Back in 2013, Massachusetts became the first state in the nation to pass a "right to repair" law that required carmakers to sell their proprietary diagnostic tools and software to third-party repair shops. During the 2020 election, the voters of that state voted, three-to-one, in favor of expanding the law to include the connected aspects of new cars.
From model year 2022, any new car sold in the state that features connected car services or telematics capabilities must have a standardized open data platform as a way of accessing those online services. Now, though, two bills seek to tweak the law in the hopes of getting OEMs to comply.
MY2022 cars have been on sale across the country for some months now. However, Massachusetts Attorney General Maura Healy has held off on enforcing the new provisions of the law due to an ongoing federal lawsuit brought by a coalition of automakers who claim that the current law is incompatible with widely accepted cybersecurity practices (a view shared by a horrified-sounding National Highway Traffic Safety Administration).
The OEMs argue that MY2022 was too short a deadline, and these two new bills aim to remedy the issue.
H. 365 would change the law such that the connected car provisions only come into effect for MY2025, which would give automakers another two years to roll out a security-compliant open platform for all their connected cars (or another two years to fight the law in court).
H.400 also swaps MY2022 for MY2025 and requires OEMs to put a notice in owners manuals that explain what the connected or telematics platform is and what data gets collected, stored, or transmitted. OEMs must also give owners the ability to access that data and approve third-party repairs.
Should the law be upheld as-is in the federal case and not amended by either of these bills, the result could be OEMs disabling connected car services for vehicles in Massachusetts. In fact, Subaru already implemented such an approach with the introduction of its MY2022 vehicles in 2021.