information, the record supports arguments that consumers and independent repair shops would be equally capable of minimizing cybersecurity risks, as are authorized repairers.
Many OEMs have argued that manufacturers will face liability or reputational harm if independent repair shops make faulty repairs, and such a burden is an unfair consequence of lifting repair restrictions. For example, CTA stated that OEMs suffer “reputational risk and the expense of defending lawsuits that result from improperly repaired devices or use of defective aftermarket parts.”[1] Similarly, in the joint comment submitted by several organizations representing manufacturers, OEMs stated that while affiliated repair networks serve to protect brand investment, “[i]nitial press coverage of failures of consumer devices seldom, if ever, attempts to determine whether the device had been repaired by an independent service provider or refurbished with parts that did not meet OEM standards. Follow-up coverage may ultimately identify inferior third-party repairs and parts as the culprit, but this is likely to do little to overcome the initial impression made on consumers.”[2] Similarly, CompTIA stated in its comment:
If an OEM’s brand and warranty are to stand behind repair work and assume product liability, it is only reasonable that the repair facility demonstrates competency and reliability. Without the training and other quality assurance requirements of affiliated service provider networks—implemented through enforceable legal contracts that ensure compliance and accountability that protect consumers—manufacturers would not be able to stand behind their work, warranties, technical support, ongoing training, and business support.[3]
CompTIA also raised a concern that manufacturers may not be willing to design products in particular ways due to liability considerations if “insecure repair mandates” were put in place.[4] For example, CompTIA stated that “a manufacturer may be required to revisit [new, innovative, and lightweight designs, which enable recent mobile uses such as secure payment, navigation, and video conferencing] because of long-term repair or liability considerations.”[5]
In addition, AHAM noted in its comment that affiliated third party or local servicers undergo substantial product training and certification and that the certification is, in part, to uphold brand reputation.[6] AHAM also stated that a benefit of authorized repair in contrast to independent repair is that manufacturers have procedures in place to track repairs completed through their networks. This in turn helps ensure that “liability claims and determinations can be more easily assessed, especially in cases where the source of the repairs cannot be readily
32
