Right To Repair and EU Data Act as a step towards data monetization.

Legislators try to shape the future

In recent years the automotive market has witnessed a growing amount of laws and regulations protecting customers across various markets. At the forefront of such legislation is the European Union, where the most significant disruption for modern software-defined vehicles come from the EU Data Act and EU AI Act. The legislation aims to control the use of AI and to make sure that the equipment/vehicle owner is also the owner of the data generated by using the device. The vehicle owner can decide to share the data with any 3rd party he wants, effectively opening the data market for repair shops, custom applications, usage-based insurance or fleet management.

Across the Atlantic, in the United States, there is a strong movement called “Right to Repair”, which effectively tries to open the market of 3rd party repair of all customer devices and appliances. This also includes access to the data generated by the vehicle. While the federal legislation is not there, there are two states that that stand out in terms of their approach to Right to Repair in the automotive industry – Massachusetts and Maine.

Both states have a very different approach, with Maine leaning towards an independent entity and platform for sharing information (which as of now does not exist) and Massachusets towards OEMs creating their own platforms. With numerous active litigations, including lawsuits OEMs vs State, it’s hard to judge what will be the final enforceable version of the legislation.

The current situation

Both pieces of legislation impose a penalty when it’s not fulfilled – severe in the case of EDA (while not final, the fines are expected to be substantial, potentially reaching up to €20 million or 4% of total worldwide annual turnover!), and slightly lower for state Right to Repair (for civil law suits it may be around $1000 per VIN per day, or in Massachusets $10.000 per violation).

The approach taken by the OEMs to tackle this fact varies greatly. In the EU most of the OEMs either reused existing software or build/procured new systems to fulfill the new regulation. In the USA, because of the smaller impact, there are two approaches: Subaru and Kia in 2022 decided to just disable their connected services (Starlink and Kia Connect respectively) in states with strict legislation. Others decided to either take part in litigation, or just ignore the law and wait. Lately federal judges decided in favor of the state, making the situation of OEMs even harder.

Data is a crucial asset in today’s world

Digital services, telematics, and in general data are extremely important assets. This has been true for years in e-commerce, where we have seen years of tracking, cookies and other means to identify customers behavior. The same applies to telemetry data from the vehicle. Telemetry data is used to repair vehicles, to design better features and services offering for existing and new models, identify market trends, support upselling, lay out and optimize charging network, train AI models, and more. The list never ends.

Data is collected everywhere. And in a lot of cases stored everywhere. The sales department has its own CRM, telemetry data is stored in a data lake, the mobile app has its own database. Data is siloed and dispersed, making it difficult to locate and use effectively.

Data platform importance

To solve the problem with both mentioned legislations you need a data sharing platform. The platform is required to manage the data owner consent, enable collection of data in single place and sharing with either data owner, or 3rd party. While allowing to be compliant with upcoming legislation, it also helps with identifying the location of different data points, describing it and making available in single place – allowing to have a better use of existing datasets.

A data platform like Grape Up Databoostr helps you quickly become compliant, while our experienced team can help you find, analyze, prepare and integrate various data sources into the systems, and at the same time navigate the legal and business requirements of the system.

Cost of becoming compliant

Building a data streaming platform comes at the cost. Although not terribly expensive, platform requires investment which does not immediately seem useful from a business perspective. Let’s then now explore the possibilities of recouping the investment.

• You can use the same data sharing platform to sell the data, even reusing the mechanism used to get user consent for sharing the data. For B2B use cases, the mechanism is not required.
• Legislation mainly mandates to share data “as is”, which means raw, unprocessed data. Any derived data, like predictive maintenance calculation from AI algorithms, proprietary incident detection systems, or any data that is processed by OEM. This allows not just to put a price tag on data point, but also to charge more due to additional work required to build analytics models.
• You can share the anonymized datasets, which then can be used to train AI models, identify EVs charging patterns, or plan marketing campaigns.
• And lastly, EU Data Act allows to charge fair amount for sharing the data, to recoup the cost of building and maintaining the platform. The allowed price depends on the requestor, where enterprises can be charged with a margin, and the data owner should be able to get data for free.

