The sale of Iveco to India’s Tata Motors, the first time a European industrial vehicle manufacturer has been acquired by a non-EU company, raises an unprecedented question: where will the data collected from thousands of connected vehicles stored in the Italian company’s databases end up, and how will they be handled? These include all the data the vehicle records, some of which are sensitive because they show route histories, stops and even details about individual drivers, as they may include information drawn from the tachograph and driving style. The telematics platform may also store the artificial intelligence interactions between the driver and the onboard voice assistant.
The issue was addressed in the requirements attached to the so-called Golden Power – the Government’s authority over transactions considered strategic for the country – applied to the Iveco sale. These requirements are set out in the DPCM decree of 28 October 2025 authorising the transaction. The full text of the decree has not been published, and only partial content is known through extracts submitted to Parliament by the Prime Minister’s Office and cited in the minutes of the hearing held by the Minister for Business before the Chamber of Deputies’ Committees X and XI on 12 November 2025.
Part of the debate in the Chamber focused specifically on the use of Golden Power in relation to Iveco’s data and technologies. The minister clarified that customer data and the company’s intangible assets have been classified as “strategically relevant assets”. Golden Power has been triggered to safeguard advanced predictive diagnostics systems, autonomous driving systems and the “treasure” of data. This means that the data generated by Iveco’s industrial vehicle fleet are deemed a “national technological asset”, and Tata Motors will not be allowed to transfer or replicate these databases without complying with the imposed restrictions, which are expected to cover extra-EU server transfers and any unauthorised use.
To ensure compliance, the Government has required the appointment of “sentinels” – two independent directors – to the Iveco Board. Their role is to monitor implementation of the commitments, with powers to ensure that key technologies and data are not depleted, improperly transferred or handled in ways that run counter to national interests. These include technologies and information relating to predictive diagnostics for industrial vehicles.
This case shines a spotlight on how information flows from connected industrial vehicle fleets – now numbering in the hundreds of thousands – to manufacturers’ servers. These data have become a strategic economic resource comparable to patents. Today the prevailing model is the Extended Vehicle architecture, under which vehicle-generated data are not accessible to third parties via the OBD port or over the air, but are sent exclusively to the manufacturer’s servers in encrypted form. The manufacturer may then choose to grant access at its discretion, effectively creating a de facto monopoly: it can decide which data to share, at what price and with what latency, favouring its own authorised workshops over independent repairers.
One significant consequence emerges in predictive maintenance, which anticipates faults or failures and alerts the operator so action can be taken before a breakdown occurs on the road. This system is entirely managed by the manufacturer, which notifies the transport company and directs the vehicle to an authorised workshop. Independent workshops or those representing other brands have no access to these real-time data, effectively excluding them from predictive maintenance. Repairer associations have already flagged this situation, arguing that it distorts competition.
A dispute has now opened at European level over data ownership. Fleet operators, independent repairers and other stakeholders cite the EU Data Act, claiming that all data relating to vehicle operation belong to the vehicle owner, not the manufacturer. Under this interpretation, hauliers could choose to route the data to their own servers or to a trusted repairer. Manufacturers counter that opening direct access to vehicle data for third parties would expose trucks to hacking risks. The outcome remains uncertain.
Pietro Rossoni
