UNECE - GRVA - UN Regulations on Cybersecurity and Software Updates (Including their Management Systems)

On June 25, 2020, the UNECE announced the release of 2 new regulations: (1) Cybersecurity and (2) Software Updates, which, respectively, include their management system at the OEM.

(1) About the UN Regulation on Cybersecurity and Cyber Security Management Systems

The regulation applies to passenger cars, vans, trucks and buses, light four-wheeler vehicles if equipped with automated driving functionalities from level 3 onwards – this covers the new automated pods, shuttles etc.; trailers if fitted with at least one electronic control unit.

The UN Regulation provides a framework for the automotive sector to put in place the necessary processes to:

• Identify and manage cyber security risks in vehicle design
• Verify that the risks are managed, including testing
• Ensure that risk assessments are kept current
• Monitor cyber-attacks and effectively respond to them
• Support analysis of successful or attempted attacks
• Assess if cyber security measures remain effective in light of new threats and vulnerabilities

(2) About the UN Regulation on Software Updates and Software Updates Management Systems

The UN Regulation applies to vehicles permitting software updates of passenger cars, vans, trucks and buses; trailers; agricultural vehicles.

The UN Regulation provides a framework for the automotive sector to put in place the necessary processes for:

• Recording the hardware and software versions relevant to a vehicle type
• Identifying software relevant for type approval
• Verifying that the software on a component is what it should be
• Identifying interdependencies, especially with regards to software updates
• Identifying vehicle targets and verifying their compatibility with an update
• Assessing if a software update affects the type approval or legally defined parameters (including adding or removing a function)
• Assessing if an update affects safety or safe driving
• Informing vehicle owners of updates
• Documenting all the above

Both regulations are assessed by Technical Services and are part of the Whole Vehicle Type Approval regulatory framework already adopted by the EU.

See more information on the link herein included.

Entry into force: January 2021

For new vehicle types: July 2022

For all new vehicles registration: July 2024