When a 2023 Ram 1500 rolls into an independent repair shop with a check-engine light, the technician plugs in a professional scan tool and hits a wall. The truck’s secure gateway module demands a factory-issued security credential before it will share a single fault code. Without it, the screen stays blank. The shop can change the oil, rotate the tires, and top off the washer fluid, but anything involving the vehicle’s electronic brain requires a trip to the dealership.
That scenario is playing out in garages across the country as automakers layer new technology into vehicles at a pace that independent shops cannot match. Seven categories of features, from encrypted control units to over-the-air software updates, are quietly reshaping who gets to work on your car. Federal agencies have documented the problem. Congress has proposed legislation to address it. Yet as of June 2026, the gap between what independent technicians can access and what manufacturers permit continues to grow.
The federal paper trail
Three federal sources frame the scope of the issue. The National Highway Traffic Safety Administration published cybersecurity best-practices guidance in 2016 urging automakers to adopt secure gateways, locked engine control units, authenticated diagnostic protocols, and controlled over-the-air update channels. The document treats cybersecurity as a vehicle safety matter, and automakers have cited it ever since as justification for restricting third-party access to onboard systems. The same defenses designed to stop hackers also block independent shops from reading fault codes, calibrating replacement parts, or installing aftermarket components without manufacturer approval.
In May 2021, the Federal Trade Commission delivered a report to Congress titled “Nixing the Fix” that cataloged repair restrictions across multiple product categories, automobiles included. The FTC identified software locks, limited access to parts and diagnostic tools, and a mix of contractual and technological barriers that manufacturers impose. Its conclusion was blunt: modern product design can make independent repair difficult or impossible, and the restrictions raise serious competition and consumer-welfare concerns.
On Capitol Hill, H.R. 906, the REPAIR Act, was introduced during the 118th Congress (2023-2024) to prohibit manufacturers from blocking access to vehicle-generated data or limiting aftermarket compatibility. The bill would have required that independent repairers and vehicle owners receive the same data, tools, and software functions available to franchised dealers, subject to reasonable security safeguards. It did not advance to a floor vote, and no confirmed reintroduction has been recorded in the current session.
Seven features driving the repair divide
Drawing on the technologies and restrictions documented in those federal sources, along with widely reported industry developments, seven feature categories stand out as the primary obstacles for independent shops.
1. Secure gateways
Stellantis (formerly Fiat Chrysler) was among the first major automakers to route all diagnostic communication through an encrypted gateway module, beginning with many 2018 model-year vehicles. Other manufacturers, including Toyota and Subaru, have followed with their own versions. Without a manufacturer-issued security credential, a third-party scan tool cannot reach the systems behind the gateway. A job that once required a $200 code reader now demands access to a proprietary authentication system that may cost hundreds of dollars per year in subscription fees, assuming the automaker offers independent access at all.
2. Locked engine control units
Engine control units increasingly require cryptographic authentication before they accept recalibration or a replacement module. When an independent shop installs a new ECU, the vehicle may refuse to start until a dealer or manufacturer server validates the swap. This can strand a repaired car in the service bay while the shop waits for remote authorization it has no formal channel to request. For the customer, it means delays and an extra bill.
3. Authenticated diagnostics
Factory diagnostic software often demands login tokens tied to dealership accounts. Independent technicians who lack those credentials cannot perform module programming, emissions recalibrations, or system resets that were once routine with off-the-shelf tools. Even shops that invest in legitimate professional scan tools find that key functions remain locked without a live connection to the manufacturer’s servers.
4. Controlled over-the-air update channels
Over-the-air software updates let automakers patch bugs and add features remotely. Tesla pioneered the practice, and most major manufacturers now use OTA updates for at least some vehicle systems. The catch for independent shops: a vehicle’s operating parameters can change overnight. A technician may diagnose a problem on Monday, order parts on Tuesday, and discover by Wednesday that the manufacturer pushed an update altering the very system under repair. The shop has no visibility into the update schedule and no ability to roll back changes.
