and slightly lower for state Right to Repair (for civil law suits it may be around $1000 per VIN per day, or in Massachusets $10.000 per violation).

The approach taken by the OEMs to tackle this fact varies greatly. In the EU most of the OEMs either reused existing software or build/procured new systems to fulfill the new regulation. In the USA, because of the smaller impact, there are two approaches: Subaru and Kia in 2022 decided to just disable their connected services (Starlink and Kia Connect respectively) in states with strict legislation. Others decided to either take part in litigation, or just ignore the law and wait. Lately federal judges decided in favor of the state, making the situation of OEMs even harder.

Data is a crucial asset in today’s world

Digital services, telematics, and in general data are extremely important assets. This has been true for years in e-commerce, where we have seen years of tracking, cookies and other means to identify customers behavior. The same applies to telemetry data from the vehicle. Telemetry data is used to repair vehicles, to design better features and services offering for existing and new models, identify market trends, support upselling, lay out and optimize charging network, train AI models, and more. The list never ends.

Data is collected everywhere. And in a lot of cases stored everywhere. The sales department has its own CRM, telemetry data is stored in a data lake, the mobile app has its own database. Data is siloed and dispersed, making it difficult to locate and use effectively.

Data platform importance

To solve the problem with both mentioned legislations you need a data sharing platform. The platform is required to manage the data owner consent, enable collection of data in single place and sharing with either data owner, or 3rd party. While allowing to be compliant with upcoming legislation, it also helps with identifying the location of different data points, describing it and making available in single place – allowing to have a better use of existing datasets.

A data platform like Grape Up Databoostr helps you quickly become compliant, while our experienced team can help you find, analyze, prepare and integrate various data sources into the systems, and at the same time navigate the legal and business requirements of the system.

Cost of becoming compliant

Building a data streaming platform comes at the cost. Although not terribly expensive, platform requires investment which does not immediately seem useful from a business perspective. Let’s then now explore the possibilities of recouping the investment.

• You can use the same data sharing platform to sell the data, even reusing the mechanism used to get user consent for sharing the data. For B2B use cases, the mechanism is not required.
• Legislation mainly mandates to share data “as is”, which means raw, unprocessed data. Any derived data, like predictive maintenance calculation from AI algorithms, proprietary incident detection systems, or any data that is processed by OEM. This allows not just to put a price tag on data point, but also to charge more due to additional work required to build analytics models.
• You can share the anonymized datasets, which then can be used to train AI models, identify EVs charging patterns, or plan marketing campaigns.
• And lastly, EU Data Act allows to charge fair amount for sharing the data, to recoup the cost of building and maintaining the platform. The allowed price depends on the requestor, where enterprises can be charged with a margin, and the data owner should be able to get data for free.

We can see that there are numerous ways to recoup the cost of building the platform. This is especially important as the platform might be required to fulfill certain regulations, and procuring the system is required, not optional.

The power of scale in data monetization

As we now know, building a data streaming platform is more of a necessity, than an option, but there is a way to change the problem into an opportunity. Let’s see if the opportunity is worth the struggle.

We can begin with dividing the data into two types – raw and derived. And let’s put a price tag on both to make the calculation easier. To further make our case easier to calculate and visualize, I went to high-mobility and checked current pricing for various brands, and took the average of lower prices.

The raw data in our example will be $3 per VIN per month, and derived data will be $5 per VIN per month. In reality the prices can be higher and associated with selected data package (the data from powertrain will be different from chassis data).

Now let’s assume we start the first year with a very small fleet, like the one purchased for sales representatives by two or three enterprises – 30k of vehicles. Next year we will add a leasing company which will increase the number to 80k of vehicles, and in 5 years we will have 200k VINs/month with subscription.

Of course, this represents just a conservative projection, which assumes rather small usage of the system and slow growth, and exclusive subscription to VIN (in reality the same VIN data can be shared to an insurance company, leasing company, and rental company).

This is constant additional revenue stream, which can be created along the way of fulfilling the data privacy and sharing regulations.

Factors influencing the value

$3 per VIN per month may initially appear modest. Of course with the effect of scale we have seen before, it becomes significant, but what are the factors which influence the price tag you can put on your data?

• Data quality and veracity – the better quality of data you have, the less data engineering is required on the customer side to integrate it into their systems.
• Data availability (real-time versus historical datasets) – in most cases real-time data will be more valuable – especially when the location of the vehicle is important.
• Data variety – more variety of data can be a factor influencing the value, but more importantly is to have the core data (like location and lock state). Missing core data will reduce the value greatly.
• Legality and ethics – the data can only be made available with the owner consent. That’s why consent management systems like the ones required by EDA are important.

