The Safe Vehicle Access for Survivors Act establishes a federal process that lets an adult survivor request that a motor vehicle manufacturer, affiliate, or its agent terminate or disable another person’s access to connected vehicle services the survivor says the person is misusing. The bill sets deadlines, limits what providers may charge or require, and mandates confidentiality and minimal data retention for information submitted by survivors.
The measure matters because it imposes new operational obligations on vehicle manufacturers and telematics vendors (including timelines to act and notice rules), elevates survivor safety and privacy in the product lifecycle, preempts state law on the subject, and tasks the FCC—working with NHTSA—with rulemaking to fill in implementation details. That combination creates near‑term compliance work for industry and longer‑term design and security questions for vehicle systems.
At a Glance
What It Does
The bill requires covered providers to accept a survivor’s request and, within two business days, take one or more actions: disable an abuser’s connected‑service account, reset or delete the vehicle’s wireless connection/data, or provide instructions for an in‑vehicle method to cut service. It bars conditioning relief on fees, account‑holder consent, or higher rates, and prevents the abuser from obtaining service data generated after termination.
Who It Affects
Covered providers include motor vehicle manufacturers, affiliates, and third‑party vendors that offer remote telematics, mobile‑app, or cloud‑based vehicle services; adult survivors of domestic violence, trafficking, stalking, and similar offenses; account holders who share vehicle access; and federal agencies (FCC and NHTSA) charged with rulemaking.
Why It Matters
This creates a single federal standard for disabling remote access tied to survivor safety rather than criminal conviction, including confidentiality, data‑handling limits, and a statutory preemption of state laws — reshaping how automakers and telematics vendors design onboarding, access controls, and incident response.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The Safe Vehicle Access for Survivors Act lets an adult survivor request that a company that provides remote or telematics services for a vehicle cut off another person’s access when that person has committed or allegedly committed domestic violence, stalking, sex trafficking, or similar offenses. The bill defines the relevant players (survivor, abuser, covered provider, covered vehicle, and covered connected vehicle services) and explicitly says a criminal conviction is not required for the conduct to qualify.
To make a request the survivor must provide the vehicle identification number, the abuser’s name, and proof of sole ownership or documentation showing exclusive legal possession (for example, a court order), or a decree or restraining order that grants possession or limits the abuser’s use.
Once a covered provider receives a valid request, the statute requires action within two business days. The provider must do one or more of: terminate or disable the abuser’s connected‑service account; reset or delete the vehicle’s connection/data and give the survivor instructions to re‑establish services without abuser access; or, if present, explain how to use an in‑vehicle interface to cut services.
After the provider disables access, the abuser cannot obtain any service‑generated data created after termination. The law forbids conditioning relief on payment, account‑holder approval, or raising service rates.The bill builds confidentiality and data‑minimization rules into the process.
Providers must treat survivor submissions as confidential, securely dispose of the information within 90 days, and may not share it without affirmative consent except to carry out the request. Providers can keep a minimal verification record longer, but only what is proportionate to confirm the request.
There are exceptions for emergency situations and where operational or technical infeasibility prevents action; in those cases the provider must notify the survivor and explain whether the issue can be remedied and how.Operational transparency and survivor communication are required: automated confirmation emails with reference numbers, alerts when actions are taken or when more information is needed, guidance on creating a survivor‑controlled app account, and an opt‑out option if the abuser controls the survivor’s email. The bill prohibits civil liability for providers acting in compliance, preempts conflicting state laws, and requires the FCC (in consultation with NHTSA) to issue a proposed rule within 180 days and finalize implementing regulations within two years.
The Five Things You Need to Know
Covered providers must act on a survivor’s request within two business days to terminate or disable abuser access or otherwise disable connected vehicle services for the identified vehicle.
A valid request requires the vehicle’s VIN, the abuser’s name, and proof of sole ownership or documentation of exclusive possession (court order, decree, or restraining order when the survivor does not solely own the vehicle).
Providers must treat survivor submissions as confidential, securely dispose of submitted material within 90 days, and may only retain narrowly tailored verification records longer.
Providers may not condition relief on fees, require approval by the account holder, extend service terms, or increase rates as a precondition to taking action.
The FCC must publish a notice of proposed rulemaking within 180 days (in consultation with NHTSA) and complete regulations within two years; the statute also preempts state laws on this subject.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Definitions that set the scope
Section 2 defines the statutory universe: what counts as a connected vehicle service (remote data/command capability via manufacturer or affiliate), who is a covered provider, and what constitutes a covered act (VAWA offenses, trafficking, or similar state/tribal/military offenses). Importantly, it states a conviction is not required — the definitions frame eligibility for survivor requests and tilt the scheme toward safety‑first rather than criminal adjudication.
Provider obligations and timing
Section 3 is the operational core: once a qualifying request arrives, the covered provider has two business days to take one or more remedial actions (terminate an abuser account, reset/delete vehicle connections/data, or point to an in‑vehicle disconnect). It also bars fees and account‑holder approval as preconditions, blocks abuser access to data generated after termination, and imposes notice timing rules (survivor notified before any formal notice to abuser and abuser notice delayed at least three days after the survivor). These mechanics create concrete SLA‑style obligations for providers’ incident response teams.
