The rapid evolution of automotive technology has ushered in an era where over-the-air (OTA) recalls have become increasingly prevalent, shifting the paradigm from traditional physical repairs to remote software updates. This development aligns with the technological shift in automobiles, now often described as “computers on wheels.” With OTA capabilities extending to critical systems like brakes, airbags, and autonomous functions, manufacturers are finding OTA recalls to be a cost-effective and convenient alternative to traditional methods.
The Federal Motor Vehicle Safety Standards mandate recalls for noncompliance or defective vehicles, with the National Highway Traffic Safety Administration (NHTSA) overseeing enforcement. In 2024 alone, manufacturers recalled over 29 million vehicles, with OTA methodologies covering a significant fraction.
Despite these advancements, the delineation between a standard software update and an OTA recall remains crucial. Recalls carry specific legal obligations, including notifying the NHTSA and affected vehicle owners, which do not apply to non-recall updates. Sidley Austin’s Adam M. Raviv emphasizes the importance of correctly categorizing these updates due to potential legal connotations and substantial penalties for misclassification (read full article here).
Manufacturers must be vigilant and proactive, considering safety implications and regulatory compliance when issuing OTA updates. The NHTSA’s comprehensive guidance highlights that software updates affecting critical vehicle functions warrant careful consideration as potential recalls.
Additionally, the cybersecurity risks associated with OTA updates cannot be ignored. The Department of Commerce has addressed these risks in regulations related to the import and sale of connected vehicles, particularly concerning entities linked to geopolitical adversaries like China and Russia. The NHTSA’s 2020 report underscores the importance of safeguarding the OTA process against vulnerabilities.
Ultimately, to mitigate these risks and foster compliance, manufacturers may need to overhaul their safety and compliance programs, establishing robust procedures for evaluating when an OTA update transitions into recall territory. Documenting these decisions transparently, maintaining open communication with regulators, and prioritizing cybersecurity will be essential strategies as OTA recalls continue to reshape the automotive industry landscape.