NHTSA Throws a Wrench in Massachusetts Right to Repair Law

June 20, 2023

The National Highway Transportation Safety Administration has issued a letter telling automakers not to comply with the already-in-effect Data Access Law in Massachusetts, noting it “conflicts with and therefore is preempted by” the National Traffic and Motor Vehicle Safety Act.

The federal court in Massachusetts was copied on the letter, which applies to the state’s Right to Repair legislation.

NHTSA’s letter said it intended to “advise vehicle manufacturers of their obligations” under the national law, referred to as the Safety Act. But in a letter to Auto Care Association members, President and CEO Bill Hanvey notes that the NHTSA letter “arrived after repeated attempts by Judge Woodlock to engage NHTSA some two years ago during the initial trial for their position on the law and after the window for submissions to the court was over.”

Here’s a look at NHTSA’s argument.

“While NHTSA has stressed that it is important for consumers to continue to have the ability to choose where to have their vehicles serviced and repaired, consumers must be afforded choice in a manner that does not pose an unreasonable risk to motor vehicle safety.”

NHTSA’s concern is based on the requirement of “open remote access” to vehicle telematics systems with “the ability to send commands.

“Open access to vehicle manufacturers’ telematics offerings with the ability to remotely send commands allows for manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking, as well as equipment required by Federal Motor Vehicle Safety Standards such as air bags and electronic stability control. A malicious actor here or abroad could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently. Vehicle crashes, injuries or deaths are foreseeable outcomes of such a situation.”

NHTSA says it has described its concerns previously.

The agency goes on to note that vehicle manufacturers “appear to recognize that vehicles with the open remote access telematics required by the Data Access Law would contain a safety defect.” And federal law prohibits vehicle manufacturers from selling vehicles with known safety defects.

Hanvey says the Auto Care Association is working on its response, as well as a plan “to refute NHTSA’s misunderstandings over the interpretation of the law and to demonstrate the viability of our solution to securely grant access to vehicle generated repair and maintenance data by approved agents of the vehicle owner.”