5. Software locks on replacement parts
Some manufacturers pair components, such as batteries, displays, and cameras, to a vehicle’s software identity at the factory. Swapping in an identical but unpaired part triggers warning lights or disables features entirely. Apple’s approach to iPhone parts-pairing drew widespread criticism; automakers are now applying the same logic to cars. This undermines the traditional aftermarket model, where compatible parts could be sourced from multiple suppliers and installed by any qualified technician.
6. Restricted access to repair data and tools
Even when physical parts are available, the technical service bulletins, wiring diagrams, and calibration files needed to install them correctly may sit behind paywalls or subscription portals. A small independent garage working on vehicles from a dozen different brands could face thousands of dollars in annual subscription costs just to access basic repair information. The alternative is turning away late-model vehicles, which is exactly what many shops report doing.
7. Telematics and vehicle-generated data controls
Connected vehicles stream real-time data to manufacturer servers: tire pressure, battery health, engine performance, brake wear. Independent shops that cannot tap into that data stream lose the ability to perform predictive maintenance or verify that a completed repair actually resolved the underlying issue. The manufacturer, meanwhile, can contact the owner directly with service offers based on data the owner’s own mechanic never sees. The competitive imbalance is hard to overstate.
Why cybersecurity is not the whole story
Each of these features has a legitimate safety or cybersecurity rationale. No one wants a hacker remotely disabling a vehicle’s brakes. But the FTC’s 2021 report made clear that security concerns do not fully explain the breadth of restrictions manufacturers impose. When a shop cannot replace a cracked windshield camera without a dealer’s digital blessing, the security argument starts to look like a convenient shield for a business model that funnels service revenue back to the brand.
The core tension, as both NHTSA and the FTC have documented, is that security architecture designed without parallel access pathways for owners and independent technicians produces a practical service monopoly, even if that was not the stated intent. Massachusetts voters recognized this when they approved a right-to-repair ballot measure in 2020 by a 75% margin, requiring automakers to provide access to telematics data through an open platform. Automakers challenged the law in court, and implementation has been delayed by litigation that remains unresolved. The Massachusetts experience illustrates how difficult it is to translate voter demand into actual shop-floor access.
What is still unresolved
Several important questions lack definitive answers. NHTSA’s cybersecurity guidance is nearly a decade old, and no publicly available update reflects the specific gateway implementations individual automakers have adopted since 2016. Whether one brand’s system is more restrictive than another’s is a matter of trade reporting and technician testimony rather than federal audit. Without standardized benchmarks, it is difficult to measure how much of the independent-repair gap stems from necessary security versus choices that primarily serve the manufacturer’s bottom line.
The rapid growth of electric vehicles adds another layer of uncertainty. High-voltage battery management, sensor calibration for advanced driver-assistance systems, and the software ecosystems governing them are not covered in detail by any current federal analysis available for public citation. That is a significant blind spot, given that EVs are the fastest-growing segment of the new-car market.
Manufacturer intent is a gray area as well. The FTC documented the existence of software locks and contractual restrictions but stopped short of attributing them to a deliberate strategy to exclude independent shops. Both explanations, genuine security concern and competitive advantage, may be partially true. The available evidence does not resolve the question, and absent internal communications or detailed compliance filings, regulators and consumers are left to judge intent by outcomes.
What this means for car owners and technicians
For the roughly 70% of post-warranty vehicle service that has historically been performed outside dealership networks, according to industry estimates, these seven features represent a slow-motion shift in market power. Every locked gateway, every paired part, every restricted data stream nudges the balance toward manufacturer-controlled service channels.
Vehicle owners who want to preserve their ability to choose where and how their car gets fixed should pay attention to repair-access policies before they buy. Technicians who want to stay competitive will need to budget for manufacturer subscriptions and ongoing training that did not exist five years ago. And policymakers at both the state and federal level face a decision that grows more urgent with every model year: whether the right to repair your own car, or have it repaired by the shop you trust, will survive the shift to software-defined vehicles.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
