Rocuments
← Back to news

February 15, 2026

ECJ rulings on access to vehicle data

Recent rulings by the European Court of Justice have strengthened the rights of independent operators to access vehicle data and repair information under Regulation (EU) 2018/858.

Recent rulings by the European Court of Justice have strengthened the rights of independent operators to access vehicle data and repair information under Regulation (EU) 2018/858. The decisions clarify that vehicle manufacturers must provide independent repairers with standardised, unrestricted and non-discriminatory access to Repair and Maintenance Information (RMI), supporting fair competition within the aftermarket sector.

Access to on-board diagnostic data

In the case of ATU Auto Teile Unger and Carglass v. FCA Italy, the ECJ confirmed that independent repairers must be able to access vehicle data via on-board diagnostic (OBD) ports using universal diagnostic tools. Manufacturers may not impose additional requirements – such as mandatory registration with proprietary servers or subscription systems – if these go beyond the conditions set out in Regulation (EU) 2018/858.

While manufacturers remain responsible for maintaining vehicle cybersecurity under UN Regulation No. 155, the ECJ made clear that security measures must not undermine the legal obligation to provide access to diagnostic and repair information.

VIN data and GDPR

In a second ruling, Gesamtverband Autoteile Handel e.V. v. Scania CV AB, the ECJ addressed whether the Vehicle Identification Number (VIN) constitutes personal data under the General Data Protection Regulation.

The court concluded that the VIN itself is not personal data, as it is simply an alphanumeric identifier. However, it may become personal data if it can reasonably be linked to an identifiable individual through additional information. Importantly, the court confirmed that manufacturers' obligation to share repair and maintenance information under Regulation (EU) 2018/858 provides a legal basis for data sharing under GDPR.

Implications for vehicle manufacturers

Together, these rulings reinforce the requirement for manufacturers to design systems that enable secure but open access to vehicle repair and maintenance data. Organisations must balance regulatory obligations relating to RMI access, cybersecurity and data protection when designing vehicle architectures and digital service platforms.