Skip to main content

Traffic Data Ecosystem Rulebook

What is the Rulebook?

The Rulebook is based on Sitra’s Fair Data Economy Rulebook, and it creates a contractual framework that will facilitate data sharing and building mutual trust within the traffic sector. The traffic data ecosystem is an open-source network that any private individual or legal entity may join. Joining means agreeing to comply with the Rulebook.

The Rulebook allows organisations and individuals to exercise better control over the data they share and to decide independently on user rights for those data.

The Rulebook is a tool for sharing increasing quantities of data either free of charge or for a fee, as agreed jointly. In practical terms, this will improve confidence in data integrity, quality, security, operator identity, operator roles and terms and conditions of use.

What is agreed upon in the Rulebook?

• Rules for sharing datasets, providing ecosystem services and agreeing on cooperation

What is not agreed upon in the Rulebook?

• The contents of mobility, traffic and logistics services, prices, payment systems, ticketing, etc.

What does becoming a member of the Rulebook mean in practice?

General information

• There are no special conditions for becoming a member. The data ecosystem is open to all private individuals and legal entities.

• Membership is free. Any remuneration for data and services is indicated in the terms and conditions.

• Each party is responsible for their own costs incurred by being a member.

• A member may play one or more roles within the ecosystem: data provider, service provider, end user, operator and external end user.

• Membership does not limit a member’s freedom of action with regard to other actors (non-exclusive model).


• Membership is valid until further notice. The notice period is ninety (90) days.

• Unless otherwise specified in a dataset’s terms and conditions of use, parties have the right to continue utilising any data they received before the termination of the agreement.

• In the event of significant breaches of contract, the steering group has the right to terminate the offending party’s agreement with immediate effect, in which case the offending party will lose access rights to the data and, if so required by the other parties, must return/delete any data that has already been obtained.

General obligations

• Each member must appoint a contact person for matters related to information security.

• Information security breaches must be reported to the parties concerned without delay.

• Parties are obliged to ensure information security and participate in the investigation of information security breaches to a reasonable extent.

• Parties have the right to use subcontractors and provide them with access to any data that is necessary for the task in question. The party will then be responsible for both its own activities and those of its subcontractor.


• Information that is intended to be kept confidential must be clearly marked as confidential.

Intellectual property rights (IPR)

• Ecosystem membership/data sharing/service provision does NOT lead to the transfer of intellectual property rights.

• Any new IPRs created by a party will remain with the party that created them.

Data protection

• The data processed in the ecosystem must be processed in accordance with applicable data protection legislation and regulations.

• Additional agreements and data protection documentation must be drawn up on a case-by-case basis.

Liability/Limitation of liability

• Parties are only liable for direct damages caused by a breach of contract.

• A member’s total annual liability is limited to fifty thousand euros (EUR 50,000).


• A data provider has the right to audit the parties that process its data.

• Such an audit is carried out at the data provider’s own expense, including the direct costs incurred by the audited party.

Applicable legislation

• The agreement is governed by the laws of Finland. Disputes are to be resolved through arbitration in Helsinki.

Code of Conduct

• Members agree to comply with the ecosystem’s Code of Conduct (with minor clarifications derived from Sitra’s model).

Dataset/service – terms and conditions of use

• The terms and conditions of use for a dataset/service specify the conditions under which the data/service can be used within the ecosystem.

• A separate document detailing the terms and conditions of use will be drawn up for each dataset/service.

• This document will be accompanied by a description of the terms and conditions of use, and can be based on the EU Metadata Catalogue model contained in the Rulebook.

• Shared datasets and provided services (complete with their terms and conditions of use) are to be recorded in the ecosystem’s digital “Data, service and party catalogue”.

• Terms of use documents play a major role in the order in which rules are applied within the ecosystem (after the constitutive and accession agreements and before the general terms), and give data providers the freedom to specify the terms and conditions that will be applicable to individual datasets.

Derivative material

• Refers to information derived from data or information that has been created by combining, refining and/or processing data in conjunction with other data.

• The terms and conditions of use for a dataset may specify in more detail the situations in which processed information is NOT considered to be derivative material.

Role-specific responsibilities

Data provider

• Is responsible for specifying the terms and conditions of use for a dataset whose data will be available in the Ecosystem.

• Rights: Specify the purpose for which data may be used, allow further distribution of data (to end users, external end users), prohibit unauthorised use of data, and disallow data sharing.

• Any new terms and conditions of use for a dataset must be communicated to authorised users. Unless otherwise specified in the dataset’s terms of use, the changes will come into effect 90 days after this notification. Changes may not be retroactive.

Service provider

• Is responsible for processing data in accordance with the constitutive agreement and the dataset’s terms and conditions of use.

• Keeps a log of their processing activities, and must supply data providers with reports on data usage, processing and further distribution upon request.

End user

• Is responsible for using data in accordance with the constitutive agreement and the dataset’s terms and conditions of use.


• Several operators may be involved.

• Is responsible for providing the Ecosystem with data and infrastructure services that support the Ecosystem’s functionality (such as authentication, identification and identity/consent management services; data protection and privacy protection services, etc.)

An external end user is a stakeholder who is not a party to the constitutive agreement yet still receives data.

Further distribution of data

• Service providers may only share data with external end users if the dataset’s terms and conditions of use allow it.

• Unless prohibited by the dataset’s terms and conditions of use, parties have the right to further distribute derivative materials to external end users.

• When further distribution is permitted, the data provider is responsible for specifying the terms and conditions for further distribution in the dataset’s terms and conditions of use.

• Service providers are obliged to include such terms and conditions in their data sharing agreements.

• Unless it is expressly prohibited in the dataset’s terms and conditions of use, parties have the right to further distribute data within their Group (Affiliate).

Intellectual property rights (IPR)

• Data providers are responsible for ensuring that they have the right to share data in accordance with the dataset’s terms and conditions of use.

• Parties have the right to use software robots, artificial intelligence, etc. They also have the right to learn from data and use professional skills that have been acquired while processing data.

How to join?

If you would like to sign the Rulebook and thereby become a member of the traffic data ecosystem, you should follow these steps:

1. Send an email titled “Joining the Traffic Data Ecosystem Rulebook” to: janne.lautanala(at)

2. Please include the following in your email: the official name of your organisation (FI/EN), its Business ID, and the name and title (in English) of the person who will sign the Rulebook. Please also include a contact person for matters related to information security. 

3. Your message should also indicate whether your organisation’s name can be added to this page as a signatory to the Rulebook.

4. Fintraffic will then send you a registration agreement to sign.

Read the materials:

Attachment Size
Traffic Data Ecosystem - Accession Agreement.pdf 153.2 KB
Attachment Size
Traffic Data Ecosystem - Constitutive Agreement.pdf 974.1 KB
Attachment Size
Appendix 1 - Traffic Data Ecosystem - Description.pdf 510.45 KB
Attachment Size
Appendix 2 - Traffic Data Ecosystem - General Terms.pdf 342.03 KB
Attachment Size
Appendix 3 - Traffic Data Ecosystem - Code of Conduct.pdf 300.42 KB
Attachment Size
Traffic Data Ecosystem - Dataset terms of use template.pdf 247.4 KB
Attachment Size
Traffic Data ecosystem - Dataset description template.pdf 303.81 KB