Compliance · Audit

Audit-ready vehicle access: who drove, what they could do, when it ended

New rules require vehicle access to be revocable and auditable. A session model produces that record automatically — and it is the same record insurers need to settle a claim.

Talk to our team

A vehicle access audit trail is a verifiable record of who was granted access to a vehicle, what they were allowed to do, and exactly when that access ended. Two regulations now make this mandatory rather than optional: California SB-1394 requires vehicle access controls to be revocable by the owner, and UNECE R155/R156 requires vehicle access systems to be auditable. A session model satisfies both by producing a signed, timestamped record every time access is granted and revoked.

What the rules require

California SB-1394

Signed in 2024 and effective in 2025, SB-1394 requires that access controls on a connected vehicle be revocable by the vehicle owner. The intent is consumer protection, particularly around stalking and abandoned access, but the engineering implication is concrete: there must be a real “off” switch, and pulling it must actually stop access. Session revocation is the technical implementation of that requirement. Ending a session withdraws every permission it contained at once.

UNECE R155 / R156

In force since July 2024 for new vehicle types, R155 (cybersecurity) and R156 (software updates) require that vehicle access and its changes be auditable. A system that grants access but cannot produce a trustworthy record of who had it and when does not meet the bar. DIMO sessions are signed, timestamped, and immutable: cryptographically signed and independently verifiable, so the record can be trusted by a party that did not generate it.

One record, two jobs: compliance and claims

The same audit trail that satisfies a regulator is the artifact an insurer needs to underwrite and to settle disputes. That is where the business case sharpens. Today the data simply is not flowing:

  • 70% of fleets don't share telematics data with insurers despite the lower loss ratios that data would justify, largely because there is no clean, consented, verifiable way to hand it over.
  • EV insurance premiums run about 49% higher than ICE, driven by battery-underwriting uncertainty that better per-vehicle data would directly reduce.

A verifiable session record closes that gap: it tells an underwriter who was driving, what telemetry was authorized, and when the session ended, in a form they can accept. The fleet gets better pricing; the insurer gets better risk signal; nobody has to trust an unverifiable export.

Settling a dispute, without the forensics

Consider a damage claim on a rental return. Without a session record, the operator reconstructs what happened by pulling booking data from one system, telematics from another, key events from a third, and charging from a fourth, then hopes the timestamps line up well enough to convince an adjuster. It is slow, and the resulting story is only as trustworthy as the operator asserting it.

With a session record, the same question is a single lookup: here is the verified driver, the window they had access, the telemetry that was in scope, and the moment access ended, all signed, so the adjuster does not have to take the operator's word for it. The dispute resolves on evidence both sides can independently verify, which is faster for the operator and lower-risk for the insurer.

Common questions

Is “signed and immutable” just marketing?

No. It is the property that makes the record useful to a third party. A log a vendor can silently edit is worth little in a dispute or an audit. A cryptographically signed record can be checked by a party who did not create it, which is exactly what UNECE R155 auditability and an insurer's evidentiary needs require.

Does this conflict with driver privacy?

The opposite. The same session that produces the audit trail also scopes what was shared and revokes it on return, so the record documents access that was already consented and bounded. Auditability and session-scoped consent are two sides of one primitive, not a trade-off.

What audit-ready access looks like in practice

For every use of a vehicle, a session produces a record containing the driver's verified identity, the data and capabilities that were in scope, the spend limit, the start and end times, and the revocation event, signed so it cannot be altered after the fact. Producing “who was driving and what telemetry” for a dispute becomes a lookup, not a forensic project across five disconnected systems.

This is the auditability half of session-scoped consent . Consent and audit are two faces of the same primitive. See how it fits the broader model in vehicle session infrastructure, and how fleets put it to work in fleet intelligence.

Related: the FTC GM/OnStar order · all compliance topics

This page is educational, not legal advice.