Navigating The Data Highway

From Crash Records to Predictive Safety

20th April 2026 - Authors: Dr Stephane Dreher, Head of CCAM at ERTICO; Maria Alonso-Raposo, Senior Manager, CCAM at ERTICO; and John Paddington, PMO at ERTICO

An editorial version of this paper is included in ITS Edge Magazine, No.6 - Spring 2026

Challenges pertaining to remote driver derived data collection for autonomous vehicles

Connected and automated vehicles (CAVs) rely on large volumes of mobility data from vehicles, infrastructure, and users. Remote driver-derived or so-called vehicle probe data, collected continuously from CAVs, creates significant technical, legal, social and economic challenges such as concerns of data privacy, security, and ownership, but also presents opportunities for safety and efficiency. EU initiatives such as the Data Act (2023) and Cyber Resilience Act (2024) introduce harmonised rules and cybersecurity baselines to mitigate these risks.

The most significant economic issue centres on the monopolistic control of data by Original Equipment Manufacturers (OEMs). OEMs often route all in-vehicle data to a proprietary server using the extended vehicle concept [JRC, 2019; Kerber & Gill, 2019]. This exclusive control prevents real-time, direct access to data by third parties. This approach is seen by some stakeholders as a way to impede competition on aftermarket services, such as remote diagnostics, maintenance, and repair. Independent service providers cannot compete effectively without a level playing field regarding access to in-vehicle data and resources [Kerber & Gill, 2019]. The European Commission's GEAR 2030 group specifically highlighted this problem, calling for the development of rules on data recording and associated data access to ensure a shared EU strategy on connected vehicles [European Commission, 2017].

The EU Data Act (2023) can be seen as a legislative response to such concerns, and to the Commission’s call for clear rules on data recording and associated. By establishing user rights to access and share data generated by connected products, including vehicles, and by imposing obligations on manufacturers to ensure fairness, transparency, and interoperability, the Data Act directly addresses the imbalance between data-holding manufacturers and downstream service providers. However, while the Act creates a broad horizontal framework for fair data access across sectors, it does not fully cover the specific issues of safety-critical event data recording (black box systems) or all the technical and sector-specific aspects that GEAR 2030 highlighted. These remain partly governed by separate vehicle safety regulations and may require further targeted legislation.

China's Business to Government (B2G) Mandate for New Energy Vehicle (NEV) data policy requires car manufacturers to share electro-mechanical performance and real-time navigation data from their fleet of NEVs with government authorities to assess performance, prevent subsidy fraud, and strengthen domestic manufacturers [Martens & Zhao, 2020]. This policy demonstrates a political decision to treat vehicle data as a strategic national resource.

While data collection enhances safety, it also introduces risks and complexities in assigning responsibility. Connected vehicles inherently increase the attack surface for potential cyber threats, necessitating mandatory, end-to-end security requirements enforced by regulations like the Cyber Resilience Act (CRA). The data collected is crucial for determining liability in an accident.

As automation levels increase (moving from SAE Level 3 upwards), liability will shift incrementally from the driver to the manufacturer/AI system, requiring legal frameworks like the AI Liability Directive to clarify definitions of autonomous driving. While data can lead to an altogether more intelligent understanding of dynamic safety at every point on a road network (e.g., eliminating blanket speed limits), the privacy intrusion raises concerns over whether consumers will accept it.

Social, technical and political challenges in the next years to come

Social: Privacy, security, digital divide, equity, user acceptance.

Automation could improve mobility for older or disabled groups, but may exclude those lacking digital skills (JRC, 2019), but the potential benefits and risks will be dependent on the use cases that will be deployed. The primary conflict is whether consumers will accept the constant monitoring and data harvesting as the price of convenience (e.g., better safety, personalized services) or whether they will insist on control over their private driving data.

Within the EU-funded SINFONICA project (that finished in August 2025), ERTICO – ITS Europe, together with the project consortium members surveyed over 5,000+ people across Europe and invited prospective users from different groups. Generally, there was strong interest in using automated public transport services, but there were variations amongst different groups. The elderly and those with lower digital literacy were less inclined for instance. All groups wanted to see measures put in place to ensure safety, anti-social behaviour, etc. The project also identified that a lot of research projects have not yet explored how automated services will function (especially without a safety driver) and created recommendations for future demonstrators (https://www.sinfonica-kme.eu/guidelines-recommendations/) both for policy makers and operations to help determine these solutions.

Technical: Cybersecurity, interoperability and standards

These elements play a key role in ensuring that Artificial Intelligent (AI) and its decision-making is safe and explainable. Technical issues relate to the physical and digital mechanisms of data flow and protection, such as the use of a proprietary data architecture (monopoly), the increased cybersecurity threats that necessitate mandatory technical security requirements to maintain vehicle integrity.

Standardised communication protocols play a foundational role in enabling the widespread deployment and interoperability of CAVs. These protocols govern how Automated Vehicles (AVs) exchange data with infrastructure, other vehicles, road users, and backend systems, ensuring consistent, secure, and interpretable communication across different manufacturers, platforms, jurisdictions. Without standardised protocols, AVs risk becoming siloed systems, unable to fully participate in cooperative driving, traffic management, or multi-modal integration scenarios. ERTICO supports standards developments, testbeds for standards, dissemination of standardization results and linking R&I project with Standardisation initiative

Environmental: Energy Concerns

There is an increased concerns by society about the energy consumption of on-board computing systems and data servers. Data centres alone are responsible for 2.7% of EU electricity demand. By 2030, consumption expected to rise by 28%. This demands transparency from manufacturers and challenges the positive impacts of these systems.

