A 2024 independent survey12024 independent survey found that 51% of independent repair shops send up to five cars per month to dealerships solely because of data access restrictions - and 63% reported experiencing a restriction on repair data on a daily or weekly basis. Those figures capture precisely the competitive imbalance California's latest regulatory push aims to correct.
California regulators have unveiled a proposed rule set that would standardize independent repair shop access to vehicle diagnostics data, telematics information, and software update logs - moving the state closer to a vehicle-specific right-to-repair framework at a moment when over-the-air (OTA) software updates are rapidly reshaping who can service a modern car.
The Proposal: Open Diagnostics Under Defined Security Constraints
The California proposal would require automakers to provide open, standardized access to diagnostic trouble codes (DTCs), telematics data streams, and OTA update logs to independent repair facilities, subject to defined security protocols. Two converging pressures drive the measure: long-standing complaints from independent operators about anti-competitive data access practices by OEM dealership networks, and the accelerating rollout of OTA update systems that increasingly route vehicle health information through proprietary cloud infrastructure.
Under the proposed framework, manufacturers that fail to participate in standardized data-sharing protocols could face financial penalties and restrictions on access to certain repairable vehicle segments - a consequential lever given California's scale as the largest automotive market in the United States.
The proposal also mandates enhanced transparency around how vehicle data is collected, stored, and monetized, introducing data-security obligations for third-party service providers receiving that information.
OTA Updates: The New Frontier of Data Access Inequality
The rise of software-defined vehicles is widening the gap between franchise dealerships and independent shops. Over 70% of new vehicles globally now ship with OTA capabilities2Over 70% of new vehicles globally now ship with OTA capabilities, enabling remote feature upgrades, bug fixes, and cybersecurity patches without dealer visits. That capability is commercially valuable - but it is also a structural advantage that currently flows almost exclusively to OEM-authorized service networks.
When a braking or powertrain issue originates from a firmware mismatch rather than component wear, resolving it requires a secure cloud connection, authenticated credentials, and access to update logs. Independent workshops without access to proprietary software tools cannot update critical control units or clear firmware-related faults3Independent workshops without access to proprietary software tools cannot update critical control units or clear faults related to firmware, effectively routing those jobs back to dealerships regardless of customer preference.
The California proposal directly targets this dynamic. By requiring automakers to include OTA software update logs within the scope of standardized access, regulators are signaling that diagnostic parity must extend into the software layer - not just the physical OBD-II port.
Industry context: The global automotive OTA updates market was valued at USD 5.06 billion in 2024 and is projected to reach USD 21.41 billion by 20334The global automotive OTA updates market was valued at USD 5.06 billion in 2024 and is projected to reach USD 21.41 billion by 2033, growing at a CAGR of 17.9%. The stakes around who controls access to that data are only rising.
A Patchwork of State Laws - and Growing Federal Momentum
California's move comes amid a rapidly fragmenting state-level regulatory landscape creating compliance complexity for OEMs and diagnostic tool suppliers alike. The U.S. right-to-repair regulatory environment is growing increasingly complex, with state-level laws already in effect and a potential nationwide federal law still pending5The regulatory environment for right-to-repair in the U.S. is becoming increasingly complex, with state-level laws already in effect and a potential nationwide federal law still pending.
The most significant recent state-level development came in February 2025, when a Massachusetts federal judge dismissed the final remaining elements of a lawsuit brought by the Alliance for Automotive Innovation6a Massachusetts federal judge dismissed the final remaining elements of a lawsuit brought by the Alliance for Automotive Innovation to block that state's telematics access law - a measure voters approved by a roughly three-to-one margin in 20207voters had approved by a roughly three-to-one margin in 2020. The Massachusetts law requires that beginning with model year 2022 vehicles, manufacturers utilizing telematics systems must equip those vehicles with an interoperable, standardized, and open-access platform capable of securely communicating all mechanical data to owners and their designated repair providers8an inter-operable, standardized, and open-access platform capable of securely communicating all mechanical data to owners and their designated repair providers.
At the federal level, Senators Josh Hawley and Ben Ray Luján introduced the bipartisan REPAIR Act (H.R. 1566 / S. 1379)9REPAIR Act (H.R. 1566 / S. 1379) in April 2025. The bill would require OEMs to make critical repair information, tools, and parts available to independent facilities under the same terms offered to franchise dealerships - and critically, would prohibit OTA updates from rendering aftermarket parts inoperable10would prohibit OTA updates from rendering aftermarket parts inoperable. A July 2025 national poll found that more than 83% of Americans support the REPAIR Act, with backing at 84% among Republicans and 82% among Democrats12024 independent survey.
