CJEU, 8th chamber, October 5, 2023, No C-296/22
COURT OF JUSTICE OF THE EUROPEAN UNION
Judgment
PARTIES
Demandeur :
A.T.U. Auto-Teile-Unger GmbH & Co. KG, Carglass GmbH
Défendeur :
FCA Italy SpA
COMPOSITION DE LA JURIDICTION
President of the Chamber :
M. Safjan
Judge :
N. Piçarra (Rapporteur), M. Gavalec
Advocate General :
M. Campos Sánchez-Bordona
Advocate :
E. Macher, M. Sacré, P. Schmitz, M. Ruttloff, C. Steinle
THE COURT (Eighth Chamber),
1 This request for a preliminary ruling concerns the interpretation of Article 61(1) and (4) of, and Point 2.9 of Annex X to, Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC (OJ 2018 L 151, p. 1).
2 The request has been made in proceedings between, on the one hand, A.T.U. Auto-Teile-Unger GmbH & Co. KG (‘ATU’), a chain of independent repairers, and Carglass GmbH, a vehicle glazing repair and replacement company, and, on the other, FCA Italy SpA (‘FCA’), a subsidiary of the automotive group Fiat Chrysler Automobiles NV, which manufactures light passenger and commercial vehicles, concerning the making available, by Fiat Chrysler Automobiles NV, of the direct data stream of its vehicles.
Legal context
International law
3 Point 1.3 of United Nations (UN) Regulation No 155 – Uniform provisions concerning the approval of vehicles with regards to cybersecurity and cybersecurity management system [2021/387] (OJ 2021 L 82, p. 30) provides:
‘This Regulation is without prejudice to other UN Regulations, regional or national legislations governing the access by authorised parties to the vehicle, its data, functions and resources, and conditions of such access. …’
European Union law
Regulation 2018/858
4 Recitals 50 and 52 of Regulation 2018/858 state:
‘(50) Unrestricted access to vehicle repair and maintenance information, via a standardised format that can be used to retrieve the technical information, and effective competition in the market for services providing such information, are necessary to improve the functioning of the internal market, in particular as regards the free movement of goods, the freedom of establishment and the freedom to provide services. …
…
(52) In order to ensure effective competition in the market for vehicle repair and maintenance information services, and in order to clarify that the information concerned also covers information which needs to be provided to independent operators other than repairers, so as to ensure that the independent vehicle repair and maintenance market as a whole can compete with authorised dealers … it is necessary to set out the details of the information to be provided for the purposes of access to vehicle repair and maintenance information.’
5 Article 3 of that regulation is worded as follows:
‘For the purposes of this Regulation and the regulatory acts listed in Annex II, except as otherwise provided therein, the following definitions apply:
…
(2) “EU type-approval” means the procedure whereby an approval authority certifies that a type of vehicle, system, component or separate technical unit satisfies the relevant administrative provisions and technical requirements of this Regulation;
…
(40) “manufacturer” means a natural or legal person who is responsible for all aspects of the type-approval of a vehicle, system, component or separate technical unit, or the individual vehicle approval, or the authorisation process for parts and equipment, for ensuring conformity of production and for market surveillance matters regarding that vehicle, system, component, separate technical unit, part and equipment produced, irrespective of whether or not that person is directly involved in all stages of the design and construction of that vehicle, system, component or separate technical unit concerned;
…
(45) “independent operator” means a natural or legal person, other than an authorised dealer or repairer, who is directly or indirectly involved in the repair and maintenance of vehicles, and include repairers, manufacturers or distributors of repair equipment, tools or spare parts, as well as publishers of technical information, automobile clubs, roadside assistance operators, operators offering inspection and testing services, operators offering training for installers, manufacturers and repairers of equipment for alternative-fuel vehicles; …
…
(48) “vehicle repair and maintenance information” means all information, including all subsequent amendments and supplements thereto, that is required for diagnosing, servicing and inspecting a vehicle, preparing it for road worthiness testing, repairing, re-programming or re-initialising of a vehicle, or that is required for the remote diagnostic support of a vehicle or for the fitting on a vehicle of parts and equipment, and that is provided by the manufacturer to his authorised partners, dealers and repairers or is used by the manufacturer for the repair and maintenance purposes;
(49) “vehicle on-board diagnostic (OBD) information” means the information generated by a system that is on board a vehicle or that is connected to an engine, and that is capable of detecting a malfunction, and, where applicable, is capable of signalling its occurrence by means of an alert system, is capable of identifying the likely area of malfunction by means of information stored in a computer memory, and is capable of communicating that information off-board;
…’
6 Article 61 of that regulation, entitled ‘Manufacturers’ obligations to provide vehicle OBD information and vehicle repair and maintenance information’, provides:
‘1. Manufacturers shall provide to independent operators unrestricted, standardised and non-discriminatory access to vehicle OBD information, diagnostic and other equipment, tools including the complete references, and available downloads, of the applicable software and vehicle repair and maintenance information. Information shall be presented in an easily accessible manner in the form of machine-readable and electronically processable datasets. …
…
4. The details of the technical requirements for access to vehicle OBD information and vehicle repair and maintenance information, in particular technical specifications on how vehicle OBD information and vehicle repair and maintenance information are to be provided, are laid down in Annex X.
