In the February issue of this most illustrious publication, I wrote about the imminent implementation of cybersecurity in vehicle Type Approval regulations and the potential impact that this could have on the UK aftermarket.
    
However, the automotive world is getting ever more complicated, not just in the way that vehicles are being designed, or the use of data to support diagnostics or repair processes, but also in the way that the vehicle is becoming the basis of its own service-centric functions using vehicle generated data.
    
The traditional ‘we-can-work-on any-car-that-comes-through-the-door’ business model was the basis for competing workshops, with different skill sets, hourly rates and a choice of replacement parts to offer consumers the ability to choose where and how their vehicles were repaired. Unfortunately, this basic business model is increasingly difficult to maintain in the face of the rise in vehicle complexity – and with it, new ways to diagnose, service and repair vehicles.

Free competition
The principles of free competition allowed the ‘we can work on anything’ to be possible, as legislation has existed since 2002 to ensure that non-discriminatory access to the vehicle, its data, technical information, diagnostic tools – in fact almost everything the aftermarket needed to offer the consumers’ choice was enacted. However, this legislation was workshop-versus-workshop but now does not address the changes created by the remote access to data that is an integral part of almost all new vehicles.
    
Critically, there are wider legislative requirements that will be needed to support the aftermarket. This is not just the MVBER renewal, but the technical implementing Acts (known as secondary legislation) that need to be created and implemented for the legislation that includes the full repair and maintenance (RMI) for the aftermarket which is contained in (EU) 2018/858. This legislation is used in both the EU and the UK for vehicle Type Approval, but the details of how and what needs to be put in place as secondary legislation for the independent sector’s access to RMI have yet to be discussed – which coming from the basis of the UK government’s approach of ‘not intending to use the EU’s implementing legislation’, is very concerning.
    
Also in the EU, the European Commission has published its long-awaited (generic) legislative proposal on access to data – the EU Data Act – which includes the rights of the product’s owner to access that product’s data. This also includes the principles of data portability and contractual principles for business-to-business data exchange, but although the Commission opened a consultation for automotive sector requirements in March (which runs until June), there is a strong call from the aftermarket to have robust legislation to address fundamental concerns. For example, the vehicle owner may have the right of access to the vehicle (the product) and its data, but how would they access and use that data if no software (applications) have been developed to allow services, such as diagnostics, service, maintenance and repair jobs? This is an increasingly important issue when many new aftermarket services are based on remote access to the vehicle when it is being driven, such as predictive diagnostic and service functions. A key aspect would be to ensure that these service providers can access the details of a vehicle’s data and resources to allow applications to be developed which are then chosen by the vehicle owner, using the data generated by their vehicle (i.e. ensuring that the horse is before the cart). These are no longer just EU legislative developments, but also now happening in North America, Australia and South Africa, the UK has catching up to do.

Wider changes
With all this in mind, what is the UK government doing to address these wider changes in the way that vehicles, their data and functions can be accessed?
    
In September 2021, the Dept of Transport issued a consultation document entitled The Future of Transport Regulatory Review Consultation. This described their intended approach to a future legislative framework that included key elements for “regulating safety, security and environmental performance’, ‘tackling tampering’ and ‘improving compliance, safety and security.”
    
Although this included aspects particularly focused on “automated vehicles,” which may be seen as a future requirement, the reality is that automated systems already exist on today’s vehicles and the consultation document includes “approval and in-use obligations for software and cyber-security requirements” which would also apply to “suppliers of replacement parts.” The consultation document is far from clear in relation to what this would mean for any aftermarket replacement part which could then fall under the “tampering” aspect, as this could lead to only OEM replacement parts being fitted with the corresponding requirement for an independent workshop to meet the vehicle manufacturer’s criteria to enable that replacement part to be both fitted and integrated into a vehicle.
    
This aspect of “tampering” was challenged by the motorsport and classic vehicle sector and the consultation document was amended to explicitly exclude these sectors, but for normal repair and maintenance the original approach remained. As an example, there are currently problems with aftermarket replacement parts that have been Type Approved, but which cannot be fitted and integrated into a vehicle as they are not accepted by the vehicle manufacturer and only that vehicle manufacturer’s replacement part can be fitted and coded using that VM’s proprietary diagnostic tool.

Concerns
Subsequently, even though wording had been changed, such was the concern in the motorsports and classic vehicle sector around this issue of tampering, that a Parliamentary petition was started, which was signed by over 115,000 people, automatically triggering a Parliamentary debate.
    
This debate took place on 25 April and these concerns were raised with the Department of Transport, who appeared to take note, not only for the motorsport and classic vehicle sector, but also for the wider aftermarket repair sector, with a particular call to ensure a much-needed clarity of tampering to avoid unintended restrictions.
    
However, the UK aftermarket is being increasingly threatened by changes to vehicle design and functions, the change of business aftermarket models that use remote access to dynamically generated vehicle data and the rise of cybersecurity to protect the vehicle. Currently, these are all under the control of the vehicle manufacturers, so existing legislation that supports the aftermarket needs to be urgently revised to address how innovation, competition and consumer choice can continue. How the detail of this may be included in both the primary and secondary legislation is yet to be discussed.