It should be noted that the European Commission has kept its word and what was announced has been done: on 30 July Delegated Regulation 1244/2021 was published, amending the General type-approval regulation for motor vehicles (the ‘famous’ Regulation 858/2018) by adding what is needed to finally start ‘managing’ access to maintenance and repair data. We are talking about technical standards and mechanisms for accreditation and access to manufacturers' portals without which the much-desired non-discrimination between independent and organised repairers cannot be achieved.
The ‘standards’ and ‘mechanisms’ that the Delegated Regulation adopts are ISO 18541 and SERMI; the former standardises access and the latter manages the accreditation through which any operator in the sector (independent or not) is authorised to access these portals. In other words, through SERMI any operator will be able to register and be authorised in an anonymous and non-discriminatory manner using tools and software standardised according to ISO 18541 provided by market operators, including independent and non-independent market operators. The fact that such a measure was necessary was obvious, just consider the advantages gained by the manufacturers who wanted to benefit from it. In the absence of rules, some have introduced their own protocols, their own logics and questionable access restriction mechanisms such as ‘Security Gateways’, often touted as tools to protect against hacking. The initiative of the European Commission, which has finally broken the deadlock and sanctioned the adoption of ISO 18541 and SERMI, is a vital step towards putting an end to abuses more or less disguised as security requirements. But in welcoming this positive development, we cannot fail to note that this alone is not enough and can only be the first step towards a definitive and comprehensive protection of competition law in the field of cyber security.
Let's take a closer look at what we are talking about. The ISO 18541 standard: without going into unnecessary technicalities, it is worth noting that this standard is constantly evolving and the Commission has had to adopt a consolidated version, aware that the regulation will have to evolve with the evolution of technology. What is missing, however, is the mechanism through which this development will be managed, which is necessary to mark out the time and manner for the necessary changes to the law. As far as SERMI is concerned, the issue is even more important because the Regulation adopts it for the ‘approval and authorisation of independent operators for the purposes of granting access to security-related vehicle repair and maintenance information (RMI)’, i.e. ‘the information, software, functions and services necessary for the repair and maintenance of the functions built into a vehicle by the manufacturer to prevent theft or misappropriation of the vehicle’. Perhaps this was the only way to start, but it is important to insist that SERMI should be extended to all maintenance and repair data as soon as possible, as the Alliance for the Freedom of Car Repair AFCAR has long advocated, especially in view of the adoption of the UNECE regulations on cybersecurity, a fully operational SERMI for all maintenance and repair data which is adapted to cybersecurity is vital for the competitive development of the sector.
Unfortunately, it is the same the whole world over: the problems we have in Europe are the same as those faced by operators in America and other parts of the developed world. In the USA, a major 'battle' is under way over the so-called ‘Massachusetts Bill’, which imposes free access to technical data in order to protect free competition against attempts at ‘monopoly’ or ‘domination’, which are unfortunately not uncommon in our sector. The aim here is not to make comparisons between different situations and laws, but it is useful and necessary to point out common attitudes that undermine the citizen's right to free competition, which is fundamental in our society.