We can see that there are numerous ways to recoup the cost of building the platform. This is especially important as the platform might be required to fulfill certain regulations, and procuring the system is required, not optional.

The power of scale in data monetization

As we now know, building a data streaming platform is more of a necessity, than an option, but there is a way to change the problem into an opportunity. Let’s see if the opportunity is worth the struggle.

We can begin with dividing the data into two types – raw and derived. And let’s put a price tag on both to make the calculation easier. To further make our case easier to calculate and visualize, I went to high-mobility and checked current pricing for various brands, and took the average of lower prices.

The raw data in our example will be $3 per VIN per month, and derived data will be $5 per VIN per month. In reality the prices can be higher and associated with selected data package (the data from powertrain will be different from chassis data).

Now let’s assume we start the first year with a very small fleet, like the one purchased for sales representatives by two or three enterprises – 30k of vehicles. Next year we will add a leasing company which will increase the number to 80k of vehicles, and in 5 years we will have 200k VINs/month with subscription.

Of course, this represents just a conservative projection, which assumes rather small usage of the system and slow growth, and exclusive subscription to VIN (in reality the same VIN data can be shared to an insurance company, leasing company, and rental company).

This is constant additional revenue stream, which can be created along the way of fulfilling the data privacy and sharing regulations.

Factors influencing the value

$3 per VIN per month may initially appear modest. Of course with the effect of scale we have seen before, it becomes significant, but what are the factors which influence the price tag you can put on your data?

• Data quality and veracity – the better quality of data you have, the less data engineering is required on the customer side to integrate it into their systems.
• Data availability (real-time versus historical datasets) – in most cases real-time data will be more valuable – especially when the location of the vehicle is important.
• Data variety – more variety of data can be a factor influencing the value, but more importantly is to have the core data (like location and lock state). Missing core data will reduce the value greatly.
• Legality and ethics – the data can only be made available with the owner consent. That’s why consent management systems like the ones required by EDA are important.

What is required

To monetize the data you need a platform, like Grape Up’s Databoostr. This platform should be integrated into various data sources in the company, making sure that data is streamed in a close to real-time way. This aspect is important, as quite a lot of modern use cases (like Fleet Management System) requires data to be fresh.

Next step is to create pricing strategy and identify customers, who are willing to pay for the data. It is a good start to ask the business development department if there are customers who already asked for data access, or even required to have this feature before they invest in bigger fleet.

The final step would be to identify the opportunities to further increase revenue, by adding additional data points for which customers are willing to pay extra.

Summary

Ultimately, data is no longer a byproduct of connected vehicles – it is a strategic asset. By adopting platforms like Grape Up’s Databoostr, OEMs can not only meet regulatory requirements but also position themselves to capitalize on the growing market for automotive data. With the right strategy, what begins as a compliance necessity can evolve into a long-term competitive advantage.

‍

The road to electrification isn’t straightforward, and concerns about battery sustainability, safety, and lifecycle management are growing. For years, battery manufacturers,  automotive OEMs , and other industries have faced a key challenge: tracking and verifying a battery’s entire lifecycle, from production to recycling.

Until now, important details about a battery's origin, carbon footprint, and material makeup have been hard to access. This has led to inconsistent sustainability claims, challenges in second-life applications, and regulatory confusion.

Now, consumers, industries, and regulators are  demanding more transparency . To meet this demand, the EU is introducing the Digital Battery Passport as part of the Eco-design for Sustainable Products Regulation (ESPR) and the EU Battery Regulation.

This new approach could bring benefits like increased recycling revenue, reduced carbon emissions, and lower recycling costs. It will also give consumers the information they need to make more sustainable choices.

But what does the Digital Battery Passport actually entail, and how will it impact the entire battery value chain?

Understanding the Digital Battery Passport

The  Digital Battery Passport is an electronic record that stores critical information about a battery, providing transparency across its entire lifecycle.

It serves as a structured database that allows different stakeholders (including regulators, manufacturers, recyclers, and consumers) to retrieve relevant battery data.

This passport is part of the EU's broader effort to support a circular economy and making sure that batteries are sourced sustainably, used responsibly, and recycled properly.

