Those requiring the right to duplicate or republish the information shall negotiate directly with the manufacturer concerned. Information for training material shall also be available, but may be presented through other media than websites.

Information on all parts of the vehicle, with which the vehicle, as identified by the vehicle identification number (VIN) and any additional criteria such as wheelbase, engine output, trim level or options, is equipped by the vehicle manufacturer and which can be replaced by spare parts offered by the vehicle manufacturer to its authorised repairers or dealers or third parties by means of reference to original equipment (OE) parts number, shall be made available in a database which is easily accessible to independent operators.

This database shall comprise the VIN, OE parts numbers, OE naming of the parts, validity attributes (valid-from and valid-to dates), fitting attributes and, where applicable, structuring characteristics.

The information on the database shall be regularly updated. The updates shall include in particular all modifications to individual vehicles after their production if this information is available to authorised dealers.

1. (a)

   data shall be exchanged ensuring confidentiality, integrity and protection against replay;

2. (b)

   the standard https//ssl-tls (RFC4346) shall be used;

3. (c)

   security certificates in accordance with ISO 20828 shall be used for mutual authentication of independent operators and manufacturers;

4. (d)

   the independent operator’s private key shall be protected by secure hardware.

The Forum on Access to Vehicle Information referred to in Article 2h shall specify the parameters for fulfilling these requirements in accordance with the state of the art. The independent operator shall be approved and authorised for this purpose on the basis of documents demonstrating that he pursues a legitimate business activity and has not been convicted of any criminal activity.

Reprogramming of control units shall be conducted in accordance with either ISO 22900-2 or SAE J2534 or TMC RP1210B using non-proprietary hardware. Ethernet, serial cable or local area network (LAN) interface and alternative media like compact disc (CD), digital versatile disc (DVD) or solid state memory device for infotainment systems (e.g. navigation systems, telephone) may also be used, but on the condition that no proprietary communication software (e.g. drivers or plug-ins) and hardware is required. For the validation of the compatibility of the manufacturer-specific application and the vehicle communication interfaces (VCI) complying to ISO 22900-2 or SAE J2534 or TMC RP1210B, the manufacturer shall offer either a validation of independently developed VCIs or the information, and loan of any special hardware, required for a VCI manufacturer to conduct such validation himself. The conditions of Article 2f(1) shall apply to fees for such validation or information and hardware.

The requirements of section 2.3 shall not apply in the case of reprogramming of speed limitation devices and recording equipment.

All emission-related DTCs shall be consistent with Annex X.

For access to any vehicle OBD and vehicle repair and maintenance information other than that relating to secure areas of the vehicle, registration requirements for use of the manufacturer’s website by an independent operator shall require only such information as is necessary to confirm how payment for the information is to be made. For information concerning access to secure areas of the vehicle, the independent operator shall present a certificate in accordance with ISO 20828 to identify himself and the organisation to which he belongs and the manufacturer shall respond with his own certificate in accordance with ISO 20828 to confirm to the independent operator that he is accessing a legitimate site of the intended manufacturer. Both parties shall keep a log of any such transactions indicating the vehicles and changes made to them under this provision.

Manufacturers shall indicate in their repair information websites the type-approval number by model.

If requested by the manufacturer, for vehicles of category M₁, M₂, N₁ and N₂ with a maximum permissible mass not exceeding 7,5 tonnes and M₃ Class I, Class II and Class A and Class B, as defined in Annex I to Directive 2001/85/EC, with a permissible mass not exceeding 7,5 tonnes, compliance with the requirements of Appendix 5 to Annex I and Annex XIV to Regulation (EC) No 692/2008 shall be considered equivalent to the compliance with this Annex.

The approval authority shall inform the Commission of the circumstances of each type-approval granted under Section 2.8.