The AV Safety Data Act directs the National Highway Traffic Safety Administration (NHTSA) to issue regulations—within 90 days of enactment—requiring manufacturers and operators already covered by NHTSA’s Third Amended Standing General Order 2021-01 to submit incident information plus a monthly operational dataset. The mandatory monthly submission compiles miles traveled by covered vehicles (broken down by vehicle and software characteristics, location, road type, and occupant presence) and detailed records of "unplanned stoppage events." The bill also requires NHTSA to publish the submitted materials in machine-readable datasets on its website.
This statute centralizes granular operational data about Automated Driving Systems and Level 2 Advanced Driver Assistance Systems for public and regulatory use. For compliance officers and product teams, it creates recurring reporting obligations, potential disclosure of vehicle identifiers and software-version data, and a new public data resource that will shape oversight, research, and litigation strategies.
The law limits what Level 2 data may be submitted and gives NHTSA authority, after ten years, to rescind or scale back reporting requirements.
At a Glance
What It Does
The bill requires NHTSA to promulgate regulations obligating covered manufacturers and operators to submit existing SGO-required incident information plus a monthly dataset listing miles traveled (disaggregated by make/model/model year/software version/road type/location/occupant presence) and detailed records for unplanned stoppage events, including identifiers and timing metrics. NHTSA must publish all submissions in machine-readable datasets starting 120 days after enactment.
Who It Affects
The rule applies to "covered entities" — manufacturers and operators subject to NHTSA’s Third Amended Standing General Order 2021-01 — and therefore will primarily affect commercial AV developers, fleet operators, and vendors operating vehicles with Automated Driving Systems or Level 2 ADAS. Researchers, insurers, local transportation agencies, and legal teams will be direct consumers of the published datasets.
Why It Matters
This bill converts operational telemetry and event reports into a recurring, public dataset that can be analyzed at scale, potentially accelerating safety research and regulatory enforcement. At the same time it forces companies to decide what operational details to disclose (including software-versioning and identifiers), which can have commercial, privacy, and security implications.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The AV Safety Data Act embeds new reporting obligations into the framework NHTSA already uses for automated vehicle incident reporting. It reaches vehicles equipped with an Automated Driving System and Level 2 ADAS if the manufacturer or operator is already captured by NHTSA’s Third Amended Standing General Order 2021-01.
The bill's definitional section imports the SGO’s terminology, so the population of affected entities is tied to that existing administrative structure rather than creating a parallel registry.
Under the bill, NHTSA must issue regulations within 90 days requiring covered entities to provide two streams of information: (1) the incident data already required by the SGO and (2) a new monthly operational report. The monthly report must quantify miles traveled on public roads by covered vehicles and break those miles down by vehicle make, model, model year, major software release, road type (freeway/non-freeway), geographic location (state and county), and whether a person occupied the vehicle.
The bill also mandates detailed reporting for "unplanned stoppage events," a defined class of disruptive, non-collision events (for example, a vehicle stopping in a travel lane and unable to proceed), and prescribes a long list of fields such as license plate, VIN, precise location (lat/long), environmental conditions, law-enforcement involvement, the event description and resolution, and timing metrics measured in seconds for both event duration and any entity intervention.Recognizing different privacy risks from Level 2 systems, the statute limits what Level 2 data may be provided: covered entities may only submit Level 2 data collected while the system was engaged or during the 30 seconds before an unplanned stoppage event, and those submissions must exclude personally identifiable information about the human driver. Separately, the Act requires NHTSA to publish all submitted reports and data on its website in machine-readable datasets beginning 120 days after enactment, making the information publicly accessible for researchers, state and local agencies, and private parties.Finally, the bill builds in a long-term reconsideration mechanism: beginning ten years after enactment, NHTSA may rescind or reduce the frequency and scope of the reporting regulations, though the agency may at any earlier time also revise them consistent with the statute.
That creates an explicit path to scale the program back if operational burdens or unintended consequences warrant it.
The Five Things You Need to Know
NHTSA must promulgate regulations within 90 days of enactment requiring covered entities to submit both SGO-required incident reports and a new monthly operational dataset.
Monthly reports must include miles traveled on public roads disaggregated by make, model, model year, major software version, road type (freeway/non-freeway), State and county, and whether an occupant was present.
For every "unplanned stoppage event" covered entities must report vehicle identifiers (license plate and VIN), date/time, latitude/longitude, environment and road type, law-enforcement or responder involvement, impact on passengers/others, resolution, any entity intervention, and timing in seconds for event duration and intervention.
Level 2 ADAS data may only be submitted if collected while the system was engaged or during the 30 seconds preceding an unplanned stoppage event, and those submissions must not include personally identifiable information about the human driver.
NHTSA must publish all submitted information as machine-readable datasets on its website starting 120 days after enactment, and the agency may rescind or narrow the reporting requirements beginning 10 years after enactment.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
The Act is captioned the "AV Safety Data Act." This is a formal labeling provision without operative obligations, but it signals the statute’s focus on data-driven safety oversight.
