Well, you can repair your car's mechanical brakes yourself now. If you disable them (accidentally or otherwise) and render the car unsafe, the results of that are your responsibility. Is there a reason why software modifications can't be handled the same way?
Well, the whole point of car inspections is that "your responsibility" is not enough. It's possible that you as the owner of a modded vehicle are perfectly fine with the risk of an accident, but the other potential participants of such an accident might not.
I think the question has a point: Modified ECUs are different from modified brakes, because the modifications could likely not be found in an inspection - in fact, according to the exemption, it would be illegal for inspectors to check the ECU. So I wonder how that problem is handled.
The simple solution for safety I think is to just include the software checksum/signature in the approval documents for a car model.
At an interval check, the inspector does the usual sampling tests (brake effect, emissions, looks for rusty brake lines etc), and then validates that all critical computers (ECU's and other systems such as computers related to brakes etc) run software that match the signature of the manufacturer, and that it is the latest version of the sowftare. After a recall such as the VW case, the inspector could fail cars that haven't upgraded to the latest version (which would be required since the original one is known to be cheating on emissions).
This is a bit harsh compared to other modifications: an owner can put on a set of extra lights or cool wheels without necessarily failing an inspection, whereas even changing a single bit of the software would immediately fail it in this case.
I can't see any way around this though, apart from separating programs into critical (brakes, ECU) /non-critical (Media, nav,...) software, where only the critical software would be checked.
It some states it is your responsibility. Inspections (for emissions or safety) are not required everywhere. This is part of the reason that generally, the owner of the car is liable for damage it causes, whatever the reason or whoever is driving.
The point of having cars inspected for safety every year or every other year is that their saftey can't be the individuals responsibility only. If you drive without brakes you are dangerous to others.
The simple ocular/mechanical inspection that is used in most places catch obvious problems like rusty brake pipes or bad brake effect. They don't test software issues like whether the stability system is disabled in fifth gear over 50mph due to a buffer overflow.
So while there are similarities between me trying to fix my brakes and me trying to hack the software (Make a change to a car component, if it passes the yearly safety tests it's OK) the software is much harder, or impossible, to test by "external" black box testing that needs to be completed in say 30 minutes by a non software expert.
I think the majority of modifications are simply adjusting the calibration or lookup tables for things like fuel maps, enabling / disabling things like key left in ignition buzzers and the like, mostly data items rather than code modifications. There may be more adventurous modifications like adding launch control to a performance cars, but that may just be enabling existing code rather than adding new code.
My cars are old (1998) Nissan Skylines, who's ECUs are pretty basic, asides from killing the engine there's not much you can do to cause more issue than a mechanical modification like adding a larger turbo, or maintenance neglect. The ABS and traction control are handled by physically separate ECUs, though I imagine things are more integrated in the main drive train ECU in modern cars.
While I haven't modified the existing or written my own firmware to load on the ECU that mostly due to lack of time, one of them came from Japan with a Piggy Back ECU installed which intercepts the inputs / outputs to override the mapping of the OEM ECU to tune for other mechanical modifications. An alternative is to buy an aftermarket ECU or build a custom one, those tend to have less integrated safety features (stability control, etc.) than the OEM ones and integrate less well with the car's other systems, I'd expect them to cause more issues overall than relatively simple modifications of the OEM firmware.
I'm sure there are extremes where people may cause problems, but this kind of thing has been happening since cars have had computers so I doubt there's any great calamity around the corner.
I think there are still issues with even otherwise "safe" modifications. The road tax for a specific car model is (or should) be set based on emissions. Just like you would be fined if you were pulled over and had left your catalytic converter at home, it could be considered illegal to modify the fuel maps of a car to a higher power one, for example (At least if it hadn't been inspected and its tax adjusted after the modification).
That's a fair point, my cars are old enough to come under the older UK road tax rules so are not taxed based on emissions, but their emissions are better than the requirements for their age.
Still it would be nice if there were inexpensive ways to check emissions for your self while tinkering.
However, I think fuel maps vs. catalyst removal are largely similar, it'll either be picked up on the next inspection or VOSA can do spot checks if they think something is up. I don't think DRM / technical measures for locking the ECU are appropriate much like I wouldn't be happy if the catalyst and exhaust system were installed such that only the manufacturer could replace them.
Perhaps one would only use a performance map when using the car on a race track, it'd be a shame to replace all the electronics just for that.
I'm also not a fan of things like geo-fenced speed limiters, and replacement components that have to be coded to the car by the dealer.
