Updated March 30th, 2026
1. Purpose & Legal Positioning
This document aims to clarify the product compliance logic and data governance principles of Robustel’s industrial cellular routers, edge gateways (RobustOS/RobustOS Pro), and cloud management platform (RCMS) under the framework of the EU Data Act (Regulation (EU) 2023/2854).
This document distinguishes between Robustel's "strategic alignment principles" and "statutory compliance commitments under specific provisions." The mechanisms outlined in this statement form the foundation of our product design and platform operations, and are ultimately governed and enforced by our formal End-User License Agreement (EULA) and Master Services Agreement (MSA).
Regulatory Alignment Snapshot
Robustel’s data governance and product architecture are designed to align with key EU regulatory requirements and industry standards relevant to connected industrial devices and data-driven operations.
This document primarily addresses requirements under:
● EU Data Act (Regulation (EU) 2023/2854) Data access, user control, third-party sharing, and service portability obligations for connected products and related services.
In addition, Robustel’s products and platform design principles support alignment with the following adjacent frameworks:
● Radio Equipment Directive (RED) – Cybersecurity Delegated Act Device-level security, protection of network integrity, and safeguards against misuse of connected equipment.
● NIS2 Directive Support for customers operating under organisational cybersecurity and supply chain risk management obligations.
● IEC 62443 (Industrial Cybersecurity Standard) Alignment with industrial control system security principles, including segmentation, secure communication, and system hardening.
Scope Clarification
This document focuses specifically on data access, data sharing, and service portability mechanisms under the EU Data Act. Alignment with other regulatory frameworks and standards is addressed through Robustel’s broader product design, security architecture, and operational practices, and may be detailed in separate technical or compliance documentation where required.
2. Definition of Roles and Responsibilities
The Data Act prescribes different obligations for entities across various scenarios. Robustel explicitly defines the following legal roles within its product ecosystem:
● RCMS (Cloud Management Service) Scenario: When customers connect devices to RCMS, Robustel fulfills the obligations of a "Data Holder" as defined by the Act regarding the centrally collected fleet network telemetry. The enterprise customer is the statutory "User" of this telemetry data.
● RobustOS/RobustOS Pro (Pure Edge/Offline Operation) Scenario: When devices operate in complete physical isolation, offline, or are only connected to third-party network management systems, Robustel acts solely as the "Product Manufacturer." In this scenario, system-generated data is entirely controlled locally by the user; Robustel does not physically possess the data and therefore does not bear the direct data-sharing obligations of a "Data Holder."
3. Core Principles & Mechanics
Physical Boundary of Payload and Telemetry
We strictly isolate two types of data streams at the fundamental architectural level:
● User Payload Data: Including but not limited to actual traffic transmitted via VPN tunnels, serial and Ethernet business data, and sensor data converted through gateways (e.g., converting Modbus data to MQTT). Such data is the absolute and exclusive property of the user. Robustel shall not probe, intercept, or persistently store this data.
● Machine-Generated Telemetry: Encompassing 5G/LTE signal quality, interface Up/Down status, and system operational statistics. This data constitutes the subject of our data-sharing obligations.
Access & Sharing Mechanics
Our design ensures that users can exercise their access and sharing rights through standardized technical avenues:
● Edge Local Access: Even when disconnected from RCMS, users can still export system-level logs and status data via standard IT/OT protocols (such as SNMP polling) or the local Web GUI.
● Third-Party Data Sharing Rights: Users have the right to instruct Robustel to share their data with third-party platforms. In practice, we primarily empower users to seamlessly integrate or share telemetry data into designated third-party multi-vendor environments (such as enterprise private network management systems or cloud platforms) via standard RESTful APIs provided by RCMS, and standard protocols like SNMP supported at the RobustOS/RobustOS Pro edge.
Trade Secrets vs. User Rights
Robustel is committed to achieving a balance expected by the Act between empowering user data rights and protecting core intellectual property:
● Robustel's Trade Secret Protection: We lawfully provide access to the generated telemetry data; however, the proprietary algorithm implementations underlying RobustOS/RobustOS Pro (such as link management logic, SmartRoaming's network preference criteria, or core security mechanisms) are protected trade secrets. The data access rights granted by the Act do not constitute a license to reverse-engineer, decompile device firmware, or develop competing products.
Interoperability Positioning
Robustel actively embraces the Data Act's vision for open, multi-vendor environments. We provide protocol-level interoperability at the edge, supporting the local conversion of proprietary or legacy field protocols (such as Modbus RTU) into structured, machine-readable standard protocols (such as MQTT, JSON, BACnet IP), thereby significantly lowering the technical threshold for integrating industrial data into unified data spaces.
4. Service Switching & Portability
In accordance with Chapter VI of the Data Act regarding the removal of obstacles to switching services, Robustel defines the following switching mechanisms:
● Non-Proprietary Lock-in: RobustOS/RobustOS Pro routers and gateways natively support common network management protocols. Should a user terminate RCMS services, they can smoothly transition to a third-party Network Management System (NMS) that supports standard protocols, without any restriction on core device functionalities.
● Export Format & Continuity: During a 30-day transition period following the termination or transfer of RCMS services, users can fully export their historical device configurations and telemetry data in standard, structured formats (such as XML) via the system interface or API.
● Fee Structure: Data export capabilities are provided as part of the standard service; no punitive "exit fees" exceeding reasonable data transmission costs will be charged.
5. Public Sector Obligations (B2G)
Robustel acknowledges the obligation to share data with public bodies under specific statutory exceptions. Our principles for processing such requests are as follows:
● Legality & Proportionality Threshold: We solely respond to formal government directives explicitly authorized by EU or Member State law that demonstrate an "Exceptional Need" (e.g., major public emergency response).
● Scope Minimization: Any provision of data will strictly adhere to the principle of proportionality and be limited to the macroscopic or anonymized network telemetry necessary to address the emergency. We will not disclose the user's underlying payload data to public bodies without the explicit authorization of the user or a legally binding and enforceable judicial order.
6. Contractual Alignment
The data rights, limitations, interoperability commitments, and trade secret protection measures outlined in this statement have been incorporated into Robustel's respective commercial contract terms. When users, system integrators, and third parties exercise their rights granted by the Data Act, the specific operational details, limitations of liability, and dispute resolution mechanisms shall be governed by the formal End-User License Agreement (EULA) and corresponding Data Processing Agreements (DPA) executed between the parties.