Whether data can flow in compliance is merely the visible issue; the real game lies beneath the surface—computing power, supply chains, and rule-setting authority. The value of automotive data is being redefined—but the question is, who gets to define it?

Is vehicle data primarily an asset or privacy?

Let’s not rush to judgment. After all, this 'to be or not to be' dilemma is becoming the most expensive choice for the global automotive industry.

Take a street scene captured by an in-vehicle camera as an example: Under China’s regulatory framework, such imagery—which may contain human faces or sensitive geographic information—is often classified as 'important data' and must be stored domestically, requiring a security assessment for cross-border transfer. In contrast, under the EU’s General Data Protection Regulation (GDPR), it is first and foremost considered 'personal data,' subject to strict constraints on collection, processing, and cross-border transmission under the principles of data minimization and explicit user consent.

These differing classifications lead to vastly divergent development paths. When a vehicle equipped with L3-level or higher driving assistance generates terabytes of data daily, when multinational automakers face algorithm iteration delays due to inability to legally access global road test data, and when Chinese brands expanding into Europe see profits squeezed by soaring data compliance costs... the 'identity' of data has shifted from a legal debate to a tangible industrial barrier.

In March 2026, two developments emerged: First, the World Data Organization—the first global international body for data governance—was officially established on March 31. Second, at the 2026 Zhongguancun Forum Annual Conference held earlier, a smart driving insurance service based on the 'trusted data space for the automotive industry' was announced for pilot testing in Beijing. The former marks the formal entry of data rules into a globally organized competitive phase, while the latter provides a pragmatic example of China balancing security and efficiency.

Both point to a core proposition: In the realm of automotive data, the focus of development and competition is increasingly converging on the evolution of data rules.

Why has the automotive sector become the epicenter of the data storm?

Among all industries facing data governance challenges, the automotive industry—now entering the second half of its intelligentization (intelligentization) transformation—is perhaps at the center of change. The reasons are clear: it generates the largest data volumes, has the most rigid cross-border needs, and handles the most sensitive data types.

According to 2025 industry reports, an L2-level connected vehicle generates approximately 10 GB of data daily, while L3-level and above vehicles can reach 30 GB. Vehicles used for Robotaxi services may exceed 100 GB per day.

This scale continues to grow. With the widespread adoption of multi-sensor fusion, the density of perception components like LiDAR, millimeter-wave radar, and high-resolution cameras increases. Vehicles must not only process perception and interaction data in real time but also support self-learning and model iteration in certain scenarios. Within a foreseeable timeframe, daily data volumes per vehicle will continue to rise, encompassing thousands of data fields related to vehicle status, driving behavior, and environmental perception.

More challenging is the composite sensitivity of data types. External environment data includes human faces, license plates, and geographic information, straddling national security and personal privacy. Internal cabin data—voice, gaze, and even vital signs—represents the last bastion of deep personal privacy. Vehicle operation data—related to batteries, electronic control, and driving trajectories—is both a commercial secret and potentially tied to critical infrastructure security. A single smart vehicle simultaneously carries attributes of personal information, important data, and commercial secrets, yet these classifications and protection levels vary sharply across jurisdictions.

The contradiction is stark: The research, development, and operation of smart vehicles are nearly impossible without globalization. Multinational automakers need 'Chinese data to serve global algorithms,' while Chinese brands require road test data from European and other destination markets to feed domestic R&D. Data inherently demands flow, yet laws demand localization. According to the United Nations Conference on Trade and Development (UNCTAD), over 150 of the world’s 190+ countries have enacted data privacy protection laws. Multinational automakers now face a 'multi-track' dilemma involving China’s security assessments, the EU’s GDPR, and U.S. state-level legislation. Market research firm Stratistics MRC predicts that the global cybersecurity and data privacy technology market, valued at approximately $279.7 billion in 2025, will surge to $695.7 billion by 2032, highlighting sustained global investment in data compliance and privacy protection.

This tension is particularly acute in cross-border R&D data scenarios: Can data collected by a vehicle tested in Europe, containing pedestrian imagery, be transferred to a domestic R&D center? Under GDPR, this likely constitutes cross-border transfer of personal data. Engineers address this by 'processing before transfer'—strictly anonymizing data within the EU to ensure it no longer falls under 'personal data.' However, GDPR’s technical requirements for anonymization are extremely high; simple de-identification is insufficient, necessitating methods like differential privacy and aggregated statistics. Technically feasible, but costs skyrocket.