…’
7 Annex II of the regulation, entitled ‘Requirements for the purpose of EU type-approval of vehicles, systems, components or separate technical units’, includes Part I, entitled ‘Regulatory acts for EU type-approval of vehicles produced in unlimited series’. In the version in force until 6 July 2022, item 63 of that part referred to Regulation (EC) No 661/2009 of the European Parliament and of the Council of 13 July 2009 concerning type-approval requirements for the general safety of motor vehicles, their trailers and systems, components and separate technical units intended therefor (OJ 2009 L 200, p. 1). In the version resulting from Regulation (EU) 2019/2144 of the European Parliament and of the Council of 27 November 2019 on type-approval requirements for motor vehicles and their trailers, and systems, components and separate technical units intended for such vehicles, as regards their general safety and the protection of vehicle occupants and vulnerable road users, amending Regulation (EU) 2018/858 of the European Parliament and of the Council and repealing Regulations (EC) No 78/2009, (EC) No 79/2009 and (EC) No 661/2009 of the European Parliament and of the Council and Commission Regulations (EC) No 631/2009, (EU) No 406/2010, (EU) No 672/2010, (EU) No 1003/2010, (EU) No 1005/2010, (EU) No 1008/2010, (EU) No 1009/2010, (EU) No 19/2011, (EU) No 109/2011, (EU) No 458/2011, (EU) No 65/2012, (EU) No 130/2012, (EU) No 347/2012, (EU) No 351/2012, (EU) No 1230/2012 and (EU) 2015/166 (OJ 2019 L 325, p. 1), that item 63 referred to Regulation 2019/2144.
8 Annex X to Regulation 2018/858, entitled ‘Access to vehicle OBD information and vehicle repair and maintenance information’, stipulates, in Point 2.9:
‘For the purpose of vehicle OBD, diagnostics, repair and maintenance, the direct vehicle data stream shall be made available through the serial data port on the standardised data link connector …
When the vehicle is in motion, the data shall only be made available for read-only functions.’
9 That annex specifies, in Point 6.2, that ‘access to vehicle security features used by authorised dealers and repairers shall be made available to independent operators under protection of security technology’.
10 According to Point 6.4 of that annex:
‘Reprogramming of control units shall be conducted in accordance with either international standard ISO 22900-2 or SAE J2534 or TMC RP1210B using non-proprietary hardware.
For the validation of the compatibility of the manufacturer-specific application and the vehicle communication interfaces (VCI) complying to international standard ISO 22900-2 or SAE J2534 or TMC RP1210B, the manufacturer shall offer either a validation of independently developed VCIs or the information, and loan of any special hardware, required for a VCI manufacturer to conduct such validation himself.
…’
Regulation No 661/2009
11 Article 5 of Regulation No 661/2009, which is entitled ‘General requirements and tests’, provides, in paragraph 1:
‘Manufacturers shall ensure that vehicles are designed, constructed and assembled so as to minimise the risk of injury to vehicle occupants and other road users.’
Directive 2019/2144
12 Recital 27 of Regulation 2019/2144 reads:
‘Software modifications can significantly change vehicle functionalities. Harmonised rules and technical requirements for software modifications should be established in line with the type-approval procedures. Therefore, UN Regulations or other regulatory acts regarding software update processes should be applied on a mandatory basis as soon as possible after their entry into force. However, those security measures should not compromise the obligations of the vehicle manufacturer to provide access to comprehensive diagnostic information and in-vehicle data relevant to vehicle repair and maintenance.’
13 Article 4 of the regulation, entitled ‘General obligations and technical requirements’, provides, in paragraphs 4 and 5:
‘4. Manufacturers shall ensure that vehicles are designed, constructed and assembled so as to minimise the risk of injury to vehicle occupants and vulnerable road users.
