The transition from hardware-based fleet management to platform-based telematics has revealed significant shortcomings in legacy contract structures.

In this Q&A, Leasing Life Editor Alejandro Gonzalez (AG) speaks with Jonathan Strong (JS), Associate General Counsel at Geotab, about the need for robust data governance, updated security obligations and modern liability frameworks to manage the increasing complexity of connected fleets and meet rising regulatory expectations.

AG: What are the biggest legal challenges you’ve encountered when negotiating SaaS-based fleet management contracts with leasing firms and OEMs?

JS: One of the most persistent challenges is the lack of clarity around data responsibilities. In this sense, traditional contracts often don’t specify where data is processed, how it’s stored, or who is accountable in the event of a breach, all of which create serious compliance risks, particularly under GDPR. At Geotab, we’ve focused on clearly outlining data stewardship and responsibility in our agreements, particularly emphasising our compliance with international privacy standards

We’ve also encountered reluctance to move away from physical goods frameworks. Provisions designed for hardware – like on-site inspections – simply don’t translate to SaaS or connected vehicle services. Bridging that legal and conceptual gap is often the toughest part.

AG: How are legacy procurement contracts falling short in addressing data ownership, platform access, and security obligations in today’s connected vehicle landscape?

JS: It’s often forgotten that legacy contracts for goods and services were never built with data in mind. They tend to treat data as a static asset owned by one party, rather than a dynamic stream used by multiple stakeholders with distinct rights and obligations.

There’s also little recognition of the platform-based nature of modern telematics – where, for example, clients are joining a shared ecosystem. This creates blind spots around access, multi-tenancy and even security practices. Modern contracts must move away from ‘ownership’ language and toward shared governance, transparency and explicit security commitments, including encryption and access control.

AG: Have you seen any notable shifts in how leasing firms approach contract negotiations for data-centric services, particularly in response to evolving regulatory frameworks?

JS: Absolutely. There’s a growing awareness, particularly among larger leasing firms, that outdated templates are a liability. As a result, many are now proactively revisiting clauses around data transfer, cross-border processing and breach response in light of stricter global privacy laws.

There’s also more interest in modular contracts that can adapt to evolving tech stacks, something that I personally feel is really encouraging. However, the pace of change is uneven. Some firms are still trying to shoehorn data services into physical goods frameworks, which introduces risk and friction.

AG: With the rise of AI-driven analytics and predictive maintenance in fleet management, how should contracts evolve to reflect new risk and liability considerations?

JS: AI introduces brand new layers of complexity – from algorithm transparency to responsibility for automated decisions. Contracts must clearly outline data sourcing, governance, and sharing, all areas where Geotab has established strong practices, particularly in AI-based predictive maintenance tools like our vehicle health monitoring solutions.

Liability frameworks should also address what happens if an AI-driven insight results in operational failure or compliance issues. If the data feed is interrupted or worse still compromised, who’s accountable? These are critical questions that contracts must be equipped to answer.

AG: How do you foresee the legal and compliance landscape for fleet management contracts changing in the next five years, especially given increasing global scrutiny on data privacy and cybersecurity?

JS: I expect a continued shift toward contracts that treat data privacy and cybersecurity not as ‘bolt-ons’, but rather as foundational elements. Regulatory scrutiny is only going to increase and contracts that don’t embed compliance into their structure will quickly become obsolete.

We’ll also see more standardisation efforts, like those driven by organisations such as COVESA (the Connected Vehicle Systems Alliance), where Geotab sits on the board, to create frameworks for secure data exchange. Longer term, smart contracts and automation could start playing a bigger role in fleet management – but legal frameworks need to be ready for that.

AG: What best practices would you recommend for fleet operators and leasing firms to future-proof their contracts and avoid disputes over data rights and platform participation?

JS: First off, it’s absolutely crucial to be as clear as possible on data governance from the outset – so who has access, for what purpose and under what conditions. Secondly, treat security as a living obligation, not a one-off checklist. Build in references to recognised standards like ISO 27001 or FedRAMP where relevant. Thirdly, move away from rigid templates. Contracts should be adaptable and reflect the evolving nature of platforms and services. And finally, view the contract as a trust-building tool.

Clear, fair, data-conscious agreements can strengthen partnerships and reduce the risk of downstream disputes.

Jonathan Strong is Associate General Counsel at Geotab