In recent weeks, much has been said on the IGA’s (Independent Garages Association’s) announcement that SERMI will be launched in the UK. Here, Repairify breaks down all things SERMI to help repairers navigate exactly what it is and what it means.
What is SERMI?
First rolled out in Sweden in October 2023, SERMI was implemented after the European Union (EU) parliament introduced legislation (European Directive (EU) No 2018/858) requiring vehicle manufacturers (VMs) to provide unrestricted and standardised access to repair and maintenance information (RMI) to repairers and remote service suppliers (RSS). As a result, access to security-related RMI, which also includes diagnostic tools, may be subject to specific security standards and certificates. The legislation specifically defines security-related RMI as information, software, functions, and services necessary for repairing and maintaining vehicle features that prevent theft, enable vehicle tracking, and facilitate recovery.
SERMI and the UK
Now, let’s look at how the legislation has made its way to the UK and what it means for the industry. First out of the starting block was Sweden, which implemented SERMI as soon as it was put in place back in October 2023. Since then, we have seen the majority of countries in Europe follow suit, and now it is the turn of the UK. The UK represents the first country outside of the EU to adopt SERMI.
UK repairers won’t have to wait long, either; the scheme is going live on 1st April 2026. However, as the UK is no longer part of the European Union, the scheme will be voluntary for VMs to register in the UK. However, we fully expect the majority to comply, if not immediately, then in the mid-term.
What does it mean for repairers?
On the repairer side of the industry, repairers need the appropriate credentials from SERMI to access the RMI for security related information and to enable the ability to programme keys, immobilisers, and other security-related modules. From here, it is the repairer’s responsibility to ensure that the security work on the vehicle is being done for the appropriate person or organisation.
What do I have to do to register for SERMI?
To be registered for SERMI, both the repairer and their technicians need to meet certain criteria (i.e. a DBS check), and like any regulation or scheme, it is important that every business, no matter how big or small, is compliant if they want access to security-related information that is controlled under the scheme. To ensure compliance, a national body will be set up in the UK to audit the repairer regularly and ensure that all of the necessary paperwork is in order.
How do I register
To register in the UK, click here.
For information on pricing, click here.
Registration will require businesses to register details of the company before DBS checks are carried out on the key individuals undertaking the work within the workshop/bodyshop. Once registered, RMI Standards and Certification (RMISC) – the UK central auditing body –will be undertaking two audits over a five-year period.
How does it work in practice?
Technicians using manufacturer diagnostic tools must authenticate each security-related job through the SERMI app. After entering the work details and confirming security parameters, the app generates a job-specific QR code. This code serves as your authentication token – when the VM tool requests access credentials for security functions, scanning the QR code validates your authorisation and unlocks the necessary features to complete the repair.
Users working with a remote service provider (RSS) will need to enter the details on the SERMI wallet app. Following this, the QR code will be sent to the RSS, which will unlock the security section of the VM tool and enable the work to be undertaken by the RSS.
What work does it affect?
Repairers in need of access to security-related RMI data, such as VM manuals, will need to be registered with SERMI, as access to this is controlled by VMs. The same goes for users needing to programme a key or an immobiliser.
The wording of the legislation can muddy the waters slightly. Relating to security information, the exact definition of this term lends itself to include other functions, which may potentially lead to some VMs arguing that electronic control units (ECUs) are part of the security systems, and therefore sit behind SERMI. Our experience of SERMI in Europe has shown that some VM interpretations of the standard are not black and white.
Repairify is working to establish which work the legislation may impact, as it may differ for each VM.
What if I use a Remote Service Provider (RSS) for these services?
If a repairer is working with a RSS such as Repairify, then both parties will need to be registered with SERMI.
Can I use a mobile provider for these services?
In short, yes.
In order for a mobile provider to be SERMI approved, they will need to prove they are a legitimate business. Sole traders will also be able to join the scheme subject to certain criteria being met.
In order for a limited company to get approval, they can provide their Companies House registration number or relevant articles of their organisation.
Mobile providers need to demonstrate that their technicians have two years’ experience via a suitable contract of employment or technical qualification. If they don’t have this, there is an online course they can complete.
Does the site need SERMI if their mobile operator is SERMI approved?
This depends on who is doing the work that requires access to security-related information. As the access is not transferable, the technician – and their repairer – accessing the information will require approval. If it is just the mobile operator that accesses the information, then the site does not need SERMI, but if a site technician accesses the information, the site and the technician in question will require approval.
Statement from Phil Peace, Managing Director (SVP), Repairify
With our European footprint, we have seen first-hand how SERMI has been implemented across the EU. What we are already seeing is that some VMs are interpreting the scope of SERMI more broadly than others, particularly around which components are deemed security-related. In some cases, this includes ECUs and even modules such as headlamps, where functionality is linked to vehicle access or immobilisation systems.
This variation highlights a key challenge when it comes to SERMI. While the legislation is clear in principle, it allows a degree of flexibility in interpretation. As a result, manufacturers may classify certain coding and programming activities as part of the vehicle’s security process, especially where ECUs are linked to immobilisation. That means repairs which were not traditionally considered security-related may fall under SERMI in future, but this could vary by manufacturer.
Repairers should evaluate whether SERMI registration is necessary for their business. Bodyshops, in particular, may find that everyday repairs increasingly involve components classified by manufacturers as security-sensitive, making registration essential.
It is also important to be clear that SERMI does not create a legal obligation on VMs to comply in the UK. However, given that many have already implemented SERMI across Europe, there is little reason to believe they would not extend that approach here. From a practical standpoint, many diagnostic and programming tools are already centrally controlled, making UK alignment relatively straightforward.
Without doubt, SERMI offers several key benefits, including consistency, reduced uncertainty, and a genuine level playing field between authorised and independent repairers.
We would advise the industry to view SERMI as a strategic asset. It places security-sensitive repairs firmly on the agenda, ensures they are carried out by vetted professionals who meet defined standards, and helps to create a more level playing field between authorised and independent repairers.
Details of the scheme can be found by visiting https://independentgarageassociation.co.uk/trade-topics/sermi/