The information stored in the Battery Passport falls into several key areas:

•     General battery and manufacturer details    such as model identification, production date, and location.

•     Carbon footprint data    , including emissions generated during production and expected lifetime energy efficiency.

•     Supply chain due diligence    , ensuring responsible sourcing of raw materials like lithium, cobalt, and nickel.

•     Battery performance and durability –    State of Health (SoH), charge cycles, and degradation tracking.

•     End-of-life management –    Guidance for battery recycling, second-life applications, and disposal.

The goal is to bring transparency and accountability to battery production, prevent greenwashing, and confirm that sustainability claims are backed by verifiable data.

How the Battery Passport’s implementation will affect OEMs

While the responsibility varies, OEMs must verify that all batteries in their vehicles meet EU regulations before being sold. This includes confirming supplier compliance, tracking battery data, and preparing for enforcement.

The responsibility for issuing the Battery Passport lies with the economic operator who places the battery on the market or puts it into service in the EU.

Meeting the Battery Passport requirements

OEMs must incorporate Battery Passport requirements into procurement strategies,  data infrastructure , and compliance processes to avoid supply chain disruptions and regulatory penalties.

Here’s what OEMs must do to comply:

FAQs about the Digital Battery Passport

Who needs to implement a Battery Passport, and by when?

Starting February 18, 2027, all EV batteries, industrial batteries over 2 kWh, and light means of transport (LMT) batteries (including those used in e-bikes, e-scooters, and other lightweight electric vehicles) sold in the EU must include a Digital Battery Passport.

OEMs, battery manufacturers, importers, and distributors will need to comply by this deadline.

However, some requirements take effect earlier:

•     February 18, 2025    – Companies must start reporting the carbon footprint of their batteries.

•     August 18, 2026    – The European Commission will finalize the implementation details and provide further technical clarifications.

What information must be included in the Battery Passport?

The Battery Passport stores comprehensive battery lifecycle data, structured into four access levels:

1)  Publicly available information (Accessible to everyone, including consumers and regulators)

This section contains general battery identification and sustainability data, which must be available via a QR code on the battery.

•  Battery model, manufacturer details, and plant location
•  Battery category, chemistry, and weight
•  Date of manufacture (month/year)
•  Carbon footprint declaration and sustainability data
•  Critical raw materials content (e.g., cobalt, lithium, nickel, lead)
•  Presence of hazardous substances

2)  Information available to authorities and market surveillance bodies

•  Safety and compliance test results
•  Detailed chemical composition (anode, cathode, electrolyte materials)
•  Instructions for battery dismantling, recycling, and repurposing
•  Risk and security assessments

3)  Private information (Available to battery owners & authorized third parties)

This section contains real-time performance and operational data and is accessible to the battery owner, fleet operators, and authorized maintenance providers.

•  State of Health (SoH) & expected lifetime
•  Charge/discharge cycles and total energy throughput
•  Thermal event history and operational temperature logs
•  Warranty details and remaining usable life in cycles
•  Original capacity vs. current degradation rate
•  Battery classification status: "original," "repurposed," "remanufactured," or "waste"

4)  Information available only to the European Commission, National Regulatory Bodies & market surveillance authorities

This is the most restricted category, which contains highly technical and competitive data that is only accessible to designated authorities for compliance verification and regulatory oversight.

•  Additional technical compliance reports and proprietary safety testing results
•  Performance benchmarking and lifecycle assessment reports
•  Detailed breakdown of emissions calculations and regulatory certifications

                   A note on secure access and retrieval                
   
    Each Battery Passport must be linked to a QR code with a unique identifier to allow standardized and secure data retrieval via a cloud-based system.    
   
    QR codes “shall be printed or engraved visibly, legibly and indelibly on the battery.” If the battery is too small to have a QR code engraved on it, or it is not possible to engrave it, the code should be included with the battery’s documentation and packaging.          

What happens if an OEM fails to comply?

Non-compliance with the Battery Passport requirements carries serious consequences for OEMs and battery manufacturers.

•  Batteries without a passport will be banned from sale in the EU starting in 2027.

•  Fines and penalties may be imposed for missing transparency and reporting obligations.

