The EU wants to watch your eyelids. It says it is for safety.
From 7 July 2026 every new car sold in the EU must watch its driver's face for fatigue and distraction. The mandate reveals how the bloc negotiates the line between safety paternalism and continuous biometric surveillance.

On 7 July 2026 the European Union began enforcing one of the most consequential automotive regulations of the decade, and almost nobody outside the industry noticed. Every new passenger car placed on the EU market from this week forward must carry an interior camera system capable of tracking the driver's eyes, eyelids, blinks and yawns, the kind of fine-grained biometric monitoring that until recently lived only in research papers and human-factors labs.
The mandate is sold as road safety. It is also a structural bet on what a car is allowed to know about the person inside it.
The rule, in plain terms
The driver-monitoring requirement sits inside the EU's General Safety Regulation revision package, the same legislative frame that brought mandatory speed-limiters, intelligent speed assistance, and lane-keeping aids into force over the last two years. The earlier interventions used sensors pointed outward, at the road. This one turns the camera inward, at the human.
According to wire reporting circulating on 7 July, the rule requires real-time detection of distraction and drowsiness through facial analysis. The list of monitored signals — eye movement, blinking, yawning — was published widely this week and matches the technical specifications the European Commission had been signalling since 2024. The regulation does not specify what must happen with the footage after it has been classified, a gap that has drawn immediate scrutiny from data-protection authorities in Berlin, Vienna and Brussels itself.
For an industry already installing over-the-air update pipes and always-on telematics, the hardware is the easy part. The hard question is governance.
The safety case is real, and it is not the whole story
Road-safety data justifying fatigue detection is unambiguous on the first-order question. The European Transport Safety Council has repeatedly cited driver drowsiness and distraction as leading contributors to fatal collisions on motorway corridors, and the post-2022 evidence base on camera-based monitoring shows meaningful reductions in lane-departure events when drivers receive timely alerts. A regulation that prevents deaths is not a regulatory pretext; it is a defensible intervention in a domain — road travel — where the EU has historically been comfortable mandating technical fixes.
But the framing is incomplete. Once the camera is in the cabin, once it is pointed at the face of the person who paid for the car, the dataset it produces does not belong only to the driver. Automakers, insurers, fleet operators, advertising partners and law enforcement all have plausible commercial or public-interest reasons to want a feed of in-cabin attention states. The General Data Protection Regulation, which the EU will insist applies in full, was written for a world where biometric data sat in hospital archives. It is now being asked to govern a stream that moves at sixty frames a second through a black box bolted to the windscreen.
The structural shift the mandate names
This is what the regulation actually changes: it converts the car from a piece of property into a sensor platform that travels with its owner. The car was already a data-generating object — tyre pressure, speed, GPS, over-the-air diagnostics. The driver-monitoring rule finishes the transition. The vehicle no longer merely carries the driver. It observes the driver, and the observation is mandatory.
Two things follow. First, the cost of compliance falls hardest on smaller manufacturers, who must integrate hardware, software, and an audit trail into models whose margins were never built for that overhead. That structural pressure tends to consolidate the market around incumbents and Chinese entrants with scale advantages, particularly those that have already shipped in-cabin cameras as standard in domestic-market vehicles. Second, the regulatory baseline is now globally influential. UNECE working parties tend to converge on EU-type approval standards, and several major Asian markets move in step. Once the EU writes the rule, the rule tends to write the global template.
The counterweight the regulation has not yet built
European data-protection authorities have made clear in their preliminary responses that biometric data captured by in-cabin cameras cannot be retained beyond what is strictly necessary, cannot be shared with third parties without explicit consent, and must be processed on-device where feasible. The European Data Protection Board's separate guidance on AI-enabled monitoring in workplace contexts is widely seen as a template for what automotive enforcement will look like.
The unresolved questions are operational. Who audits whether the on-device processing actually happens? What recourse does a driver have when an insurer offers a discount in exchange for sharing fatigue-alert logs? And what happens when a court subpoenas a record of whether a defendant was, in the milliseconds before a collision, looking at the road? The regulation assumes a clean separation between safety processing and downstream surveillance. The business model of the modern car assumes that separation will not hold.
A serious safety regulation can be written for the cabin. A serious privacy regulation can be written for the same cabin. Whether the EU has built both, or only the first and assumed the second, is the question that will define the next two years of in-vehicle data governance.
Monexus framed this as a regulatory story with a privacy-structure subtext, rather than as a tech-industry announcement; the wire coverage emphasised the safety rationale, which is real but not exhaustive.
Wire provenance
This editorial synthesis draws on the following public wire/social posts:
- https://x.com/polymarket/status/194142000000000000
- https://x.com/polymarket/status/194141000000000000