5. Manufacturers shall also ensure that vehicles, systems, components and separate technical units comply with the applicable requirements listed in Annex II with effect from the dates specified in that Annex, with the detailed technical requirements and test procedures laid down in the delegated acts and with the uniform procedures and technical specifications laid down in the implementing acts adopted pursuant to this Regulation …
…’
The dispute in the main proceedings and the question referred for a preliminary ruling
14 ATU and Carglass are independent operators within the meaning of Article 3(45) of Regulation 2018/858, the activities of which include performing vehicle diagnostics.
15 FCA, as manufacturer within the meaning of Article 3(40) of the regulation, equips its vehicles with the ‘Secure Gateway’ system. In order to perform write operations, erase error codes, perform recalibrations and activate vehicle parts, independent repairers and authorised repairers must comply with the requirements stipulated by FCA, that is, to register beforehand with FCA, log in using personal connection data on a portal designated by FCA, purchase a paid subscription for use of multi-make diagnostic tools and connect them to that server via the internet.
16 Arguing that the unilateral imposition of those requirements by FCA constitutes infringement of its obligations under Article 61(1) and (4) of Regulation 2018/858, read in conjunction with Point 2.9 of Annex X to that regulation, ATU and Carglass brought an action before the Landgericht Köln (Regional Court, Cologne, Germany), the referring court, seeking an order requiring FCA to desist from making the diagnostics, repair and maintenance of vehicles in Germany subject to those requirements, other than in cases involving full reprogramming of control units.
17 The referring court takes the view that the outcome of the dispute is dependent on the interpretation of the combined provisions of Article 61(1) and (4) of, and Point 2.9 of Annex X to, Regulation 2018/858.
18 It notes, first, that the wording of Article 61(1) and the sense and purpose of the regulation support an interpretation of the obligation to provide ‘unrestricted’ access laid down in that provision as meaning that FCA is required to provide comprehensive access to the direct vehicle data stream via the OBD interface, without being able to subject access to, and use of, diagnostic tools to unilaterally imposed requirements. That court bases its reasoning on paragraph 28 of the judgment of 19 September 2019, Gesamtverband Autoteile-Handel (C‑527/18, EU:C:2019:762), for its finding that the obligation to provide ‘unrestricted’ access, provided for by the legislation in force before that regulation was adopted, related to the content of information, not to the detailed rules for the making available of that information. However, the court is uncertain whether the concept of ‘unrestricted’ access within the meaning of Article 61(1) of Regulation 2018/858 can be interpreted in the same way, given that, according to that court, that regulation introduces a relevant new legal system.
19 Should that concept be understood as covering not only the content of information but also the conditions of use of diagnostic tools, the referring court is uncertain whether the guarantee of general safety of vehicles, referred to in item 63 of Part I of Annex II to Regulation 2018/858, in the version applicable until 6 July 2022 or in the version resulting from Regulation 2019/2144, requires that concept to be interpreted restrictively.
20 In those circumstances, the Landgericht Köln (Regional Court, Cologne) decided to stay the proceedings and to refer the following question to the Court of Justice for a preliminary ruling:
‘Is Article 61(1) and (4) of Regulation 2018/858, read in conjunction with [Point] 2.9 of Annex X thereto, … also taking into account the requirements imposed on the vehicle manufacturer to guarantee the general safety of the vehicle in [item] 63 of Part [I] of Annex II to that regulation
– read in conjunction with Regulation No 661/2009 as regards vehicles type-approved prior to 6 July 2022, in particular Article 5(1) thereof, and
– read in conjunction with Regulation 2019/2144, applicable [from] 6 July 2022, and in particular Article 4(4) and (5) thereof …
to be interpreted as meaning that the vehicle manufacturer must always ensure, including when implementing relevant safety measures, that the vehicle OBD, diagnostics, repair and maintenance, including the write operations necessary for these purposes, can be carried out by independent repairers using a universal and generic diagnostic tool, without any need to meet requirements, not expressly stipulated in the regulation, for the device to have an internet connection to a server designated by the manufacturer and/or for the user to have personally registered with the vehicle manufacturer beforehand?’
