Partner London
"From an era where data generated by an aircraft was controlled by a handful of market players, the EU Data Act aspires to give open access to such data to aircraft operators and MROs."
In addition to the operational and technical restrictions, the absence of any existing legal framework relating to ownership or use of aircraft data has led to situations where market participants would be “locked in” with a particular service provider.
Against that background, the EU Data Act (as defined below) sets out the regulatory framework aimed at facilitating the sharing of data¹ by establishing rules for its access and use within the EU. Whilst the EU Data Act is a horizontal legislation and therefore sector agnostic, connected products found in aircraft are expressly targeted by the EU Data Act.
In this article, we explore what the EU Data Act is and how it might affect manufacturers, airlines and Maintenance, Repair and Operations organisations (“MROs”).
The EU Data Act: Unlocking ‘Big Data’ in the aviation industry
The EU Data Act was adopted on 13 December 2023 by the European Parliament and the Council of the European Union (Regulation 2023/2854 on harmonised rules on fair access to and use of data) (the “EU Data Act”).
The EU Data Act will become applicable on 12 September 2025 with certain obligations (as noted below) coming into effect at later dates. This gives the aviation industry approximately 18 months to adapt and implement solutions in full compliance with the new EU data regulatory ecosystem. This follows a similar approach to when the EU introduced the EU General Data Protection Regulation (“GDPR”) in 2016.
The EU Data Act applies primarily to three key aviation players:
- the manufacturer of connected products² placed on the market in the EU and providers of related services, irrespective of the place of establishment of the manufacturer and provider – this would include airframe and engine manufacturers as well as supply chain OEMs generally³;
- the user⁴ in the EU of connected products or related services – an obvious example would be airlines and aircraft operators; and
- the data holder⁵, irrespective of its place of establishment, that makes data available to data recipients⁶ in the EU – this category would typically include airframe and engine manufacturers and MROs.
Sharing of aircraft data with aircraft operators
In recognition of the central role played by manufacturers, the EU Data Act now requires them to design and manufacture connected products (i.e. products that are able to generate and communicate data during their operation) in such a manner that product data⁷ (and metadata necessary to interpret and use that data) are “[…] by default, easily, securely, free of charge, in a comprehensive, structured, commonly used and machine-readable format, and, where relevant and technically feasible, directly accessible to the user”.⁸ From an era where data generated by an aircraft was controlled by a handful of market players, the EU Data Act aspires to give open access to such data to aircraft operators and MROs with a view to enhance operational efficiency and promote fair competition.
"Disclosure of aircraft data to a third party may be made by a manufacturer or a data holder upon terms and conditions to be agreed with such third party provided the arrangement is fair."
Where it is not technically feasible for a user to have direct access to product data by default, the EU Data Act instead requires data holders to make that data readily available to the user without undue delay, of the same quality as is available to the data holder, easily, securely, free of charge, in a comprehensive, structured, commonly-used and machine-readable format and, where technically feasible, continuously and in real-time.
This shift in paradigm will no doubt result in significant technical and commercial challenges for manufacturers and for those players offering operational services based on aircraft data analytics (such as predictive maintenance services) to aircraft operators. Manufacturers of connected products and providers of related services will be reassured to know that this obligation will apply to connected products placed on the market after 12 September 2026. Regardless, this is still a tight window to assess the technical feasibility and practicality of making this data available, or otherwise an appropriate method for providing this data to users.
Sharing of aircraft data with third parties
The obligation on a data holder to make aircraft data available also extends to any third party nominated by a user (or by a party acting on its behalf). Contrary to a user (which the EU Commission may assume is already being charged under its sale or lease arrangement), the data holder has the right to agree with a third party the terms and conditions (including financial compensation as described below) for making data available to that third party, provided such terms and conditions comply with the principles laid down in the EU Data Act.
Limitations of the EU Data Act
The EU Data Act attempts to strike a balance between the overarching objective of promoting the fair distribution of value of aircraft data to users and third parties, and the protection of manufacturers’ and data holders’ legitimate interests by introducing a number of safeguards, including in the following areas:
- trade secrets⁹: a data holder who is a trade secret holder may refuse, on a case-by-case basis, a request for access to specific data. In order to do so, the data holder will need to be able to demonstrate that it is highly likely to suffer serious economic damage from the disclosure of trade secrets (such demonstration to be duly substantiated on the basis of objective elements such as the enforceability of trade secrets protections in third countries, the nature and level of confidentiality of the data requested, and the uniqueness and novelty of the connected products)¹⁰; and
- non-compete: a user or third party to whom aircraft data is made available cannot use the data obtained from a manufacturer or a data holder to develop a connected product that competes with the connected product from which the data originate, nor share the data with a third party with that intent. Additionally, it cannot use data to derive insights about the economic situation, assets and production methods of the manufacturer or the data holder¹¹.
Enforcement of the EU Data Act
This will be led by the EU Member States, who will lay down their rules on penalties by 12 September 2025 and will be able to establish a certified dispute settlement body (with some level of coordination with the EU Commission) to be used by users, data holders and data recipients. This will be without prejudice to the right of a user to seek redress at any time before a court or tribunal of a Member State.