Facing such intense data volumes and compliance tensions, China and Europe—the two largest automotive markets—have not waited idly. Instead, they are pioneering 'rule alignment' through interconnected data spaces, pushing cross-border data governance from fragmentation toward standard mutual recognition.

A clear timeline outlines the escalating cooperation: In April 2025, during the Shanghai Auto Show, the China Association of Automobile Manufacturers (CAAM) and the German Association of the Automotive Industry (VDA) signed a tripartite strategic cooperation agreement with Catena-X, focusing on standard-setting and data space interoperability. In July 2025, the Suzhou International Data Port hosted a Sino-German Automotive Data Space Cooperation Salon, where Xinyuan Digital Science, Catena-X, and the China Academy of Information and Communications Technology’s Industrial Internet and IoT Institute signed a letter of intent, launching cooperation with Catena-X’s international data space. This tripartite framework attracted nearly 100 enterprises, with 25 Chinese companies initially participating in joint data space construction and scenario exploration. In March 2026, during the Zhongguancun Forum, CAAM and the European Automobile Manufacturers Association (ACEA) signed a memorandum of understanding to further advance cross-border data policy exchanges and standard mutual recognition.

The essence of this cooperation is to 'reduce mutual trust costs.' Both sides aim to comb, sort out, organize, arrange, streamline (sort out) policy lists, explore 'data exit whitelists,' promote mutual recognition of anonymization standards, and, critically, interconnect China’s 'trusted data space' with Europe’s Catena-X data ecosystem.

Catena-X merits closer inspection. Launched in 2021 by Volkswagen, BMW, SAP, Bosch, and others, this open data ecosystem now unites over 200 international leading and large-to-medium enterprises. Its core logic: enable full-value-chain collaboration while safeguarding data sovereignty. Practical validations exist: Catena-X reports that Ford, Flex, and Micron are using its Product Carbon Footprint (PCF) data exchange framework to standardize cross-tier carbon emissions data sharing among OEMs, Tier 1, and Tier 2 suppliers. Compared to traditional methods relying on industry averages, carbon footprint values calculated from measured data dropped by 46%. Meanwhile, BMW and CATL are piloting cross-border 'battery passport' data via Catena-X, deepening collaboration on battery carbon footprint methodologies and carbon accounting tools to establish unified standards for power battery carbon footprints ahead of the EU’s 2026 New Battery Law implementation.

From this progress, it is clear that China and Europe are exploring mutually recognizable data circulation paths from their respective standards. While significant resistance remains in intermediate steps—GDPR and China’s data exit security assessments diverge sharply in institutional logic—the direction is unambiguous: Without rule mutual recognition, true industrial globalization is impossible.

How to 'balance the books' on data compliance and computing power constraints?

Rule-based competition ultimately manifests in corporate actions.

For multinational automakers, 'In China, For China' has shifted from a choice to a survival imperative. Tesla established a data center in Shanghai as early as 2021 to localize storage of Chinese user data. In February 2026, Tesla announced autonomous investment in and activation of an AI training center in China focused on localized scenarios, achieving, for the first time, local training of its FSD system using Chinese road data. Tesla Global Vice President Tao Lin explicitly stated: 'Training and iterating data collected in China within China’s borders is not only a proactive response to data security compliance requirements but also the only way to create a smart driving experience better suited to Chinese road conditions.'

Tesla’s move is not isolated but reflects the broader computing power localization dilemma facing the global automotive industry. In January 2026, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) revised regulations, shifting export controls on high-performance computing chips like NVIDIA’s H200 and AMD’s MI325X from 'presumptive denial' to 'case-by-case review.' While seemingly relaxed, this came with strict compliance conditions: 50% quota limits, mandatory third-party testing, and rigorous end-use controls. Just three months later, in April 2026, the U.S. drafted new rules requiring NVIDIA, AMD, and others to obtain licenses for exporting AI acceleration chips to any global destination.

These measures directly disrupted multinational automakers’ computing power layouts. Previously impacted by high-end chip export bans, NVIDIA CEO Jensen Huang admitted its market share in China’s AI chip sector had plummeted from 95%. For automakers, intelligent driving system iteration relies heavily on large-scale computing clusters—domestically collected road data cannot legally exit the country and must be stored and trained locally, yet restricted access to high-end training chips complicates this closed loop (closed loop).