What is required

To monetize the data you need a platform, like Grape Up’s Databoostr. This platform should be integrated into various data sources in the company, making sure that data is streamed in a close to real-time way. This aspect is important, as quite a lot of modern use cases (like Fleet Management System) requires data to be fresh.

Next step is to create pricing strategy and identify customers, who are willing to pay for the data. It is a good start to ask the business development department if there are customers who already asked for data access, or even required to have this feature before they invest in bigger fleet.

The final step would be to identify the opportunities to further increase revenue, by adding additional data points for which customers are willing to pay extra.

Summary

Ultimately, data is no longer a byproduct of connected vehicles – it is a strategic asset. By adopting platforms like Grape Up’s Databoostr, OEMs can not only meet regulatory requirements but also position themselves to capitalize on the growing market for automotive data. With the right strategy, what begins as a compliance necessity can evolve into a long-term competitive advantage.

‍

The road to electrification isn’t straightforward, and concerns about battery sustainability, safety, and lifecycle management are growing. For years, battery manufacturers,  automotive OEMs , and other industries have faced a key challenge: tracking and verifying a battery’s entire lifecycle, from production to recycling.

Until now, important details about a battery's origin, carbon footprint, and material makeup have been hard to access. This has led to inconsistent sustainability claims, challenges in second-life applications, and regulatory confusion.

Now, consumers, industries, and regulators are  demanding more transparency . To meet this demand, the EU is introducing the Digital Battery Passport as part of the Eco-design for Sustainable Products Regulation (ESPR) and the EU Battery Regulation.

This new approach could bring benefits like increased recycling revenue, reduced carbon emissions, and lower recycling costs. It will also give consumers the information they need to make more sustainable choices.

But what does the Digital Battery Passport actually entail, and how will it impact the entire battery value chain?

Understanding the Digital Battery Passport

The  Digital Battery Passport is an electronic record that stores critical information about a battery, providing transparency across its entire lifecycle.

It serves as a structured database that allows different stakeholders (including regulators, manufacturers, recyclers, and consumers) to retrieve relevant battery data.

This passport is part of the EU's broader effort to support a circular economy and making sure that batteries are sourced sustainably, used responsibly, and recycled properly.

The information stored in the Battery Passport falls into several key areas:

•     General battery and manufacturer details    such as model identification, production date, and location.

•     Carbon footprint data    , including emissions generated during production and expected lifetime energy efficiency.

•     Supply chain due diligence    , ensuring responsible sourcing of raw materials like lithium, cobalt, and nickel.

•     Battery performance and durability –    State of Health (SoH), charge cycles, and degradation tracking.

•     End-of-life management –    Guidance for battery recycling, second-life applications, and disposal.

The goal is to bring transparency and accountability to battery production, prevent greenwashing, and confirm that sustainability claims are backed by verifiable data.

How the Battery Passport’s implementation will affect OEMs

While the responsibility varies, OEMs must verify that all batteries in their vehicles meet EU regulations before being sold. This includes confirming supplier compliance, tracking battery data, and preparing for enforcement.

The responsibility for issuing the Battery Passport lies with the economic operator who places the battery on the market or puts it into service in the EU.

Meeting the Battery Passport requirements

OEMs must incorporate Battery Passport requirements into procurement strategies,  data infrastructure , and compliance processes to avoid supply chain disruptions and regulatory penalties.

Here’s what OEMs must do to comply:

FAQs about the Digital Battery Passport

Who needs to implement a Battery Passport, and by when?

Starting February 18, 2027, all EV batteries, industrial batteries over 2 kWh, and light means of transport (LMT) batteries (including those used in e-bikes, e-scooters, and other lightweight electric vehicles) sold in the EU must include a Digital Battery Passport.

OEMs, battery manufacturers, importers, and distributors will need to comply by this deadline.

However, some requirements take effect earlier:

•     February 18, 2025    – Companies must start reporting the carbon footprint of their batteries.

•     August 18, 2026    – The European Commission will finalize the implementation details and provide further technical clarifications.

What information must be included in the Battery Passport?

The Battery Passport stores comprehensive battery lifecycle data, structured into four access levels:

1)  Publicly available information (Accessible to everyone, including consumers and regulators)

This section contains general battery identification and sustainability data, which must be available via a QR code on the battery.

•  Battery model, manufacturer details, and plant location
•  Battery category, chemistry, and weight
•  Date of manufacture (month/year)
•  Carbon footprint declaration and sustainability data
•  Critical raw materials content (e.g., cobalt, lithium, nickel, lead)
•  Presence of hazardous substances

2)  Information available to authorities and market surveillance bodies

•  Safety and compliance test results
•  Detailed chemical composition (anode, cathode, electrolyte materials)
•  Instructions for battery dismantling, recycling, and repurposing
•  Risk and security assessments

3)  Private information (Available to battery owners & authorized third parties)

This section contains real-time performance and operational data and is accessible to the battery owner, fleet operators, and authorized maintenance providers.