The request to open the oral part of the procedure
21 By document lodged at the Registry of the Court of Justice on 19 June 2023, FCA requested to open the oral part of the procedure pursuant to Article 83 of the Rules of Procedure of the Court of Justice, relying on a document issued by the Centro Prova Autoveicoli Torino (Self-propelled Vehicle Testing Centre, Turin, Italy), a regional vehicle approval authority, and a letter from the Ministero delle Infrastrutture e dei Trasporti (Ministry of Infrastructure and Transport, Italy), by which that authority allegedly certifies compatibility of the ‘Secure Gateway’ system, with which FCA equips its vehicles, with Article 61(1) of Regulation 2018/858.
22 Under Article 83 of the Rules of Procedure, the Court may at any time, after hearing the Advocate General, order the opening or reopening of the oral part of the procedure, in particular if it considers that it lacks sufficient information or where a party has, after the close of that part of the procedure, submitted a new fact which is of such a nature as to be a decisive factor for the decision of the Court, or where the case must be decided on the basis of an argument which has not been debated.
23 In the present case, the Court, after hearing the Advocate General, considers, on the basis of the request for a preliminary ruling and the written observations, that it has all the information necessary to rule on the present reference for a preliminary ruling and that the documents relied on by FCA in its request of 19 June 2023, referred to in paragraph 21 of the present judgment, whose relevance for the main proceedings must be assessed by the referring court, do not constitute new facts which are of such a nature as to be a decisive factor for the Court’s preliminary ruling.
24 As a result, there is no need to order the reopening of the oral part of the procedure.
Consideration of the question referred
25 By its question, the referring court asks, in essence, whether Article 61(1) and (4) of Regulation 2018/858, read in conjunction with Point 2.9 of Annex X to that regulation, must be interpreted as precluding a vehicle manufacturer from making access by independent operators to vehicle repair and maintenance information and to OBD information, including write access to that information, subject to conditions other than those provided for by that regulation.
26 It should be borne in mind from the outset that, in interpreting a provision of EU law, it is necessary to consider not only its wording but also the context in which it occurs and the objectives pursued by the rules of which it is part (judgment of 9 June 2022, IMPERIAL TOBACCO BULGARIA, C‑55/21, EU:C:2022:459, paragraph 44 and the case-law cited). The origins of such a provision may also provide information relevant to its interpretation (see, to that effect, judgment of 10 December 2018, Wightman and Others, C‑621/18, EU:C:2018:999, paragraph 47 and the case-law cited).
27 Regarding the literal interpretation of the provisions at issue, Article 61(1) of Regulation 2018/858 requires vehicle manufacturers to provide independent operators with unrestricted, standardised and non-discriminatory access to OBD information within the meaning of Article 3(49) of that regulation, to diagnostic and other equipment, and to vehicle repair and maintenance information within the meaning of Article 3(48) thereof. That information must be presented in an easily accessible manner in the form of machine-readable and electronically processable datasets.
28 Article 61(4) of the regulation provides that ‘the details of the technical requirements for access to vehicle OBD information and vehicle repair and maintenance information, in particular technical specifications on how vehicle OBD information and vehicle repair and maintenance information are to be provided, are laid down in Annex X’. Point 2.9 of that annex stipulates that ‘for the purpose of vehicle OBD, diagnostics, repair and maintenance, the direct vehicle data stream shall be made available through the serial data port on the standardised data link connector …’. The second paragraph of that provision specifies that when the vehicle is in motion, the data are only to be made available for read-only functions.
29 It follows that the obligation on vehicle manufacturers to provide unrestricted, standardised and non-discriminatory access to OBD information and vehicle repair and maintenance information, provided for in Article 61(1) of Regulation 2018/858, includes the obligation to allow independent operators to process and use such information, without being subject to any conditions other than those laid down by that regulation (see, to that effect, judgment of 27 October 2022, ADPA and Gesamtverband Autoteile-Handel, C‑390/21, EU:C:2022:837, paragraph 29). Moreover, it is apparent from the second paragraph of Point 2.9 of Annex X to the regulation that, when the vehicle is not in motion, those operators must be provided broader access than read-only access to the data referred to in that provision.
30 Regarding the contextual interpretation of the provisions at issue, Points 6.2 and 6.4 of Annex X to Regulation 2018/858 define, first, the requirements relating to access to vehicle security features and, second, the requirements relating to reprogramming of control units. As noted by the European Commission in its written observations, those points identify the situations in which access to OBD information and vehicle repair and maintenance information may be made subject to certain conditions on account of their relevance with regard to safety. Apart from those situations, independent operators must therefore have a right to access that information without being subject to any conditions other than those laid down by that regulation (see, to that effect, judgment of 27 October 2022, ADPA and Gesamtverband Autoteile-Handel, C‑390/21, EU:C:2022:837, paragraph 32).