•  Legal and reputational risks will increase, particularly if battery safety, sustainability, or performance issues arise.

Given these risks, proactive compliance planning is essential. OEMs must act now to integrate Battery Passport requirements into their supply chains and product development strategies.

Will repaired or second-life batteries need a new passport?

Yes. Batteries that are repaired, repurposed, or remanufactured must receive a new Battery Passport linked to the original battery’s history. Recycled batteries entering the market after 2027 must also follow passport regulations, keeping second-life batteries traceable. This allows used batteries to be resold or repurposed in energy storage applications.

Will the Battery Passport apply to older batteries?

No. The regulation only applies to batteries placed on the market after February 18, 2027. However, OEMs that remanufacture or recycle batteries after this date must take care of compliance before reselling or repurposing them.

How to store EU Battery Passport data: Two approaches

Companies need to decide how to store and manage the large volumes of data required for compliance. There are two main options:

1.     Blockchain-based systems    – A decentralized ledger where data is permanently recorded and protected from tampering. This preserves long-term transparency and integrity.
2.     Cloud-based systems    – A centralized storage model that allows for real-time updates, scalability, and flexibility. This makes managing compliance data easier.

Each option has its benefits.

Blockchain offers security and traceability, which makes it ideal for regulatory audits and builds consumer trust. Cloud storage provides flexibility, which allows companies to manage and update battery lifecycle data efficiently.

Many companies may choose a hybrid solution, using blockchain for immutable regulatory data and cloud storage for real-time operational tracking.

Regulatory landscape: A complex web of compliance

The Digital Battery Passport is part of a broader effort to improve data transparency, sustainability, and resource management. However, it doesn’t exist in isolation. Companies working in global supply chains must navigate a growing web of regulations across various jurisdictions.

The EU Battery Regulation aligns with major policy initiatives like the  EU Data Act, which governs access to and sharing of industrial data, and the Ecodesign for Sustainable Products Regulation (ESPR), which broadens sustainability requirements beyond energy efficiency. These laws reflect the EU’s push for a circular economy, but they also present significant compliance challenges for OEMs, battery manufacturers, and recyclers.

Outside the EU, similar regulatory trends are emerging. Canada’s Consumer Privacy Protection Act (CPPA) expands on the country's existing privacy framework, while the California Consumer Privacy Act (CCPA) and China’s Personal Information Protection Law (PIPL) set strict rules for how businesses collect, store, and share data.

While these laws focus on privacy, they also signal a global move toward tighter control over digital information, which is closely tied to the requirements for battery passports.

How an IT partner can help OEMs prepare for the EU Battery Passport

Here’s where an IT enables can help.

•     Make Battery Passport data easy to access    – Set up systems that store and connect passport data with Battery Management Systems (BMS) and internal databases.

•     Make sure QR codes work properly    – Integrate tracking so every battery’s passport is linked and scannable when needed.

•     Simplify compliance reporting    – Automate data collection for regulators, recyclers, and customers to reduce manual work.

•     Manage second-life batteries    – Track when batteries are repurposed or remanufactured and update their passports without losing original data.

•     Choose the right storage    – Whether it’s cloud, blockchain, or a hybrid approach, IT support ensures that battery data stays secure and available.

With the 2027 deadline approaching, OEMs need systems that make compliance manageable.

Let’s talk about the best way to integrate the Battery Passport requirements.

‍

Right to Repair is becoming a key issue in the U.S., with the REPAIR Act (H.R. 906) at the center. This proposed federal law would require OEMs to give vehicle owners and independent repair shops access to vehicle-generated data and critical repair tools.

The goal? Protect consumer choice and promote fair competition in the automotive repair market, preventing manufacturers from monopolizing repairs.

For OEMs, it means growing pressure to open up data and tools that were once tightly controlled. The Act could fundamentally change how repairs are managed , forcing companies to rethink their business models to avoid risks and stay competitive.

We’ll walk you through the REPAIR Act’s key provisions and practical steps automotive OEMs can take to adapt early and avoid compliance risks.

What’s inside the REPAIR Act (H.R. 906)

The REPAIR Act (H.R. 906), also known as the Right to Equitable and Professional Auto Industry Repair Act, aims to give consumers and independent repair shops access to vehicle data, tools, and parts that are crucial for repairs and maintenance.

