Vehicle data regulations in France and Europe

Access to vehicle data in France is governed by a strict regulatory framework. The SIV (Systeme d'Immatriculation des Vehicules — Vehicle Registration System), managed by the Ministry of the Interior, centralises the administrative records of all vehicles registered in France. Access to this database is restricted to accredited operators. Here is the complete framework for professionals.

The SIV: the reference database

The SIV is the national database that records all vehicles registered in France. It contains the following for each vehicle:

• The registration number (license plate) and VIN
• The vehicle's technical characteristics (make, model, body type, power, fuel type)
• The date of first registration
• The owner's identity (individual or company)
• Administrative status (lien, opposition, theft, scrapped)
• Transaction history (changes of ownership, technical modifications)

Government accreditation

Access to the SIV is subject to accreditation issued by the Ministry of the Interior, under the order of 20 January 2009. This accreditation is granted to professionals who demonstrate a legitimate need to access registration data as part of their business activities.

Categories of operators eligible for accreditation include:

• Automotive professionals (dealerships, traders, repairers)
• Insurance companies and automotive experts
• Finance and leasing companies
• Accredited IT service providers (such as AutomotivAPI)
• Law enforcement and public authorities

AutomotivAPI is accredited by the Ministry of the Interior, enabling it to transmit SIV data to its professional clients in compliance with the regulatory framework.

Personal data protection (GDPR)

SIV data contains personal information (owner's name and address). Processing this data is subject to the General Data Protection Regulation (GDPR):

• Legal basis — data access must be founded on a legal basis (legitimate interest, contractual obligation or consent as applicable)
• Purpose limitation — data may only be used for the purpose declared when applying for accreditation
• Data minimisation — only the data necessary for the stated purpose is transmitted
• Retention — data must not be retained beyond the period necessary for processing
• Security — appropriate technical and organisational measures must be implemented

The AutomotivAPI platform applies the data minimisation principle: returned data does not include the owner's identity when this information is not required for the requested use case.

The European framework

The Data Act

The European Data Act (Regulation 2023/2854) establishes harmonised rules for accessing and sharing data generated by connected devices, including vehicles. This legislation strengthens the right of users to access the data generated by their vehicle and to share it with third-party service providers.

Access to in-vehicle data

The debate on access to in-vehicle data pits vehicle manufacturers, who wish to retain control over this data, against independent aftermarket players (repairers, insurers, fleet managers) who demand fair access. The European Commission is working on a specific regulatory framework for automotive data.

Type approval and homologation data

Vehicle type-approval data (emissions, consumption, safety) is public and accessible through the ETAP (European Type Approval) databases and national homologation records. This data feeds into the technical reference databases of vehicle data APIs.

Practical implications for professionals

For a professional integrating a vehicle data API, the regulatory framework raises several points to consider:

• Choose an accredited provider — using a non-accredited API to access SIV data is unlawful. Verify that your provider holds government accreditation.
• Declare your purpose — data usage must correspond to the declared purpose. Use for unsolicited marketing is prohibited.
• Secure the data — vehicle data received via the API must be stored securely and not shared without authorisation.
• Respect retention limits — do not retain data beyond the period necessary for your processing activity.

To learn more about the technical aspects of integration, see our API vs scraping comparison which details the legal risks of non-compliant approaches.