An Analysis of European Data and AI Regulations for Automotive Organizations

This report summarizes the European Union's series of data and AI regulations and analyzes them for managers in automotive vehicle manufacturing organizations. In particular, we highlight the relevant ideas of the regulations, including how they find their roots in earlier legislation, how they contradict and complement each other, as well as the business opportunities that these regulations offer. The structure of the report is as follows. First, we address the GDPR as the cornerstone against which the requirements of other regulations are weighed and legislated. Second, we explain the EU Data Act since it directly addresses Internet of Things (IoT) for businesses in the private sector and imposes strict requirements on large data generators such as vehicle manufacturers. For manufacturers, compliance with the EU Data Act is a prerequisite for the subsequent legislation, in particular the EU AI Act. Third, we explain the Data Governance Act, Digital Services Act, Digital Markets Act, and EU AI Act in chronological order. Overall, we characterize European Union data regulations as a wave set, rooted in historical precedent, with important implications for the automotive industry.