Its goal is to level the playing field between manufacturers and independent repairers while protecting consumer choice. This could mean significant changes in how OEMs manage vehicle data and repair services.

REPAIR Act timeline – where are we now

The REPAIR Act (H.R. 906) was introduced in February 2023 and forwarded to the full committee in November 2023.

As of January 3, 2025, the bill has not moved beyond the full committee stage and was marked "dead" because the 118th Congress ended before its passage. But the message remains clear - Right to Repair isn’t going away. The growing momentum behind repair access and data rights is reshaping the conversation.

REPAIR Act provisions

Which obligations for manufacturers are covered by the Repair Act?

1) Access to vehicle-generated data

• Direct data access: OEMs would be required to provide vehicle owners and their repairers with real-time, wireless access to vehicle-generated data. This includes diagnostics, service, and operational data.

• Standardized access platform: OEMs must develop a common platform for accessing telematics data to provide consistent and easy access across all vehicle models.

2) Standardized repair information and tools

• Fair access: Critical repair manuals, tools, software, and other resources must be made available to consumers and independent repair shops at fair and reasonable costs.

• No barriers: OEMs cannot restrict access to essential repair information. The aim is to prevent them from monopolizing repair services.

3) Ban on OEM part restrictions

• Aftermarket options: The Act prohibits manufacturers from requiring the use of OEM parts for non-warranty repairs. Consumers can choose aftermarket parts and independent service providers.

• Fair competition: This provision supports competition by allowing aftermarket parts manufacturers to offer compatible alternatives without interference.

4) Cybersecurity and data protection

• Security standards: The National Highway Traffic Safety Administration (NHTSA) will set standards to balance data access with cybersecurity.

• Safe access: OEMs can apply cryptographic protections for telematics systems and over-the-air (OTA) updates, provided they do not block legal access to data for independent repairers and vehicle owners.]

These provisions go beyond theory and will directly affect how OEMs handle repairs and manage data access. Even more challenging? The existing patchwork of state laws that already demand similar access makes compliance tricky.

Complex regulatory landscape: How Right to Repair influences automotive OEMs

The regulatory environment for the Right to Repair in the U.S. is becoming increasingly complex, with state-level laws already in effect and a potential nationwide federal law still pending. This evolving framework presents both immediate and long-term challenges for automotive OEMs, requiring them to navigate overlapping requirements and conflicting standards.

State-level laws: A growing patchwork

As of February 2025, several states have enacted comprehensive Right to Repair laws.

Massachusetts and Maine have laws explicitly targeting automotive manufacturers. (Automakers have sued to block the law’s implementation in Maine.)

These regulations require manufacturers to provide vehicle owners and independent repairers with access to diagnostic and repair information, as well as a standardized telematics platform.

Other states like California, Minnesota, New York, Colorado, and Oregon have focused on consumer electronics or agricultural equipment without directly impacting automotive OEMs.

However, the broader push for repair rights means automotive manufacturers cannot ignore the implications of this trend.

Additionally, as of early 2025, 20 states had active Right to Repair legislation, reflecting the momentum behind this movement. While most of these bills remain under consideration, they highlight the growing pressure for more open access to repair information and vehicle data.

Federal vs. state regulations: Compliance challenges

The pending federal REPAIR Act (H.R. 906) aims to create a unified national framework for the Right to Repair, focusing on vehicle-generated data and repair tools. However, until it becomes law, OEMs must comply with varying state laws that could contradict or go beyond future federal requirements.

Key scenarios:

• If the REPAIR Act includes a preemption clause , federal law will override conflicting state laws, providing a single set of rules for OEMs.

• If preemption is not included , OEMs will face a dual compliance burden, adhering to both federal and state-specific requirements.

This uncertainty complicates planning and increases the risk of non-compliance, making it essential for OEMs to prepare now.

Global pressures: The EU's Right to Repair mandates

The U.S. isn’t the only region focusing on the Right to Repair. European Union regulations are setting global standards for OEMs selling internationally.