Key regulatory provisions across major U.S. jurisdictions:
| Jurisdiction | Status | OTA / Telematics Coverage | Enforcement |
|---|---|---|---|
| Massachusetts | Active (suit dismissed Feb 2025) | Yes - open-access telematics platform (MY2022+) | State AG; private action |
| California SB 244 | Active | Limited - auto-specific OTA proposal pending | Unfair competition law |
| Federal REPAIR Act | Pending (introduced 2025) | Yes - OTA must not disable aftermarket parts | FTC enforcement |
| Minnesota | Active | Partial | Private cause of action |
| Maine | Active (Jan 2025) | Yes - telematics provisions under cybersecurity review | State AG |
Data Privacy and Third-Party Security Obligations
California's proposal introduces a dimension earlier right-to-repair frameworks largely set aside: consumer data transparency and third-party security obligations. By requiring manufacturers to disclose how vehicle data is collected, stored, and monetized as part of the standardized access framework, the rule creates a compliance layer extending beyond OEMs to independent service providers receiving that data.
This has direct implications for how independent shops document, handle, and store diagnostic and telematics records. Service providers gaining access to software update logs and telematics streams under the new framework would likely need to demonstrate compliance with data handling standards - an operational overhead that smaller shops will need to plan for.
OEMs can apply cryptographic protections for telematics systems and OTA updates, provided they do not block legal access to data for independent repairers and vehicle owners5The regulatory environment for right-to-repair in the U.S. is becoming increasingly complex, with state-level laws already in effect and a potential nationwide federal law still pending - a principle California's framework would codify at the state level.
What OEMs and Suppliers Face Under Tightening Compliance
For automakers operating proprietary diagnostic stacks, the California proposal - combined with the Massachusetts ruling and federal REPAIR Act momentum - represents a significant shift in how vehicle data architectures must be designed and governed.
The shift to software-defined vehicles means diagnostics is no longer purely about hardware faults but involves intricate software troubleshooting, ADAS recalibration, and management of numerous interconnected ECUs11The shift to software-defined vehicles means that diagnostics is no longer purely about hardware faults, but involves intricate software troubleshooting, recalibration of ADAS systems, and managing numerous interconnected ECUs. The implication: compliance with open diagnostics requirements is increasingly a software architecture question, not merely a business policy one.
Industry observers have pointed to tools like SAE J2534 - the industry standard for vehicle-to-tool communication - as a template for how standardized interfaces can democratize data access without compromising security. OEMs, aftermarket groups, and other stakeholders could work toward a modernized MOU addressing cybersecurity, telematics, and fair pricing12OEMs, aftermarket groups, and other stakeholders could work toward a modernized MOU that addresses cybersecurity, telematics, and fair pricing, building on the framework established by the 2014 national memorandum of understanding.
Key compliance considerations for OEMs and diagnostic suppliers:
- Standardized interface architecture: Proprietary diagnostic stacks will need pathways for third-party tool access that do not compromise secure gateway integrity
- OTA update logging: Update histories must be accessible to independent repairers under defined protocols - not held exclusively on manufacturer cloud servers
- Data monetization transparency: Any commercial use of vehicle-generated data must be disclosed to owners and repair providers
- Tiered security frameworks: Cryptographic protections are permissible but cannot be structured to function as effective access barriers
Outlook: California as a Compliance Bellwether
California's regulatory proposals have a well-established pattern of setting de facto national standards, given the size of its auto market and the cost disincentive for manufacturers to maintain dual product and data compliance regimes. If the vehicle diagnostics access rule advances to enforcement, it is likely to accelerate the broader industry alignment the federal REPAIR Act is also driving toward.
The automotive diagnostic scan tools market was valued at USD 48.3 billion in 2024 and is projected to reach USD 69.34 billion by 203211The shift to software-defined vehicles means that diagnostics is no longer purely about hardware faults, but involves intricate software troubleshooting, recalibration of ADAS systems, and managing numerous interconnected ECUs - growth directly tied to whether independent operators can access the data layers modern vehicles generate. Open standards frameworks stand to expand that market significantly while reshaping competitive dynamics between franchise dealerships and independent service providers.
For supply chain professionals, operations managers, and procurement leads sourcing diagnostic equipment and software platforms, the regulatory trajectory points in one direction: open, standardized data access is no longer a policy aspiration but an emerging compliance requirement. Operational and procurement strategies that depend on proprietary data channel advantages will need to be revisited accordingly.
