SERMI UKTM
What Is SERMI UK? A Complete Guide for Independent Garages
Understanding SERMI
Modern vehicles are increasingly protected by advanced security systems such as immobilisers, key programming modules, and encrypted software. For independent garages, accessing these systems has become difficult without manufacturer level authorisation.
That’s where SERMI comes in.
SERMI, short for Security-related Vehicle Repair and Maintenance Information. This allows independent garages and technicians to securely obtain vehicle manufacturers’ security-related repair data without going through multiple OEM approval systems.
In the UK, the scheme is operated by RMI Standards & Certification (RMISC), and the official website is sermi.co.uk.
Why SERMI UK Matters
SERMI gives independent garages equal and secure access to vital security-related data, obvious functional system will be affected, such as:
• Key and immobiliser programming
• ECU and module replacement
• Anti-theft coding and software updates
However, consider a simple issue, such as a window fault, and the diagnostic process leads you to an issue with the body controller module. Because this component also controls the security system of the vehicle, that component will also fall under the scope of SERMI.
Without this access, independent garages risk being locked out of general day to day diagnostics procedures and repairs, losing revenue to other SERMI registered competitors or franchised dealers.
The SERMI scheme ensures:
• Access is controlled, verified, and secure
• Garages undergo audits and background checks
• Technicians (IO: Independent operators) are individually approved and traceable
• Single sign on for access to all OEMs security related RMI (Repair & Maintenance Information)
This gives both OEMs and customers confidence that sensitive vehicle data is handled responsibly.
Who Runs SERMI in the UK?
SERMI in the United Kingdom is managed by RMISC (RMI Standards & Certification), an ISO-accredited body that oversees:
• Approvals for independent operators (IOs)
• Authorisation of individual employees (IOEs)
• Audits, renewals, and compliance monitoring
Is SERMI Live in the UK Yet?
On the 2nd February 2026, the IGA announced,
The Independent Garage Association (IGA) has confirmed that the European SERMI scheme will officially go live in the UK on 1st April, marking a historic breakthrough for independent garages nationwide.
After 17 years of persistent effort, advocacy, and collaboration, this launch represents the moment when independent garages can finally access secure, security-related vehicle repair and maintenance information through the SERMI framework, unlocking opportunities that were previously difficult to reach.”
How to Apply for SERMI Authorisation in the UK
Independent garages and their employees must both be approved.
Submit an Expression of Interest – Visit sermi.co.uk and complete the online “Apply Here” form to start your application.
Gather Required Documents:
• Proof of business ownership
• Evidence of public liability insurance
• DBS (Disclosure and Barring Service) checks for authorised staff
• Proof you operate within the automotive sector (e.g. invoices, trade memberships)
• A signed self-declaration confirming lawful operations
Certification & Access
Once approved by RMISC, the IO receives a certificate, and each employee (IOE) gets an individual digital credential through an app on your phone. These are used when logging into OEM systems to access restricted RMI.
Ongoing Audits
The RMISC will conduct both scheduled and unannounced audits during the 5-year authorisation period. Misuse or data breaches can result in the revocation of your account.
What Happens If You Don’t Get SERMI Approval?
Once manufacturers begin enforcing SERMI access (some manufacturers already have a separate SERMI login), non-approved garages may lose the ability to:
• Program or replace keys and immobilisers
• Update or replace ECUs and security modules
• Carry out certain diagnostics or calibrations
As connected vehicles become the norm, these restrictions could remove an entire category of work from independent businesses.
Getting ahead of the rollout means you’ll be ready the moment OEMs go live.
Final Thoughts
SERMI represents a landmark step for the aftermarket: a single, trusted, and audited pathway for independent service providers to access vehicle security data.
While it’s still in rollout, early preparation will protect your workshop from future access restrictions and position your business as a trusted, compliant, and professional operator in the connected vehicle era.
How does SERMI affect Opus IVS as a Remote Service supplier?
For us to be able to carry out any security related Remote Service jobs on a vehicle once SERMI is live, you will need to be SERMI registered. Without your business and your technicians being registered with SERMI, we will be unable to carry out a Remote Service.
What will SERMI allow Opus IVS to do?