What survivors must submit and confidentiality limits
Section 4 prescribes the minimum submission materials (VIN, abuser name, proof of ownership or exclusive possession or court orders) and requires providers to treat submissions as confidential, dispose of them within 90 days, and not share them without affirmative survivor consent except to carry out the request. It also allows providers to retain minimal, proportionate verification records beyond 90 days. The provision puts heavy emphasis on data minimization and survivor privacy while leaving verification logistics to providers.
Consumer notices and communications
Section 5 requires providers to publish user‑friendly instructions online and to deliver automated confirmation emails and follow‑up alerts describing actions taken or additional information needed. It also requires guidance for survivors to re‑establish survivor‑controlled app accounts and an opt‑out mechanism for notices if the abuser controls the survivor’s email. That shifts some operational burden onto providers to design safe communication channels and to anticipate adversarial control of survivor contact points.
Liability shield for compliant providers
Section 6 grants providers and their officers, employees, vendors, and agents immunity from liability for claims arising from actions or omissions made in compliance with the Act. The carve‑out encourages providers to comply without fear of civil exposure, but also reduces private enforcement leverage for survivors if providers fail to implement the statute correctly.
Effective date, preemption, and rulemaking
Sections 7–9 set the timeline and governance: providers must comply within 180 days of enactment (they may comply earlier); the Act preempts any state or local law on the same subject; and the FCC (with NHTSA consultation) must issue an NPRM within 180 days and finalize regulations within two years. The rulemaking list includes specific topics—notification flows, confidentiality, data removal, and account access revocation—so the statute delegates many implementation choices to federal agencies.
This bill is one of many.
Codify tracks hundreds of bills on Transportation across all five countries.
Explore Transportation in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Adult survivors of domestic violence, stalking, trafficking, and related offenses — they gain a low‑bar mechanism to sever a third party’s remote access to vehicle data and controls without needing a criminal conviction.
- Victim advocates and legal aid organizations — clearer, standardized procedures and communication templates make it easier to assist clients and to advise on what documentation will satisfy providers.
- Privacy‑minded consumers — statutory limits on data sharing, a 90‑day disposal requirement, and data‑minimization language strengthen expectations around telematics data handling and reduce long‑term exposure of sensitive location and usage data.
- Compliance and legal teams at covered providers — a single federal standard and an explicit liability shield reduce uncertainty and provide a pathway for consistent companywide policies and training.
- Manufacturers and telematics vendors who design survivorship workflows — explicit federal guidance and a required rulemaking process give them regulatory clarity and a role in shaping implementation details.
Who Bears the Cost
- Motor vehicle manufacturers, affiliates, and third‑party telematics vendors — they must build intake processes, verification workflows, automated notification systems, retention/deletion mechanics, and operational SLAs to meet the two‑day mandate and confidentiality controls.
- Account holders who co‑own vehicles — services (including safety features tied to telematics) may be disabled without the co‑owner’s consent, potentially interrupting conveniences or safety functions and creating disputes over ownership rights.
- Customer service and security teams — increased triage workload, potential surge in requests from advocates or courts, and resources to handle emergency exceptions and technical remediation.
- FCC and NHTSA — both agencies must allocate staff and policy bandwidth to an expedited rulemaking and interagency consultations to define technical standards and acceptable verification practices.
- State and local agencies that currently handle related protections — federal preemption removes their ability to adopt different or additional rules, shifting implementation and enforcement burdens to federal agencies and industry.
Key Issues
The Core Tension
The central dilemma is between enabling fast, low‑burden revocation of remote access to protect survivors immediately and preserving property, safety, and due‑process interests tied to vehicle ownership and safety‑critical telematics — a choice that forces trade‑offs among speed, reliability, and legal safeguards.
The bill solves a clear safety gap but forces difficult trade‑offs. Rapid, low‑friction disabling of remote access protects survivors but can conflict with ownership rights and with the intended safety functions of telematics (for example, crash notification, stolen‑vehicle tracking, or remote unlocking for emergencies).
The text does not specify whether disabling will block emergency services or how to preserve critical safety channels — an implementation choice that will matter in engineering and regulatory rounds.
Verification is another sticking point. The statute permits non‑conviction claims and accepts court orders or decrees as proof where available, but many survivors lack immediate court documentation.
Providers must balance quick action against risks of erroneous or fraudulent requests; the bill gives no enforcement mechanism or penalty for providers that fail to comply, and it simultaneously grants providers immunity when they do comply. That combination reduces private enforcement incentives and leaves survivors reliant on agency rulemaking and voluntary provider conduct.
Operationally, the requirement to delete or reset vehicle connections raises technical questions (how to scrub cloud‑linked accounts without bricking subscribed services, how to handle leased or fleet vehicles, and how to authenticate in‑vehicle interface actions safely). Preemption simplifies the compliance landscape by eliminating divergent state rules, but it also prevents states from experimenting with stricter protections or faster enforcement mechanisms.
The rulemaking window is relatively tight for complex interoperability and safety issues; the agencies’ choices there will determine whether the law produces timely, survivor‑friendly safeguards or uneven, burdensome implementations.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.