• European Court of Justice Ruling (October 2023): Automotive manufacturers cannot limit repair data access under cybersecurity claims, expanding rights for independent repairers.

• EU Data Act (September 12, 2025): Requires OEMs to provide third-party access to vehicle-generated data, making open data compliance mandatory for the EU market.

For OEMs operating internationally, aligning early with these standards is a smart move. While the 2024 Right to Repair Directive doesn’t directly target vehicles, it reflects the broader trend toward increased data access and repairability.

How automotive OEMs should prepare for the Right to Repair (Even without a federal law)

Waiting is risky. Regardless of whether the REPAIR Act becomes law, preparation is key. Waiting for final outcomes could lead to costly adjustments and missed opportunities. Here’s where to start:

1. Develop a standardized vehicle data access platform

Why: Regulations require open and transparent data-sharing for diagnostics and updates. Without a standardized platform, compliance becomes difficult.

How: Focus on building a secure platform that gives vehicle owners and independent repair shops transparent access to the necessary data.

2. Provide open access to repair information and tools

Why: Some states already require OEMs to provide critical repair information and tools at fair prices. This trend is likely to expand.

How: Start creating a centralized repository for repair manuals, diagnostic tools, and other key resources.

3. Strengthen cybersecurity without restricting repair access

Why: Protecting data is critical, but legitimate repairers need safe entry points for service.

How: Develop security protocols that protect key vehicle functions without blocking legitimate access. This means securing software updates and repair-related data while allowing repairers safe entry points for diagnostics and service.

4. Improve OTA software update capabilities

Why: Having strong OTA capabilities helps comply with future regulations requiring real-time access and updates.

How: Upgrade your current OTA systems to allow secure updates and diagnostics. Include tools authorized third parties can use for updates and software repairs.

5. Transition to modular and repairable product design

Why: Designing products for easier repair reduces costs and improves compliance.

How: Shift toward using modular components that can be replaced individually. Avoid locking parts to specific manufacturers, as some states have banned this practice. Modular designs also support longer spare part availability, which many laws will require.

6. Align supply chain and warranty systems with Right-to-Repair laws

Why: Warranty terms and parts availability are common regulatory targets.

How: Make spare parts available for several years after the sale of a vehicle. Update warranty policies to allow third-party repairs and non-OEM parts without penalty.

7. Monitor regulations and adapt quickly

Why: The regulatory landscape is evolving rapidly. Staying informed about new laws and adjusting plans early will help avoid costly last-minute changes.

How: Track new laws and build flexible systems that can easily adjust as regulations change.

How an IT enabler helps OEMs prepare for Right to Repair

Managing compliance can feel overwhelming, but it doesn’t have to disrupt operations. An IT enabler helps manufacturers build systems and processes that meet regulatory demands without adding unnecessary complexity.

Here’s how:

Turning regulations into practical solutions

Right to Repair regulations vary across states and countries. An IT enabler translates these requirements into practical tools - systems for managing access to repair data, diagnostics, and tools – to make compliance more manageable.

Building the right technology

OEMs need reliable platforms that allow repairers to access diagnostic data and tools while keeping vehicle systems secure. IT experts develop scalable solutions that work across different models and markets without compromising safety.

Balancing security and access

Access to repair data must be balanced with strong security. IT solutions help protect sensitive vehicle functions while providing authorized repairers with the necessary information.

Keeping operations simple

Compliance shouldn’t add complexity. Automating key processes and streamlining workflows lets internal teams focus on core operations rather than administrative tasks.

Long-term support

Laws and standards evolve. IT partners provide continuous updates and maintenance to keep systems aligned with the latest regulations, reducing the risk of falling behind.

Delivering custom solutions

Every manufacturer has unique needs. Whether it’s updating your warranty system for third-party repairs, improving OTA update capabilities, or adapting your supply chain for spare part availability, custom solutions help you stay compliant and competitive.

At Grape Up , we help OEMs adapt to Right to Repair regulations with practical solutions and long-term support.

We have experience working with automotive, insurance, and financial enterprises, building systems that account for differences in regulations across various states.

Preparing for changes? Contact us today.

From secure diagnostics to repair information management, we provide the expertise and tools to help you stay compliant and ready for what’s next.