A Train Company’s Hostility Toward Independent Repair
PESA, one of Poland’s largest train manufacturers, has filed a lawsuit against a group of independent engineers who reverse-engineered its onboard diagnostic systems and published a detailed guide on how to repair its trains without relying on the company’s proprietary tools. The move marks a rare escalation in the global right-to-repair movement—one where a manufacturer is not just fighting regulation, but actively targeting the individuals exposing its repair restrictions. The engineers, operating under the collective name RailFix, released open-source software that bypasses PESA’s encrypted firmware checks, allowing third-party mechanics to diagnose and fix common faults in the company’s diesel and electric trains.
What makes the case unusual is the nature of the evidence. RailFix didn’t just demonstrate that PESA’s systems were locked down—they showed how the company deliberately designed its trains to fail if non-PESA parts or tools were used. Diagnostic logs would flag unauthorized repairs, and in some cases, the train’s control unit would disable key functions like braking or acceleration until a PESA-authorized technician performed a “reset” using a proprietary dongle. This practice, known as ‘tamper detection,’ is common in consumer electronics, but its use in public transit raises serious safety and ethical questions. Trains are not smartphones. When a train breaks down, it’s not an inconvenience—it’s a disruption to thousands of commuters and a potential safety risk.
The Cost of Closed Systems
PESA argues that its diagnostic encryption is necessary to protect intellectual property and ensure safety. The company claims that unauthorized modifications could lead to malfunctions, putting passengers at risk. But RailFix’s documentation shows that their tools do not alter core control logic—they simply read error codes and allow mechanics to replace faulty components. In fact, their software includes safety warnings and failsafes more transparent than PESA’s own black-box system. Independent rail technicians across Poland and neighboring countries have used RailFix’s tools to reduce repair times from weeks to days, often at a fraction of PESA’s quoted prices.
The economic impact is hard to ignore. Municipal transit agencies, already operating on tight budgets, are forced to pay PESA’s premium for repairs or risk voiding their service agreements. In one documented case, a regional operator in eastern Poland was charged over €120,000 to replace a single sensor array that independent mechanics later identified as a €300 part. The sensor itself wasn’t defective—the system falsely reported a failure due to a software glitch. Without access to raw diagnostic data, the operator had no way to challenge the diagnosis. PESA’s lawsuit seeks to shut down RailFix’s website, remove all published code, and obtain damages for “unauthorized access” and “copyright infringement.”
Precedent in a Global Movement
This case echoes similar battles in other industries, from John Deere tractors to Apple iPhones, but with higher stakes. Trains are critical infrastructure. When a manufacturer controls not just the hardware but the very ability to diagnose and fix it, it creates a monopoly over maintenance that extends far beyond the initial sale. The European Union has been gradually advancing right-to-repair legislation, including mandates for spare parts and repair information in electronics and vehicles. But heavy machinery and public transit have lagged behind, largely due to lobbying from manufacturers who argue that complexity and safety justify closed systems.
PESA’s legal strategy hinges on framing RailFix’s work as hacking—a criminal act, not a public service. But the engineers never accessed PESA’s servers or distributed pirated software. They purchased a decommissioned train control unit, reverse-engineered its communication protocols, and developed interoperable tools. This is classic clean-room engineering, a method long accepted in software and hardware development. If PESA succeeds in criminalizing such efforts, it could set a dangerous precedent: that understanding how a product works—especially one that affects public safety—is itself a violation of corporate rights.
The broader implication is a chilling effect on innovation. Independent repair shops, open-source developers, and even academic researchers may think twice before probing industrial systems if the penalty is a lawsuit from a deep-pocketed manufacturer. Yet transparency is essential for safety. Closed systems obscure flaws. When PESA’s trains began experiencing unexplained braking delays in 2022, it took the company over a year to acknowledge a software bug. During that time, RailFix independently identified the issue and shared a workaround with several transit operators—work that PESA now claims was illegal.
What’s at stake isn’t just the right to fix a train. It’s the principle that public infrastructure should serve the public, not corporate control. PESA’s lawsuit may be about copyright and access, but the real conflict is between two visions of technology: one where knowledge is hoarded, and another where it’s shared. As cities grow more dependent on complex machinery, the ability to understand, maintain, and improve that machinery shouldn’t be a privilege reserved for manufacturers. It should be a right.