Specific regime applicable to B2B relationships
Disclosure of aircraft data to a third party may be made by a manufacturer or a data holder upon terms and conditions to be agreed with such third party provided the arrangement is fair, reasonable, non-discriminatory and transparent¹². The EU Data Act goes a step further by attempting to define what unfair contractual terms are¹³ and by drawing up a list of presumed unfair contractual terms¹⁴. This will likely give rise to a number of legal challenges unless the parties follow the standard contractual clauses to be developed by the Expert Group on B2B data sharing established by the EU Commission and the best practices provided by the European Data Innovation Board (“EDIB”).
It is worth noting that these regulatory restrictions will apply to contracts concluded after 12 September 2025. For contracts concluded on or before 12 September 2025, these restrictions will apply from 12 September 2027 provided that such contracts are of indefinite duration or due to expire at least 10 years from 11 January 2024.
"Market participants are encouraged to start assessing the technical, commercial and, more generally, resourcing implications."
In addition to being able to agree specific terms and conditions, a data holder and a data recipient (such as MROs but excluding users) may agree financial compensation for making aircraft data available¹⁵. Such compensation has to be non-discriminatory and reasonable and can include a margin. The EU Data Act provides guidance as to the parameters to consider when determining the compensation:
- costs incurred in making aircraft data available, including costs necessary for the formatting of such data, dissemination via electronic means and storage (this may also depend on the volume, format and nature of the aircraft data); and
- investments in the collection and production of aircraft data, considering whether other parties contributed to obtaining, generating or collecting that data in question.
The data holder is expected to provide the data recipient with information setting out the basis for calculation of the compensation in sufficient detail so that the data recipient can assess whether the requirements of the EU Data Act are being complied with. Data holders will therefore have to consider the level of commercial information to be disclosed to data recipients and to this end, the guidelines on the calculation of reasonable compensation that will be adopted by the EU Commission at a later stage will be a useful steer.
Aircraft trading
The EU Data Act does not deal with specific situations where an aircraft is disposed of or leased during its operating life which is prevalent in the aviation industry. While this is not surprising, the EU Data Act does contemplate the case where a seller (which may be the manufacturer or any other owner) or a lessor enters into a contract for the purchase or lease of a connected product (including an aircraft). In such situation, the EU Data Act requires a seller or a lessor to provide the following information to the user¹⁶:
- the type, format and estimated volume of product data which the connected product is capable of generating;
- whether the connected product is capable of generating data continuously and in real-time;
- whether the connected product is capable of storing data on-device or on a remote server, including (where applicable), the intended duration of retention; and
- how the user may access, retrieve or erase the data, including the technical means to do so, as well as the seller or lessor’s terms of use and quality of service.
Considering the nature of the above information, one would expect manufacturers to provide this initially in their supply agreements with each subsequent seller and lessor following the manufacturers’ lead.
Conclusion
Whilst aircraft operators have been lobbying for full ownership of data and control of use, the EU Data Act takes a more balanced approach by granting users and third parties a right of access while the question of ownership of aircraft data remain somehow unclear. Considering the relatively short timeframe for complying with the EU Data Act, market participants are encouraged to start assessing the technical, commercial and, more generally, resourcing implications and to review their template contracts in order to bring them in line with the new regulatory environment.
Footnotes
[1] “data” means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording.
[2] “connected product” means an item that obtains, generates or collects data concerning its use or environment and that is able to communicate product data via an electronic communications service, physical connection or on-device access, and whose primary function is not the storing, processing or transmission of data on behalf of any party other than the user.[3] “related service” means a digital service, other than an electronic communications service, including software, which is connected with the product at the time of the purchase, rent or lease in such a way that its absence would prevent the connected product from performing one or more of its functions, or which is subsequently connected to the product by the manufacturer or a third party to add to, update or adapt the functions of the connected product.
[4] “user” means a natural or legal person that owns a connected product or to whom temporary rights to use that connected product have been contractually transferred, or that receives related services.
[5] “data holder” means a natural or legal person that has the right or obligation, in accordance with this Regulation, applicable EU law or national legislation adopted in accordance with EU law, to use and make available data, including, where contractually agreed, product data or related service data which it has retrieved or generated during the provision of a related service. [Note to Comms: please could you adjust the footnote numbering from this point; it should go up by one (i.e. data holder should be “v”).]
[6] “data recipient” means a natural or legal person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a connected product or related service, to whom the data holder makes data available, including a third party following a request by the user to the data holder or in accordance with a legal obligation under EU law or national legislation adopted in accordance with EU law.
[7] “product data” means data generated by the use of a connected product that the manufacturer designed to be retrievable, via an electronic communications service, physical connection or on-device access, by a user, data holder or a third party, including, where relevant, the manufacturer.
[8] Article 3(1) of the EU Data Act.
[9] “trade secret” is defined by reference to Article 2, point (2) of Directive (EU) 2016/943 and means information which meets all of the following requirements: (a) it is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question; (b) it has commercial value because it is secret; (c) it has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret.
[10] Article 4(8) of the EU Data Act.
[11] Articles 4(10) and 6(2)(e) of the EU Data Act.
[12] Article 8(1) of the EU Data Act.
[13] Article 13 of the EU Data Act.
[14] Article 13(5) of the EU Data Act.
[15] Article 9 of the EU Data Act.
[16] Article 3(2) of the EU Data Act.
Key contacts
Partner London
Senior Associate London