February 2022

FEBRUARY 2022 AFTERMARKET 15 www.aftermarketonline.net supported by better levels of diagnostic tools, technical training and technical information. Unfortunately, the world has now changed to reflect our love of mobile phones and the applications they support, including when in our car. Real challenges In automotive terms this has led to the vehicle becoming compatible with Apple and Google operating systems and to host an increasing range of consumer-centric applications that are embedded in the vehicle, normally accessible via the in-vehicle dashboard display. This has all been made possible by the implementation of remote access using wide-area networks (mobile phone networks to you and I) and SIM cards embedded directly in the vehicle. The situation has also been further exacerbated by the mandatory introduction of eCall, the pan European system that automatically calls the emergency services in the event of an accident. Although eCall is now a vehicle type approval requirement, it is dormant until triggered and is free to use, so vehicle manufacturers wanted to add additional remote services, not only to cover the costs of implementing eCall, but to enhance their product offer/brand value to the vehicle user and develop new business models using remote vehicle data. This is where the real challenges for the aftermarket become such issues. Legislative requirements Other legislative requirements cover the general safety of a product, which requires a vehicle manufacturer to design their vehicles to be safe to use throughout their service life, while new requirements for vehicle type approval coming in July 2022 for new type approvals and from July 2024 for all vehicles already type approved, will introduce ‘approval of vehicles with regards to cyber security and cyber security management system.’ This addresses the definition in the Regulation for cyber security which ‘means the condition in which road vehicles and their functions are protected from cyber threats to electrical or electronic components.’ Just think about that for a moment. The vehicle manufacturers have designed vehicles which include a wide range of electronically controlled components and can connect to the vehicle remotely. They now have to ensure that this vehicle remains safe to use and cannot be compromised (i.e. attacked) by a cybersecurity hacker. The Cybersecurity Regulation (UNECE R155) requires a vehicle manufacturer to design their cybersecurity management system to address not only the design of the vehicle and its systems/components, but also to show how any threat or attack will be mitigated. The general approach is therefore to block any access to the vehicle, its data, functions and replacement electronic parts, unless authorised by the vehicle manufacturer. This also includes software updates, either in the workshop or over the air using the remote connection to the vehicle (UNECE R156). This cybersecurity activity has already started with OBD connector security gateways, with the associated security certificates, but is going to get a whole lot more challenging. Furthermore, the vehicle manufacturers are now becoming much more active in providing aftermarket services, such as bespoke service and maintenance offers. These monitor the vehicle data generated by the driver when using the vehicle (i.e. driving style), as well as component function/replacement criteria and then a service quotation is sent to the vehicle, which is displayed on the dashboard. The driver then just has to confirm acceptance of the quotation, together with the location/date/time choices included in the offer with just a press of a button. Independent operators don’t get a look-in. Mobility as a service The vehicle manufacturer’s embedded diagnostics will also flag up when a fault has occurred, and again, propose a place and time for the vehicle to come to their workshop. This not only locks in the repair offer to the vehicle owner, but also reduces the cost of diagnosis and repair by up to 50%; Vitally important in not just offering a competitive repair, but also when that vehicle is part of the increasingly important mobility as a service where the cost of hiring the vehicle is influenced by its operational status and cost of service/maintenance. All this is legitimised by the introduction of the cybersecurity regulations mentioned above. So, where does this leave the aftermarket and its continuing ability to provide competitive choices to consumers and avoid the vehicle manufacturers implementing their business plans that will divert the profit from the aftermarket across to them? Quite simply, it leaves the automotive aftermarket increasingly reliant on the legislator to do two things. Firstly, accept that competition in the market has priority over cybersecurity. Secondly, implement legislation that is able to address complicated technical requirements that equally need to be able to address the rapidly changing demands of software and security functions. This is not going to happen unless the UK aftermarket works together to engage with the UK government, a situation not made any easier following Brexit and the need to create our own legislation. Fortunately, an alliance of aftermarket organisations (aftermarket associations and commercial entities) are working together as UK AFCAR (the UK Alliance for Freedom of Car Repair), to do just that, but this takes significant resource and expertise. If you are not already a member of one of the UK AFCAR aftermarket association members, now is the time to become one. The good old days have gone and the time for the aftermarket to come together is now. Without the inherent support needed by UK AFCAR, then the future of the aftermarket may be secure, but only for the vehicle manufacturers. xenconsultancy.com Follow us on facebook.com/aftermarket magazine The general approach is to block any access to the vehicle, unless authorised by the vehicle manufacturer ”