Definitions and scope referencing NHTSA SGO
Congress defines key terms by importing definitions from NHTSA’s Third Amended Standing General Order 2021-01, including what counts as an Automated Driving System, Level 2 ADAS, manufacturer, and operator. Importing the SGO’s language means the statute’s reach is tied to NHTSA’s administrative determinations and any future amendments to that Order; it does not independently create a separate coverage test.
Regulatory duty and monthly reporting elements
NHTSA must issue implementing regulations within 90 days directing covered entities to submit the SGO’s incident information plus a specified monthly report. The monthly report must quantify miles traveled and provide granular disaggregation (vehicle and software characteristics, road type, jurisdiction, occupant presence), plus aggregated injury/collision information involving vulnerable road users. The provision prescribes the types of fields and format expectations but leaves technical specifics to the agency’s rulemaking.
Limitations on Level 2 ADAS data submissions
The statute narrows Level 2 reporting to telemetry gathered while the ADAS was engaged or during the 30-second window before an unplanned stoppage event, and it requires exclusion of personally identifiable information about the human driver. That creates a narrower, privacy-conscious channel for partial autonomy systems while keeping the reporting framework oriented toward automated operations.
Public dataset requirement and ten-year review authority
NHTSA must publish all submitted reports and datasets on its public website in machine-readable form beginning 120 days after enactment, enabling external analysis and FOIA-free access. Separately, the statute authorizes NHTSA, starting ten years after enactment, to rescind or reduce reporting frequency and scope; the agency can also revise reporting requirements earlier if justified. The ten-year clause is a statutory safety valve allowing adjustment based on accumulated experience and operational burden.
This bill is one of many.
Codify tracks hundreds of bills on Transportation across all five countries.
Explore Transportation in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Researchers and safety analysts — Gain a standardized, machine-readable repository of operational miles, software-versioned exposure, and event-level data to quantify risk patterns, compare software releases, and study unplanned stoppages at scale.
- NHTSA and federal regulators — Obtain a recurring, centralized feed of operational and event data to support oversight, trend analysis, and targeted investigations without ad hoc subpoenas or piecemeal disclosures.
- Local transportation and public transit agencies — Receive granular location and event records that can inform traffic management, emergency response planning, and mitigation strategies for areas with repeated unplanned stoppages.
- Vulnerable road-user advocates and public-safety stakeholders — Can use the published data to identify hotspots for pedestrian and cyclist risk and press for engineering or regulatory remedies backed by empirical evidence.
Who Bears the Cost
- Covered entities (manufacturers and operators) — Face ongoing compliance costs to collect, validate, and deliver monthly datasets, plus potential competitive harm from disclosure of software versions, mileage by geography, VINs and license plates, and other operational metadata.
- NHTSA — Must allocate resources to write the regulations quickly, receive and curate large recurring datasets, maintain a public portal, and perform data governance and quality control; the agency may need new technical capacity and budget.
- Consumers and vehicle occupants — Navigate increased exposure of vehicle identifiers and operational traces in public datasets, creating potential privacy, stalking, or security risks despite limits on some personally identifiable information.
Key Issues
The Core Tension
The central dilemma is transparency versus privacy and commercial confidentiality: mandating granular, publicly accessible AV operational data helps regulators, researchers, and communities detect safety problems and improve accountability, but that same data can reveal proprietary software practices, exact vehicle movements, and identifiers that carry privacy and security risks and impose meaningful compliance costs on manufacturers and operators.
The statute creates a clear public-interest benefit—centralized, standardized operational data—but it also creates several implementation frictions. First, the bill requires public posting of vehicle identifiers (license plates and VINs) for unplanned stoppage events while simultaneously prohibiting personally identifiable information about human drivers for Level 2 submissions.
That split leaves open the risk of re-identification: combining VINs, precise locations, timestamps, and county-level mileage can allow third parties to trace vehicle movements or infer driver identities, particularly for small fleets. Second, the mandate to report "major software version" and disaggregate mileage by that version provides researchers with critical safety signals but also exposes proprietary release cadence and operational metrics that firms treat as competitively sensitive.
Operationally, the monthly cadence and long enumerated list of fields impose a substantial data-engineering burden on covered entities and on NHTSA. The agency must specify formats, validation checks, and an ingestion pipeline; without clear technical standards, datasets may be inconsistent, complicating cross-firm comparisons.
The bill ties coverage to NHTSA’s Third Amended SGO: that simplifies legislative drafting but makes statutory scope dependent on administrative definitions, which could change and create interpretive disputes. Finally, publishing VINs and license plates raises security concerns—adversaries could target specific vehicles for theft or tampering—so data-release policies, redaction standards, and retention rules will be essential but are left to rulemaking.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.