49. The expert from CITA presented GRVA-12-14/Rev.1, giving an overview of the content in GRVA-12-11/Rev.1 and GRVA-12-40, regarding remote access to in-vehicle data. He recalled various models and technical solutions presented to WP.29 and GRVA to enable such access, e.g. to third parties and for sovereign use cases such as Periodic Technical Inspection or Market Surveillance. He proposed a role for GRVA in that field, i.e. to prepare the design of vehicles so as to enable data collection, transmission and guaranty authenticity (no repudiation) of the data. He called on for the establishment of an ad hoc group that would perform a full assessment, possibly using the assessment template proposed in GRVA-12-40.

50. The expert from FIA explained that he was more in favour to have this matter addressed in Brussels by the European Commission. He explained that GRVA should not negatively influence the access to in-vehicle data because of UN Regulations Nos. 155 and 156.

51. The expert from ITU explained that all models listed in the document would create an unnecessary cyber security risk. He claimed that the role of regulations was to create the conditions under which the vehicle manufacturers should make data available as per the terms of that regulation.

52. The expert from OICA felt that this topic was relevant to national or regional levels and was not sure if the United Nations had a role to play in this. He explained, even though OICA was not fundamentally against a new group, the current workload associated with GRVA activities was already high and therefore explaining the defensive position expressed.

53. The expert from AAPC echoed the positions expressed by ITU and OICA.

54. The expert from CLEPA stated that there was a value for GRVA to host this conversation.

55. The expert from the United States of America supported the position expressed by AAPC. He felt that it was premature to create a group on this matter.

56. The expert from Germany proposed to distinguish two aspects of this matter: (a) the technical aspects related to data transmission and cyber security and (b) the national and regional laws on data privacy.

57. The expert from United Kingdom of Great Britain and Northern Ireland agreed that there were challenges related to national laws, but he also supported a harmonized approach on how to share data, as data would not only benefit the vehicle owner but also the whole transport system.

58. The expert from Austria supported a discussion at GRVA on this matter.

59. The expert from CITA welcomed the comments received and stated the importance of cyber security, of national and regional laws but also the need for harmonization activities at GRVA level to avoid the situation where potential national laws would lead to different technical solutions that would impair the aim of data sharing.

60. GRVA agreed to further discuss the role of GRVA with regards to remote access to in-vehicle data at its May 2022 session and consider approaching AC.2 and WP.29 in June 2022 for further guidance regarding future proceedings concerning that matter.

58. The expert from FSD presented GRVA-11-15 (also on behalf of CITA). He recalled the existing regulatory activities on remote access to in-vehicle data within the Motor Vehicles Working Group of the European Commission and within GRVA. He described the current situation with regard to remote access to in-vehicle data and explored, in the case GRVA would be willing to deal with this item, the implications of relying on ISO 20077 (extended vehicle), which only allows data transfer via Business to Business (B2B) transactions. He highlighted that such system would not be appropriate for sovereign use cases, including Market Surveillance Activities and Periodic Technical Inspections. He advocated for a trust centre to be developed that would manage access to in-vehicle data. He based his explanation on an example (DSSAD) and highlighted the importance of the separation of duties in that context and the importance for authorities to get access to these data.

59. The expert from AAPC noted that this matter was touching on EDR/DSSAD. He raised the question: who owns the data? He suggested that access to data would be best managed at regional level. He noted that courts had the right to ask for data.

60. The expert from FIA mentioned that the CITA/FSD presentation was close to what FIA presented at previous sessions.

61. The expert from Norway thanked CITA/FSD for the informative presentation.

62. The expert from Germany asked what was the role and the place of the citizens in the model presented.

63. The expert from FSD answered that the consumers were recognized, and that consent could be managed, being a part of the trust centre role. He answered to the comment from AAPC that the model presented was referring, as an example, to DSSAD but that it was not exclusive. He explained that the trust centre would be a governance tool and that other examples could have been chosen, such as in-service monitoring. He stressed the importance of a trusted storage that is needed for courts as well as all other stakeholders, including authorities and citizens. He also recognized the value of the concept presented by FIA.

64. The expert from FIGIEFA supported the approach presented. She noted the diverging technical aspect but the converging overall goals. She stated that the discussions should continue, also at regional level with the European Commission Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs (DG GROW). Their technical expert mentioned that the technical approach would not be sufficient; both “write” and “read” access and further clarification could be discussed at the European level.

65. The experts from CLEPA and OICA promised to review the presentation in detail and to send comments.

66. GRVA invited the Chair and the secretariat to approach the Committee on the Coordination of Work (WP.29/AC.2). GRVA agreed to resume consideration of this agenda item at its next session to discuss the role of GRVA. GRVA noted that the IWG on EDR/DSSAD could perform a first review of the topic presented by CITA (related to EDR/DSSAD) at one of its next sessions, as time allows.