Political: Competitiveness and Data Governance

Competitiveness risks include data governance and the privatisation of learning by a few private actors, undermining public benefit (JRC, 2019). It requires a regulatory response to ensure a level playing field for independent service providers. Besides, policies have to address the liability shift from the driver to the manufacturer/AI system as automation increases, requiring new legal frameworks like the AI Liability Directive to assign accountability.

Safety benefits of smoother traffic flow and persistent challenges

CAVs promise significant safety benefits by reducing human error and enabling smoother traffic flow. Simulations indicate that at 100% CAV penetration with connectivity, road capacity could increase by ~20% (JRC, 2019). However, at medium penetration levels without connectivity, congestion could worsen.

A recent study evaluates the energy implications of Connected, Cooperative, and Automated Mobility (CCAM) services in urban and highway contexts, considering propulsion energy and system-level demands like sensing, computation, and communication (Garus et al., 2025). This study has found that technological advancements and optimisation could reduce the additional energy consumption of CCAM systems by over 80% compared to today’s prototypes, emphasizing the importance of energy-efficient automation.

Connectivity and particularly Cooperative Intelligent Transport Systems (C-ITS) are essential to enhance cooperation between infrastructure and vehicle, V2X has value for both conventional and automated cars, enabling use cases such as collision avoidance, priority for emergency vehicles or Vulnerable Road User (VRU) protection. Hidden downsides include ethical dilemmas in crash situations, over-trust in automation etc.

Privacy and other challenges

In today's interconnected world, the vast amounts of data generated by daily movements of people/goods hold a high potential.

Mobility data is a powerful driver for enhanced innovation/efficiency, reduced environmental impact & improved quality of life. Leveraging this data can lead to smarter, more resilient, planning of transport infrastructure and services, more fluid traffic, easier cross-border trips, more competitive logistics chains. Beyond collecting data, a challenge is to make it easier to share, in safe & controlled manner, and transform data into actionable intelligence. Exploiting untapped potential of transport data is crucial to support the development of AI and other technologies.

Balancing efficiency with privacy requires embedding privacy-by-design principles. Living labs to test new mobility solutions with citizen involvement. Besides, legal frameworks like GDPR, the Data Act, and the AI Act provide a baseline, but governance should also include co-creation with citizens to make trade-offs acceptable and transparent.

Within the EU-funded CulturalRoad project, coordinated by ERTICO, is one of our five research pillars is network optimisation and we’re looking at KPIs and tools to measure how to balance inclusive automated public transport services with network efficiency.

Addressind data collection and security concerns

EU has put in place the EU Data Strategy, Data Act and AI Acts to address the societal issues related to data collection and sharing.

Data Act adopted 2023 (2025) harmonised rules fair access to and use of data (who can create value from data & under what conditions), EU-wide common, interoperable DS including MDS, also calls for the federation of NAPs.
AI Act (2023), main purpose is to foster responsible AI development and deployment in EU while ensuring the protection of citizens' health, safety, and fundamental rights.
Cyber Resilience Act (2024), established horizontal cybersecurity requirements for products with digital elements to enhance cybersecurity resilience in EU.

Privacy concerns can be mitigated through:

Federated and anonymised data-sharing frameworks (e.g., European Data Spaces).
Stronger algorithmic accountability and explainability requirements in AI systems.
Ethical frameworks, such as the German Ethics Commission on CAVs, which proposed binding rules on safety, dignity, and data autonomy (JRC, 2019).
The Cyber Resilience Act (2024) strengthens cybersecurity baselines across all digital products.

How do we make technical progress palatable in the face of public and government squeamishness?

Public acceptance needs to be addressed, for example, the 2019 Eurobarometer survey showed more than half of Europeans remain uncomfortable with driverless cars. Accidents tend to receive disproportionate media coverage, reinforcing fear (Marques do Santos et al., 2022). Research from 2022 analysed data from media articles, a Eurobarometer survey, and policy documents, to understand the perspectives of different stakeholders when it comes to autonomous cars. It found a predominance of negative sentiments in news articles and majority of citizens being wary of autonomous cars, while the political narrative mostly carries a positive tone. The findings highlight a dichotomous perspective about this potentially disruptive technology and the idea that the benefits of adopting autonomous cars will only come to surface if all actors are engaged and see the advantages they can bring to people’s daily lives. It encourages policymakers to promote initiatives to engage citizens in the transformation of road transport and other stakeholders to be advertised the positive implications of autonomous vehicles.

To build trust, governance should include participatory approaches, early user engagement, and transparent communication about risks and safeguards (JRC, 2019). One way to make technical progress more palatable in the face of public and government hesitation is to ensure that people are actively involved in shaping the direction of innovation from the start. By adopting co-creation approaches, such as Living Labs, pilot demonstrations, and participatory deployment, we can move beyond presenting solutions as finished products and instead invite communities, stakeholders, and policymakers to be part of the early definition process. This not only helps to build trust and transparency but also ensures that solutions are better aligned with real societal needs and values. When people can see, experience, and contribute to how new technologies are developed and tested, they are more likely to accept and support them, reducing resistance and fostering a sense of shared ownership over progress. An example of this is the EU-funded MetaCCAZE project, coordinated by ERTICO, which is creating low-emission transport service demonstrators (including automated vehicle services), where we are using participatory co-creation to develop the business, governance and innovation models for service, using a what, why, how framework. These use cases are then revised and updated during public pilots to incorporate public and stakeholder feedback on topics such as affordability, trust and acceptance.

Safeguard the issues unfolding: what might they consist?

Safeguards will still be needed and may increase as adoption scales up. These should include:

Stronger data governance (clearer rules on access, ownership, and sharing).
Robust cybersecurity and AI safety standards.
Equity protections to prevent exclusion of vulnerable groups (JRC, 2019).
Safeguards should evolve dynamically, adapting to new risks and technological progress.