Last updated: 02 February at 4:57 PM
For decades, the independent garage has fought a quiet war for the “right to repair.”
The likes of the Independent Garage Association (IGA) have argued that with the right data, tools, and talent, an independent workshop can match any main dealer, nut for bolt and code for code.
However the increasingly digitalisation of automotive technology has seen manufacturers raise the drawbridge.
Vital security-related systems like immobilisers, key coding, and ECU updates have increasingly been locked behind fragmented passwords, expensive subscriptions, and manufacturer-specific firewalls.
At least that was the case until very recently.
What is SERMI?
SERMI goes live in the UK on 1st April.
It is the new single digital standard for accessing anti-theft security data. It replaces the need to apply for security clearance with every car manufacturer individually.
Instead of managing multiple different security credentials and vetting checks, your workshop gets one accreditation that works across all participating brands (like Ford, VAG, BMW, and Mercedes).
It is your ‘digital passport’ to perform high-level repairs like coding keys, replacing immobilisers, and updating security-related ECUs.
Beyond security-related systems
While the SERMI headlines focus on ‘anti-theft’ systems, the reality of SERMI is much broader. The definition covers security, safety, and telematics.
This means the ‘security’ umbrella may be wider than you might think. It can include ADAS calibration, airbag systems, and even basic wiring data.
Because modern vehicles are highly integrated, manufacturers often group data together.
Garage Matters has already heard reports of technicians being blocked from viewing simple wiring diagrams (e.g., for a door speaker fault) simply because that circuit passes through a security-related module or the wiring loom contains security lines.
In these cases, the manufacturer’s portal demands a SERMI login just to view the diagram, meaning even ‘general’ electrical work can trigger a security lockout.
Voluntary… for now?
It is important to note the distinction between the UK and the EU. In Europe, SERMI is mandated by law. In the UK post-Brexit, the scheme has been introduced on a voluntary basis.
While bodies like the IAAF are actively lobbying the government to mandate the scheme fully, don’t let the word “voluntary” fool you.
For many manufacturers, SERMI is becoming operationally mandatory. If a manufacturer decides to switch off their old security portals and rely solely on the SERMI digital certificate (as many are planning), your legal status won’t matter, you simply won’t get in without it.
SERMI (Security-related Vehicle Repair and Maintenance Information) represents the single most significant operational shift for UK garages in a generation, according to the IGA.
It replaces the need for multiple security vetting applications with a single, universal standard.
While you must still maintain your trade accounts with each manufacturer, many of which require VAT registration to open, SERMI provides the single digital ‘key’ that unlocks the security functions within those portals.
However, this access comes at a price: a strict new regime of audits, background checks, and operational transparency that will fundamentally change how your workshop operates.
One key to rule them all
In the past, if you needed to program a key for a Ford and flash an ECU for an Audi, you faced a bureaucratic nightmare: separate accounts, separate vetting processes, and separate fees for each manufacturer. SERMI sweeps this away.
Under the new scheme, which is managed in the UK by RMI Standards and Certification (RMISC) on a not-for-profit basis, a single accreditation grants you access to security-related data across all participating manufacturers.
This includes the ability to update software that prevents theft, re-programme immobiliser control units, and commission new keys.
This is distinct from Secure Gateway access, which is often handled by your diagnostic tool. SERMI is specifically for high-level theft-prevention work.
A new digital 'passport' to repair
You won’t get a physical ID card. The so-called ‘trust service provider’ for the UK is Digidentity. They issue a digital certificate directly to your smartphone app.
When you log into a portal like Ford Etis or Audi Erwin, the system “pings” your phone.
You approve the request using your personal PIN or biometrics.
Technicians must have a smartphone (iOS 14+ or Android 9+). “Rooted” or “jailbroken” phones are strictly banned for security reasons.
SERMI is the new gatekeeper
SERMI is not an open door. It is a filter designed to separate professional businesses from those less scrupulous, shall we say.
Before you even apply, you must navigate a strict vetting process that might catch many established garages off guard.
Most controversially, the scheme includes a hard-line stance on “legitimacy.”
To be approved, a business owner must sign a declaration that their workshop does not engage in activities that “negatively impact the emissions performance of a vehicle”.
This is a critical “red line” for the industry.
The guidance explicitly states that “deactivating or removing pollution control devices” (such as DPF or EGR deletes) or “tampering with the engine control unit, including the rated engine power,” will disqualify a business.
If your business model relies on “Stage 1” maps or “DPF removal,” you will essentially be barred from accessing the security data needed to repair modern cars.
Tuners beware
The SERMI standard is unambiguous: modifying a vehicle’s “rated engine power” is classified alongside odometer tampering as an illegitimate activity.
– The risk: If you advertise “power mapping” or “DPF removal” on your social media or website, you will likely fail the vetting process.
– The consequence: You face a stark choice. Stop your tuning work to gain SERMI access, or continue tuning and lose the ability to perform security-related repairs on modern vehicles.
What SERMI means for remote diagnostics
The other massive shift concerns the remote diagnostics market. If you rely on third-party remote coding services to program keys or code modules, the process has fundamentally changed.
Under SERMI, remote companies are classified as Remote Service Suppliers (RSS).
It means a remote technician cannot simply log in to the manufacturer’s server to fix your customer’s car using their own credentials. They effectively need your permission to enter the digital room.
This introduces a technical “double lock” mechanism known as Chain Authorisation, which fundamentally changes how remote tools connect.
To enable a remote session, the garage technician must now use their SERMI app to generate a digital token and send it to the remote provider, granting them a strict 24-hour window to access the vehicle’s security data
This creates an unbreakable dependency: if you are not SERMI approved, you cannot generate the authorisation, and if the remote service is not approved, they cannot accept it, effectively blocking unaccredited garages from outsourcing their security work.
SERMI audit trails
SERMI imposes a strict ‘chain of custody’ for every security-related job, designed to create an unbreakable audit trail for law enforcement.
Before a technician even touches the car, they must perform a rigorous identity check. The customer must be present, and the technician must verify their identity using a passport, driving licence, or ID card.
The technician must then physically verify that the VIN on the vehicle matches the V5C logbook.
If the driver is not the registered owner (e.g., it is a lease car, rental, or company fleet), you cannot proceed without written authorisation.
You need a “letter of empowerment” or specific agreement from the registered owner authorising the repair.
Five-year records
For every security job, you must keep the following for a minimum of 5 years:
– Customer ID: Details of the ID checked (e.g., passport number).
– Vehicle Check: Evidence that you verified the VIN.
– Vehicle repair order: A copy signed by the customer so the Police or RMISC can audit you at any time to trace a “stolen vehicle” job back to your workshop.
The bottom line
SERMI is the dividing line. On one side are the professional, future-proofed workshops ready for the next decade of technology. On the other are those who will slowly be locked out of the modern aftermarket.
The scheme acts as a “protective shield” for honest garages, effectively pricing out some workshops through strict insurance requirements (minimum €1m Public Liability) and criminal record checks.
While the administrative burden is high, the alternative being unable to fix modern vehicles, is far worse.
Share your thoughts on the launch of SERMI in the UK. Do you back the scheme or have any concerns? Share your comments below. And, if you still have questions about SERMI drop them below, or contact us direct and we’ll try and get answers for you.
1 comment
Finally. Some actual information about sermi. Thank you!