Zwift and the Upcoming EU Data Act: Third Party API Access

Hey Zwifters,

A common request on this board is to allow third-party API access for syncing Zwift workouts or planning workouts for users in Zwift.

The EU Parliament and the EU Council are in the final stages of negotiating the EU Data Act, which will require data holders to grant access to third parties if users request it.

Here’s a quote from the Parliament’s position:

The Commission is proposing to grant users (consumers or businesses) a new right to access the data they generate and to create a user’s right to share such data with third parties. The draft text also imposes a number of obligations on data-holders (e.g. making data available under fair, reasonable, and non-discriminatory terms and in a transparent manner) and aims to protect micro-enterprises and SMEs against unfair contractual terms in data-sharing contracts (i.e. fairness checks).

Is Zwift prepared for the upcoming legislation? Currently, Zwift grants access to a few selected third parties, such as TrainingPeaks, so the API is available. Why not make it accessible to all requesting applications, as other companies like Garmin, Polar, and Wahoo already do?

It would be a good look for Zwift to grant third-party access to all requesting parties before being compelled by EU legislation to do so.

I don’t think (note, not a lawyer) this applies to giving API access to everyone that wants it.

Just fair access to their data (which I thought was covered under GDPR).

No, it includes all third parties (if the users requests so) and requires the access to be in real-time (if possible) and is far further reaching than the GDPR.


Draft Article 5.1 states:

"Upon request by a user, or by a party acting on behalf of a user, the data holder shall
make available the data generated by the use of a product or related service to a third
party, without undue delay, free of charge to the user, of the same quality as is
available to the data holder and, where applicable, continuously and in real-time."

I would not be surprised if the existing access to FIT file downloads is already compliant. Access to that data is available immediately, on-demand, with continuous access, using an open protocol (HTTP), and meets interoperability standards (FIT format). That’s a question for the lawyers and compliance people to answer. An open API would be far better so that third party sites could easily integrate with Zwift. That would make the product better, which is the best reason to do it.


No, it’s not compliant because it is not available to third parties (like an OAuth API would be)

The data is also held locally by each user. Nothing is stopping a third party from creating a client that integrates with their service. Honestly I have no idea if it will be considered compliant, but I think it’s a stretch to assume that Zwift will be compelled to do anything as a result of this rule. Call your lawyer.

1 Like

No, the legislation is explicitly about the data sharing including B2B. That is one of the main points of the legislation :slight_smile:

I agree that the API would be a huge net benefit for Zwift.

edit: Data holders implementing APIs and allowing direct access to the data is pretty much all the legislation is about. It’s not a stretch by any means, this is EU legislation and will apply (at least) to all EU users. Note that it’s not final yet, but already entered the EU trilogue.

Why not just be smart now and improve the whole Zwift ecosystem, basically for free? It’s just good business sense for Zwift.

I’m a big fan of the idea of an open API for Zwift but don’t think that Data Act in any way can force Zwift to provide one. Data Act is essentially about data generated in IoT (Internet of Things), from connected devices - that is not the kind of business Zwift are in.

Quoting one of the EU pages about Data Act:

The Data Act will give both individuals and businesses more control over their data through a reinforced data portability right, copying or transferring data easily from across different services, where the data are generated through smart objects, machines and devices.

No, it’s not only about IoT. The definition of a product in the EU Data Act:

'product’ means a tangible, movable item, including where incorporated in an
immovable item, that obtains, generates or collects, data concerning its use or
environment, and that is able to communicate data via a publicly available electronic
communications service and whose primary function is not the storing and
processing of data

Smartwatches, sensors and smartrainers should fall under this definition. They are also smart objects and devices according to your quote.

the way I read this is to give the customer access to their data. It does not seem to include real time data in the case of Zwift.

So currently every rider has access to all their data that can be downloaded from the Zwift website.

But would that definition cover Zwift, the service? It’s not a smart trainer or a tangible movable item. If this is all true then it might simply apply to the trainer itself, your smart watch, your HRM. (And if it applied to Shimano Di2 that would be awesome.)

Access rights already come from the GDPR. This law is much broader.

There is a definition of related services in the law that use the products.

Let’s wait for the final law and the final definitions, which are currently being discussed in the trilogue. :slight_smile: I hope we will finally see an open Zwift API.