Over-the-air updates and regulatory recalls

Automakers (including Tesla, Daimer, Ford, and GM) as well as automated-driving developers (including Waymo and Cruise) have recalled vehicles by pushing over-the-air (OTA) updates to software in those vehicles. This has produced some suggestion that these updates are not really "recalls." I disagree.

In short: While recall remains the legally correct term for how an automaker addresses a safety problem, I would distinguish between "physical recalls" and "virtual recalls." In fact, I've been making this distinction since 2012.

"Over-the-air update" and "recall" are overlapping concepts. Some over-the-air updates are recalls, and some recalls are over-the-air updates. But not every recall is an over-the-air update (even for Tesla), and not every over-the-air update is a recall.

When a manufacturer identifies a vehicle or equipment condition that either does not comply with a specific performance standard or that otherwise poses an unreasonable risk to safety, federal law requires the manufacturer to notify the US National Highway Traffic Safety Administration (NHTSA) about the danger and then undertake a recall to correct it. If an automaker is updating its vehicle software to fix a safety problem, then it is conducting a recall.

In contrast, a manufacturer is not required to undertake a recall to address an issue that is not related to safety or to further increase the safety of a system that is already reasonably safe. A manufacturer that opts to implement an improvement like this might instead issue a "technical service bulletin (TSB)" or initiate something that is often called a "customer service campaign" or "customer satisfication campaign." If an automaker is updating its vehicle software in the absence of a safety problem, then it is not conducting a recall.

In other words, federal motor vehicle safety law draws a line between safety-related defects and everything else. Where the line falls along this spectrum is frequently contested, and this question is likely to become even more contentious as the role of software and the reach of over-the-air updates both increase.

Regardless, it is incorrect to suggest that the underlying safety issue that prompts a recall is less serious merely because the fix is easier. Safety deficiencies, whether in hardware or in software, vary in their severity. (Boeing's 737 MAX debacle also showed how software fixes to hardware problems can introduce new problems.)

At the same time, the distinction between physical recalls and virtual recalls is an important one. A virtual recall generally does not inconvenience the vehicle's owner. Moreover, the completion rate will likely approach an astounding 100 percent, which is huge. It's unfortunate that a lot of recent reporting about recent virtual recalls has not made these differences clear upfront. And yes, NHTSA's rule requiring automakers to send physical letters notifying customers of recalls that have already occurred might be a tad anachronistic.

Indeed, the ability to quickly issue virtual recalls will also transform decisions that previously were made in weeks into decisions that must now be made in seconds. As I wrote in 2014, an automaker may need to quickly decide whether to disable a defective feature entirely, put it into a limp-home mode, or keep it available until a fix is ready -- and then how much to test that fix before implementing it.