Only a few years ago, working with automotive diagnostics could often be described very simply: connect the device, select the vehicle, read the control units and perform the required service operation. With newer vehicles, this workflow may no longer be enough. From an electronic point of view, the vehicle has become an interconnected system of control units, communication buses, online services and security rules. This is where the term Security Gateway, or SGW, comes in.
SGW is a security layer that controls the access of a diagnostic device to the vehicle network. It is not just another module in the car. It is the element that decides which requests the diagnostic tool may send to the vehicle and which requests are considered sensitive. In the Volkswagen Group, a similar role is played by SFD, from the German Schutz Fahrzeug Diagnostik, meaning protection of vehicle diagnostics.
The purpose of SGW is not to make life harder for repair workshops. The reason is security. A modern vehicle contains control units that affect brakes, steering, driver assistance systems, comfort functions, the immobiliser, telematics and online services. If any unverified tool could write to these systems, the risk of incorrect interventions, unauthorised modifications and cyberattacks would increase.
This is why vehicle manufacturers increasingly separate basic data reading from operations that change the state of the vehicle. Reading fault memory, identifying control units or displaying measured values may be possible on many vehicles without unlocking. However, once a workshop needs to run an actuator test, perform a service function, coding, adaptation, basic setting or control unit programming, the system may require authorised unlocking.
Practical example
A technician works on a vehicle with an electric parking brake. The task is to activate the brake pad replacement mode. The diagnostic tool can see the control unit and read the fault memory, but the service function will not start. This does not necessarily mean a diagnostic tool fault or a vehicle fault. The vehicle may simply require the Security Gateway to be unlocked.
A similar situation may occur when resetting a service interval, running an actuator test, coding new equipment or setting up a control unit after a component replacement. From the user’s point of view, it looks like limited diagnostics. From the vehicle’s point of view, it is the protection of write operations.
What stays the same and what changes
Why workshops will encounter this more often
SGW and SFD are not limited to premium vehicles. They are gradually appearing across brands and platforms. In the Volkswagen Group, SFD is typically found on models based on MQB Evo and MEB platforms, such as the Golf 8, Octavia IV or Enyaq. In Stellantis vehicles, the Security Gateway has gradually appeared since the late 2010s in brands such as Fiat, Jeep, Dodge, RAM, Chrysler, Alfa Romeo and Maserati. Similar systems are also used by Mercedes-Benz, Hyundai, KIA and Genesis.
It is important to see SGW as a normal part of the new service reality. It is not a temporary obstacle or a fault of a specific diagnostic tool. It is a trend driven by the fact that vehicles are increasingly software-defined, connected and subject to both regulatory and cybersecurity requirements.
A good diagnostic solution today is therefore not only hardware and software. It is an ecosystem: device, updates, portal, licences, registration and technical support. This is where the difference becomes clear between a diagnostic tool that merely “reads something” and a diagnostic solution prepared for modern workshop practice.
Technical support matters
One of the practical advantages of DevCom multibrand diagnostic tools is technical support, which can be more valuable in everyday workshop operation than it may seem at first glance. With modern vehicles, it is not enough to simply own a diagnostic device. The technician needs to know whether SGW/SFD unlocking will be required for a given model, which type of access to choose, what to prepare in advance and what limitations may appear during a specific service operation.
In practice, this means that before starting the job, the workshop can simply make a phone call and verify that it is properly prepared for the service task. The technician can confirm support for a particular brand or model, check the required type of access, make sure the device is registered, the licence is active or enough tokens are available, and get advice on what to prepare in advance so that the service operation is not delayed unnecessarily.
This is especially important for vehicles protected by a Security Gateway, where differences between brands can be significant. For some manufacturers, it is enough to unlock a specific control unit. For others, the SGW must be kept unlocked by the diagnostic tool during the entire operation. In some vehicles, even common diagnostic functions may be limited without the correct procedure. Technical support helps prevent situations where the vehicle is already in the workshop, the customer is waiting, and the technician only then discovers that access, registration, tokens or the correct procedure are missing.
The result is not only faster problem solving, but mainly greater certainty for the workshop. The technician can prepare better, estimate the time and price of the job more accurately and, if complications occur, rely on support that understands diagnostics, the workshop environment and procedures.