Concerns over the computing power foundation extend beyond software algorithms to structural contradictions in the semiconductor supply chain. As Black Sesame Technologies founder Shan Jizhang noted at a recent industry forum, advanced process node capacity increasingly favors AI data centers, leaving automotive-grade AI chips at a disadvantage in capacity competition, even as autonomous driving computing demands climb. This supply-demand mismatch adds a heavy implicit cost to 'data compliance' accounts and underscores the urgency of supply chain diversification. Only through industrial chain collaboration can a safer, more resilient system emerge.

Under pressure, the localization of high-computing-power automotive-grade chips in China has become a key breakthrough direction. Black Sesame’s recently released A2000 series and other domestic high-computing-power chips explore advancements in computing density and architectural efficiency. Following this logic, XPENG Motors invested in self-developed Turing chips and dedicated computing centers, while NIO deployed its Shenji NX9031 chip. Some Chinese automakers plan to mass-produce vehicles with 100% domestic chips as early as 2026.

For multinational automakers’ 'data localization training' strategies, balancing compliance constraints, cost pressures, and technological autonomy remains a daunting challenge.

The 'cost' of compliance can be quantified. Take China’s mandatory national standard GB 44495-2024 'Technical Requirements for Information Security of Complete Vehicles': Certification per model costs approximately RMB 300,000–600,000, with data security compliance testing adding another RMB 50,000–150,000. Long-term infrastructure investments in OTA upgrade systems and vehicle security operations centers can reach hundreds of thousands to millions of RMB.

The cost of non-compliance is even starker: GDPR imposes fines of up to €20 million or 4% of global annual revenue (whichever is higher). In late 2025, German automotive supplier Continental was found GDPR-noncompliant by Romania’s data protection authority. General Motors was barred by the U.S. Federal Trade Commission from sharing driver location data with consumer reporting agencies for five years after collecting and selling it without user consent. Data compliance is not passive regulatory compliance but a passport to core markets.

Beyond cost pressures, Chinese automakers expanding overseas face another challenge. In September 2025, the EU’s Data Act took effect, systematically regulating data sharing for connected products. Vehicle operation data must be openly accessible to users and designated third parties, with automakers prohibited from imposing unreasonable restrictions. For example, BYD launched a dedicated compliance page on its European website, clarifying data holder identities and access paths. This move reflects the caution with which Chinese automakers navigate unfamiliar legal environments.

Deeper pressures arise from AI governance. The EU’s AI Act, fully effective in 2025, classifies autonomous vehicles as high-risk AI systems, requiring explainable decision-making logic and traceable algorithmic accountability chains. This reflects a clash of innovation paradigms: China emphasizes rapid iteration and scenario-driven optimization through practice, while the EU has established the world’s first risk-based AI regulatory framework, prioritizing upfront compliance and process control. Each approach has merits, and their effective integration will profoundly impact Chinese brands’ expansion in European markets.

However, some companies have transformed compliance into a competitive advantage. In August 2025, 49 models from 13 companies, including FAW Toyota, Volkswagen, Zhejiang Geely, and Li Auto, passed voluntary automotive data security inspections organized by relevant authorities in accordance with the "Provisions on the Administration of Automotive Data Security (Trial)" and national standards such as GB/T 41871-2022 and GB/T 44464-2024. The inspections covered key compliance requirements, including anonymization of facial data outside the vehicle, in-vehicle processing of cabin data, and default non-collection of cabin data. These companies are now turning compliance from a cost center into a brand trust asset. Leading companies have realized that data compliance is not merely about passively meeting regulatory requirements but serves as a passport to core markets.

China's Breakthrough in Trusted Data Space Pathways

Amidst conflicting regulations, China is forging a unique path—trusted data spaces. The core principle is that data remains within its domain, is usable but not visible, and is fully traceable throughout its lifecycle.

The most compelling case comes from breakthroughs in intelligent driving insurance.

With the penetration rate of L2-level passenger vehicles exceeding 60%, determining liability for intelligent driving accidents has become an industry pain point. Automakers face a credibility crisis as both "players and referees" when it comes to data. How can automakers prove the integrity of the data they provide after an accident? Insurance companies lack credible data sources, making claims settlement and loss assessment difficult.

On March 29, 2026, at the "Major Achievements Special Release Event" of the 2026 Zhongguancun Forum Annual Conference, the Beijing Financial Regulatory Bureau officially announced that Beijing would take the lead nationwide in launching the development and application of commercial insurance for intelligent connected new energy vehicles. This initiative will optimize and upgrade existing new energy vehicle insurance to uniformly cover all levels of intelligent connected vehicles from L2 to L4.

