SERMI Information for Conformity Assessment Bodies

SERMI is the scheme for accreditation, approval and authorisation to Access Security-related Repair and Maintenance Information (RMI). This scheme ensures secure access to vehicle manufacturers’ data for independent operators, remote service suppliers, and their respective employees.

SERMI is for independent operators, remote service suppliers and their respective employees.

IO’s wishing to receive security-related RMI shall obtain an approval inspection certificate from a CAB accredited by the NAB of the Member State where the IO is established. IO employees who are to handle security-related RMI shall obtain an authorisations inspection certificate from a CAB of the Member State where the IO employee resides. To see which CAB’s have been accredited by the NAB of a Member State go to vehiclesermi.eu

Both Remote Service Suppliers and Independent Operators will need to get approval via their national Conformity Assessment Body (CAB), their employees will also need authorisation from a CAB. After notification, the Trust Centre (Digidentity) will issue certificates and security tokens which will be distributed by the CAB to the Remote Service Supplier and the Independent Operator.

As shown in regulation (EU) 2021/12: ​‘Security-related repair and maintenance information’ or ‘security-related RMI’ shall mean the information, software, functions and services required to repair and maintain the features that are included in a vehicle by the manufacturer to prevent the vehicle from being stolen or driven away and to enable the vehicle to be tracked and recovered.

As the body designated by SERMI and approved by the European Commission, Digidentity is responsible for: (A) managing the digital certificates and authorisation status of the IO employees and for providing to the CAB the necessary security tokens and digital certificates for authorised IO employees; (B) providing a vehicle manufacturer with information regarding the authorisation status of an IO employee.

The QR code included in your SERMI invitation is valid for 28 days from the date it is issued. After this period, the QR code will expire, and you will not be able to use it to activate your SERMI certificate.

If the QR code expires before activation, you will not be able to register using that code. You must request a new invitation from your Conformity Assessment Body (CAB) if this occurs.

To avoid expiration issues, we recommend that you activate your certificate immediately upon receiving the invitation from your CAB. Prompt activation helps ensure that your registration is completed within the QR code's validity period.

The certificate is valid for a period of 5 years. However, each Conformity Assessment Body (CAB) is allowed to issue the certificate up to 2 months before the official country implementation date. The extra 2 months allow each CAB to onboard users smoothly in advance of the official implementation date. For example, if the implementation date is 1st July, certificates can be issued starting from 1st May without impacting the 5-year validity period.

When a certificate is reset, a new QR code URL is generated. This QR code allows SERMI users to reactivate their certificate in case they have lost access. It enables a seamless reactivation process without requiring changes to the existing authorisation period of the certificate.

Previously, each certificate reset request by an IOE/RSSE resulted in an immediate charge. Under the new policy, each IOE/RSSE is allowed up to three free resets within their 5-year authorisation period. After the third reset, additional reset requests will incur charges, which will be invoiced to the CAB.

Yes, when an IOE/RSSE renews their SERMI certificate at the end of the 5-year period, the reset counter is also reset. This gives the IOE/RSSE three new free resets in the new authorisation period.

Every certificate now starts at zero on the reset counter, regardless of previous resets, ensuring fair and consistent application of the new policy.