31 The interpretation in paragraph 29 of the present judgment is supported by the objective set out in recitals 50 and 52 of Regulation 2018/858, namely to allow effective competition in the market for vehicle repair and maintenance information services, so that the independent vehicle repair and maintenance market can compete with that of authorised dealers (see, to that effect, judgment of 27 October 2022, ADPA and Gesamtverband Autoteile-Handel, C‑390/21, EU:C:2022:837, paragraph 30).
32 Independent operators must thus obtain unrestricted access to the information necessary to carry out their tasks associated with their business in the supply chain of the market for vehicle repair and maintenance information. However, if access to the information set out in Article 61(1) of Regulation 2018/858 is made subject to conditions that are not laid down in that regulation, this would give rise to a risk of reducing the number of independent repairers having access to that information, with the potential effect of reducing competition on the market for vehicle repair and maintenance information services and, as a result, reducing the offer to consumers. Moreover, were manufacturers able to limit at their discretion access to the direct vehicle data stream within the meaning of Point 2.9 of Annex X to the regulation, it would be open to them to make access to that stream subject to conditions capable of making access impossible in practice.
33 The interpretation in paragraph 29 of the present judgment is also supported by the origins of Article 61(1) of Regulation 2018/858. While earlier legislation – which distinguished between access to vehicle repair and maintenance information, on the one hand, and the format in which it had to be granted, on the other – ruled out restrictions only in respect of the content of that information (see, to that effect, judgment of 19 September 2019, Gesamtverband Autoteile-Handel, C‑527/18, EU:C:2019:762, paragraph 28), Article 61(1) requires the manufacturer to not only provide unrestricted access to the information referred to in that provision but also to present that information in an ‘easily accessible’ manner.
34 It follows that the obligation imposed in Article 61(1) of Regulation 2018/858 on vehicle manufacturers to grant independent operators access to the information referred to in that provision in a form that is amenable to onward electronic processing – an obligation which was introduced only in the course of the legislative procedure relating to that regulation – goes beyond the obligation to grant read-only access (see, to that effect, judgment of 19 September 2019, Gesamtverband Autoteile-Handel, C‑527/18, EU:C:2019:762, paragraphs 26 and 34).
35 Moreover, regarding the requirements relating to cybersecurity flowing from UN Regulation No 155 and relied on by FCA, it is sufficient to note that Point 1.3 of that regulation provides that it is without prejudice to, inter alia, ‘regional or national legislations governing the access by authorised parties to the vehicle, its data, functions and resources, and conditions of such access’.
36 Regarding the reference in item 63 of Part I of Annex II to Regulation 2018/858 to Regulation 2019/2144, recital 27 of the latter regulation sets out expressly that the security measures that it lays down ‘should not compromise the obligations of the vehicle manufacturer to provide access to comprehensive diagnostic information and in-vehicle data relevant to vehicle repair and maintenance’.
37 Last, similarly to Article 5(1) of Regulation No 661/2009, to which item 63 referred until 6 July 2022, Article 4(4) of Regulation 2019/2144, to which that item refers as from that date, provides that safety issues must be dealt with when vehicles are designed, constructed and assembled, not to the detriment of other market operators such as independent operators, which would undermine the objective recalled in paragraph 31 of the present judgment.
38 It follows that conditions to which access to the information referred to in Article 61(1) of Regulation 2018/858 is subject, other than those laid down in that regulation, such as that the diagnostic tool must be connected via internet to a server designated by the manufacturer or that independent operators must register beforehand with the manufacturer, are not permitted under that regulation.
39 Having regard to the foregoing considerations, the answer to the question referred is that Article 61(1) and (4) of Regulation 2018/858, read in conjunction with Annex X to that regulation, must be interpreted as precluding a vehicle manufacturer from making access by independent operators to vehicle repair and maintenance information and to OBD information, including write access to that information, subject to conditions other than those laid down in that regulation.
Costs
40 Since these proceedings are, for the parties to the main proceedings, a step in the action pending before the national court, the decision on costs is a matter for that court. Costs incurred in submitting observations to the Court, other than the costs of those parties, are not recoverable.
On those grounds, the Court (Eighth Chamber) hereby rules:
Article 61(1) and (4) of Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC, read in conjunction with Annex X to Regulation 2018/858,
must be interpreted as precluding a vehicle manufacturer from making access by independent operators to vehicle repair and maintenance information and to on-board diagnostic information, including write access to that information, subject to conditions other than those laid down in that regulation.