The implementation of this insurance product relies on technical support from trusted data spaces. The solution provided by the automotive industry's trusted data space involves real-time blockchain-based data storage, with authorized third-party inspection agencies conducting analyses within the data space after accidents. The original data remains on the automaker's local systems, with only trusted reports being output. This approach establishes a fully online closed-loop business process encompassing "data storage—trusted analysis—report output—compliant application," enabling efficient and compliant collaboration among automakers, inspection agencies, insurance companies, and judicial bodies. Notably, the National New Energy Vehicle Technology Innovation Center (NEVC) has developed a liability determination model using multimodal deep learning algorithms and temporal modeling techniques. This model can instantly identify the exact moment of collision in accidents (accurate to the millisecond) and automatically generate accident analysis reports within minutes, providing authoritative claims evidence for automakers and insurance companies.

The value of this case extends beyond insurance itself. It demonstrates that data compliance and industrial efficiency can work in tandem, and that security can foster new business models. For vehicle owners, claims settlement cycles are significantly shortened. For automakers, it resolves the dilemma of self-justification while ensuring core data remains within their domain. For insurance companies, it provides credible accident determination evidence and precise pricing data.

More profoundly, efforts are underway to align this solution with Europe's Catena-X data ecosystem. In July 2025, Catena-X signed a letter of intent with the Industrial Internet and Internet of Things Research Institute of the China Academy of Information and Communications Technology to jointly initiate international data space cooperation, aiming to establish a trusted China-EU cross-border data space based on the Catena-X architecture. The battery carbon footprint collaboration between BMW and CATL via the Catena-X platform can be seen as a precursor to this direction.

Global Competition Over Industrial Rules and China's Window of Opportunity

The competition over automotive data is fundamentally a struggle for control over industrial rulemaking. The three major economies have distinct approaches.

The EU continues to pursue a "regulatory legislation export" strategy. It has established a robust framework through the GDPR, the Data Act, and the AI Act, using GAIA-X and Catena-X as vehicles to translate data sovereignty concepts into industrial standards and extend their global reach through extraterritorial effects.

China follows a "system-enabled" approach. It balances security and development by establishing a data exit safety assessment system while treating data as a production factor. Through infrastructure like trusted data spaces, it cultivates industrial ecosystems and participates in rule co-creation by leveraging its market size advantages.

The United States adopts a "market-driven" model. While lacking a unified federal data law, major cloud providers such as AWS, Azure, and Google Cloud are deeply integrated into the global automotive data infrastructure. For example, Azure collaborates with BMW and Siemens on Catena-X, while AWS Data Exchange is compatible with Gaia-X standards. The U.S. exerts de facto influence over data sovereignty through the global layout of its cloud computing infrastructure, which controls the underlying channels of data flow.

These three models are not simply zero-sum games. The focus lies in whose desensitization standards are more scientific, defining "compliance productivity"; whose circulation infrastructure is more trustworthy, reducing "digital trade taxes"; and who can first achieve compatibility in multilateral agreements, providing a "common denominator" for global collaboration in the intelligent connected era.

For companies, this means they must "hedge their bets and advance simultaneously." Data architecture fragmentation, expanding compliance teams, and accelerated localization deployments are real costs imposed on companies by regulatory competition.

Returning to the original question: Are vehicle data assets or privacy concerns? The current answer is that they are both—and in specific contexts, they are also national strategic resources. While these attributes carry different weights in various jurisdictions, the global trend toward governance is irreversible: data can only unlock its development potential through high-quality flow under secure and controllable conditions.

China's exploratory path provides a "noise-reduced" observation window for this global challenge. From data storage for intelligent driving insurance to the establishment of the World Data Organization in Beijing, and the bidirectional alignment of China-EU data spaces, these developments indicate that China is transitioning from a rule-taker to a co-builder.

The next few years will be critical for Chinese and European automakers to bridge the "compliance gap." Whether they can achieve "unified accounting and bilateral recognition" in areas such as battery passports, carbon footprint accounting, and edge cases in intelligent driving will determine not only the depth of Chinese brands' globalization but also the breadth of multinational automakers' R&D systems in China.

The landscape of automotive data governance is transitioning from ambiguity to transparency, driven by the difficult alignment of rules, technology, and commercial interests. As software-defined value increasingly surpasses hardware, the decisive factor in the industry will no longer be the thickness of chassis but the breadth of rule consensus. The countries and companies that take the initiative in this competition will shape the global map of the next-generation automotive industry.

Image: Sourced from the Internet

Article: Auto Review

Layout: Auto Review