•  State of Health (SoH) & expected lifetime
•  Charge/discharge cycles and total energy throughput
•  Thermal event history and operational temperature logs
•  Warranty details and remaining usable life in cycles
•  Original capacity vs. current degradation rate
•  Battery classification status: "original," "repurposed," "remanufactured," or "waste"

4)  Information available only to the European Commission, National Regulatory Bodies & market surveillance authorities

This is the most restricted category, which contains highly technical and competitive data that is only accessible to designated authorities for compliance verification and regulatory oversight.

•  Additional technical compliance reports and proprietary safety testing results
•  Performance benchmarking and lifecycle assessment reports
•  Detailed breakdown of emissions calculations and regulatory certifications

                   A note on secure access and retrieval                
   
    Each Battery Passport must be linked to a QR code with a unique identifier to allow standardized and secure data retrieval via a cloud-based system.    
   
    QR codes “shall be printed or engraved visibly, legibly and indelibly on the battery.” If the battery is too small to have a QR code engraved on it, or it is not possible to engrave it, the code should be included with the battery’s documentation and packaging.          

What happens if an OEM fails to comply?

Non-compliance with the Battery Passport requirements carries serious consequences for OEMs and battery manufacturers.

•  Batteries without a passport will be banned from sale in the EU starting in 2027.

•  Fines and penalties may be imposed for missing transparency and reporting obligations.

•  Legal and reputational risks will increase, particularly if battery safety, sustainability, or performance issues arise.

Given these risks, proactive compliance planning is essential. OEMs must act now to integrate Battery Passport requirements into their supply chains and product development strategies.

Will repaired or second-life batteries need a new passport?

Yes. Batteries that are repaired, repurposed, or remanufactured must receive a new Battery Passport linked to the original battery’s history. Recycled batteries entering the market after 2027 must also follow passport regulations, keeping second-life batteries traceable. This allows used batteries to be resold or repurposed in energy storage applications.

Will the Battery Passport apply to older batteries?

No. The regulation only applies to batteries placed on the market after February 18, 2027. However, OEMs that remanufacture or recycle batteries after this date must take care of compliance before reselling or repurposing them.

How to store EU Battery Passport data: Two approaches

Companies need to decide how to store and manage the large volumes of data required for compliance. There are two main options:

1.     Blockchain-based systems    – A decentralized ledger where data is permanently recorded and protected from tampering. This preserves long-term transparency and integrity.
2.     Cloud-based systems    – A centralized storage model that allows for real-time updates, scalability, and flexibility. This makes managing compliance data easier.

Each option has its benefits.

Blockchain offers security and traceability, which makes it ideal for regulatory audits and builds consumer trust. Cloud storage provides flexibility, which allows companies to manage and update battery lifecycle data efficiently.

Many companies may choose a hybrid solution, using blockchain for immutable regulatory data and cloud storage for real-time operational tracking.

Regulatory landscape: A complex web of compliance

The Digital Battery Passport is part of a broader effort to improve data transparency, sustainability, and resource management. However, it doesn’t exist in isolation. Companies working in global supply chains must navigate a growing web of regulations across various jurisdictions.

The EU Battery Regulation aligns with major policy initiatives like the  EU Data Act, which governs access to and sharing of industrial data, and the Ecodesign for Sustainable Products Regulation (ESPR), which broadens sustainability requirements beyond energy efficiency. These laws reflect the EU’s push for a circular economy, but they also present significant compliance challenges for OEMs, battery manufacturers, and recyclers.

Outside the EU, similar regulatory trends are emerging. Canada’s Consumer Privacy Protection Act (CPPA) expands on the country's existing privacy framework, while the California Consumer Privacy Act (CCPA) and China’s Personal Information Protection Law (PIPL) set strict rules for how businesses collect, store, and share data.

While these laws focus on privacy, they also signal a global move toward tighter control over digital information, which is closely tied to the requirements for battery passports.

How an IT partner can help OEMs prepare for the EU Battery Passport

Here’s where an IT enables can help.

•     Make Battery Passport data easy to access    – Set up systems that store and connect passport data with Battery Management Systems (BMS) and internal databases.

•     Make sure QR codes work properly    – Integrate tracking so every battery’s passport is linked and scannable when needed.

•     Simplify compliance reporting    – Automate data collection for regulators, recyclers, and customers to reduce manual work.

•     Manage second-life batteries    – Track when batteries are repurposed or remanufactured and update their passports without losing original data.

•     Choose the right storage    – Whether it’s cloud, blockchain, or a hybrid approach, IT support ensures that battery data stays secure and available.

With the 2027 deadline approaching, OEMs need systems that make compliance manageable.

Let’s talk about the best way to integrate the Battery Passport requirements.

‍