UNECE/R155 cybersecurity regulation

What is the UNECE/R155 cybersecurity regulation? We explain this new mandatory regulation for all vehicles approved in the European Union from July 2022.

The cybersecurity regulation, approved in July 2020, is UNECE/R155 ,United Nations Regulation on uniform provisions regarding the approval of motor vehicles with regard to cybersecurity and the system cybersecurity management.

For some time now, in a few months, the new vehicle cybersecurity regulation UNECE/R155 has become more important.

That is, through this cybersecurity regulation, the necessary uniform measures are taken to create a cybersecurity management system in vehicles. Or what is the same, a system that treats the risk that cyber threats pose to vehicles and that protects them against potential attacks.

Among other things, this new regulation provides a framework for the automotive sector to develop the necessary processes to address the following issues:

Identify and manage cybersecurity risks in vehicle design.

Verify the risks are managed, including testing.

Ensure that risk assessments are kept up to date.

Monitor cyber attacks and respond effectively to them. Analyze successful or attempted attacks.

Assess whether cybersecurity measures continue to be effective in the face of new threats and vulnerabilities.

The UNECE/R155 vehicle cybersecurity regulation stipulates that manufacturers must protect vehicles against 70 cybersecurity threats.

Given the importance of complying with this regulation, manufacturers will be forced to create a cybersecurity management system for their vehicles called CSMS (for its acronym in English).

In this way, the CSMS must protect vehicles against 70 specific cybersecurity threats that the ONU details in the regulation mentioned in this article

These vulnerabilities are divided into 7 sections that are related to the vehicle’s computer system servers, their communication channels in terms of connectivity, their own connections, data and updates, those unintentional human actions and other threats that may arise from the lack of protection.

Likewise, with the entry into force of the new cybersecurity regulations, manufacturers will have the obligation to contract an external service that certifies that their vehicle is cybersecure, as well as submit sufficient documentation to me able to evaluate the operation of the CSMS.

How do I know if my vehicle is suitable or not and complies with these cybersecurity regulations?

Given the extension of this new regulation, it must be considered that a technical service or authorized entity will reject the granting of the certificate of compliance with the CSMS of the vehicle when, for example, it doesn’t comply with any of the 70 cybersecurity requirements demanded by this regulation.

In addition, this certificate will be valid for a maximum of three years from the date of issue, unless withdrawn. When the validity of the certificate is about to end, a new certificate of compliance must be requested- if there have been changes in the regulation-, or the validity of the previous one must be extended for an additional period of three years.

If the requirements are no longer met after the expiration of the certificate, the certificate will be withdrawn.

This regulation, which entered into force on January 22, 2021, has been adopted by 54 states of the 56 member states of UNECE -all except the US and Canada-, since they are the ones that have signed an agreement of reciprocal recognition of the regulations that this forum approves.

The European Union has established that all vehicles that are homologated from July 2022 must comply with it. Meanwhile, this obligation will be extended from July 1, 2024 to all new cars.

normativa de ciberseguridad NUUK mobility

The UNECE/R155 regulation applies to the following vehicles defined by categories:

Category M: cars and buses.

Category N: vans and trucks.

Category O: trailers and caravans with an electronic control unit.

Category L6 and L7: light quadricycles without a cabin if they have at least level 3 of autonomous driving.

Finally, it should be noted that those manufacturers that do not comply with this cybersecurity regulation can face two types of sanctions. One from the UNECE itself, and another from the European Union, being able to withdraw the homologation of the vehicle, which would prevent its commercialization in the different markets. In addition, the country in question must immediately notify the infraction to the rest of the states that apply the regulation.

UNECE/R155 cybersecurity regulation

The cybersecurity regulation, approved in July 2020, is UNECE/R155 ,United Nations Regulation on uniform provisions regarding the approval of motor vehicles with regard to cybersecurity and the system cybersecurity management.

The UNECE/R155 vehicle cybersecurity regulation stipulates that manufacturers must protect vehicles against 70 cybersecurity threats.

How do I know if my vehicle is suitable or not and complies with these cybersecurity regulations?

Information

Present

Search

UNECE/R155 cybersecurity regulation

The cybersecurity regulation, approved in July 2020, is UNECE/R155 ,United Nations Regulation on uniform provisions regarding the approval of motor vehicles with regard to cybersecurity and the system cybersecurity management.

The UNECE/R155 vehicle cybersecurity regulation stipulates that manufacturers must protect vehicles against 70 cybersecurity threats.

How do I know if my vehicle is suitable or not and complies with these cybersecurity regulations?

Compartir esta entrada

Information

Present

Search