• Key coding
• New Engine and body controller ECU replacement
• Replacement of any security related component
Visit sermi.co.uk today to get started and secure your place in the future of automotive repair.
Abbreviation | Meaning |
|---|---|
RMI | Repair and Maintenance Information |
IO | Independent Operator (i.e. a workshop or garage not tied to a vehicle manufacturer) |
CAB | Conformity Assessment Body — the body that audits and certifies IOs / technicians under SERMI |
TC | Trust Centre — the digital certificate authority for SERMI (e.g. Digidentity is the Trust Centre) |
RSS | Remote Service Supplier — third party providing remote access to diagnostic/repair services, also requiring SERMI accreditation for security-sensitive tasks |
Frequently Asked Questions
What is SERMI in the UK?
SERMI (Security-Related Repair and Maintenance Information) is a certification scheme that allows independent garages to access manufacturer security-related vehicle information.
In the UK, SERMI provides authorised access to technical data, software functions and coding procedures that manufacturers classify as security-sensitive. This goes beyond traditional anti-theft systems and can include access to certain vehicle control modules, programming functions and protected repair information.
Is SERMI only required for key programming and immobilisers?
No. While key programming and immobiliser work are commonly associated with SERMI, the scope is much broader.
Vehicle manufacturers are not expected to publish definitive lists of which components are classified as security-related — for obvious security reasons. Depending on the manufacturer, security-related components may include:
- Engine control units (ECUs)
- Body control modules
- ABS systems
- Transmission control units
- Instrument clusters
- Door modules
- Gateway modules
- Anti-theft and alarm systems
If your garage works on modern vehicle electronics, advanced diagnostics or module replacement, SERMI may apply — even if you do not consider yourself a “key specialist.”
Is SERMI mandatory for UK garages?
SERMI is not mandatory for every garage. However, if your business needs access to manufacturer systems or repair information that is classified as security-related, certification will be required to gain access.
As more manufacturers enforce SERMI-controlled access, garages involved in complex vehicle repair should consider whether certification will become necessary for their workflow.
What types of work could require SERMI certification?
SERMI may be required where access to protected manufacturer systems is needed. This can include:
- Module replacement and coding
- ECU programming or configuration
- Security gateway access
- Advanced diagnostics requiring secure login
- Key programming and immobiliser work
- Vehicle control module updates
Importantly, the symptom presented by a vehicle fault may not appear security-related — but the component causing the fault may be classified as security-sensitive by the manufacturer.
For example, replacing a faulty instrument cluster or body control module may require secure access even if the original issue was a warning light or communication fault.
Why don’t manufacturers publish a list of security-related components?
For security reasons, manufacturers are unlikely to publish detailed lists of components that are classified as security-related.
Publicly identifying these components could expose vulnerabilities. Instead, access is controlled through secure portals and technician authentication systems — which is where SERMI certification becomes essential.
Does SERMI affect general servicing and mechanical repairs?
Routine servicing and basic mechanical repairs are unlikely to require SERMI.
However, modern vehicles are increasingly software-driven. As systems become more integrated, components such as transmission modules, ABS systems or electronic body controllers may require secure access during repair or replacement.
Garages involved in complex electrical, electronic or module-level repair should assess whether SERMI may impact their operations.
Can technicians be certified individually?
Yes. SERMI applies at both business and individual level.
Individual technicians who require access to protected systems must undergo identity verification and background checks. Access is granted to named authorised persons within an approved business.
What happens if my garage is not SERMI certified?
Without SERMI certification, access to certain manufacturer systems may be restricted.
This could prevent your garage from:
- Programming or configuring replacement modules
- Accessing secure diagnostic functions
- Completing certain electronic repairs
- Performing some advanced vehicle system updates
As vehicles become more software-controlled, this may increasingly affect complex repair work.
Should all independent garages consider SERMI?
Any garage involved in advanced diagnostics, electronic control unit replacement, module coding or complex vehicle repair should be reviewing how SERMI may affect them.
Even if your business does not currently specialise in key programming or immobiliser work, modern vehicles integrate security controls across multiple systems. The safest approach is to assess your exposure before access becomes restricted.
