Cybersecurity - Services for vehicle manufacturers

From July 2022, in the European Union (EU), new types of electrical/electronic architectures (EEA) installed in vehicles shall comply with the Regulation No. 155 Cybersecurity (UN-R 155). From July 2024, they shall be fully developed in accordance with the "UN Regulation on uniform provisions concerning the approval of vehicles with regard to cybersecurity and cybersecurity management system", UN-R 155 for short, under a cybersecurity management system (CSMS) as specified therein. Until then in the UNECE signatory states, a justification shall be given, provided during type testing of new vehicle types introduced after July 2022 their EEA cannot fully meet the requirements of this UN regulation . As of July 2024, all vehicles of category M or N shall meet the requirements of UN-R 155 in order to gain road admission in the EU.

It is mandatory for manufacturers to comply with this regulation. Without the corresponding type tests and manufacturer descriptions, the responsible authorities will no longer grant a type approval.

We support automotive companies in meeting the necessary requirements to obtain a type approval of vehicles with regard to cybersecurity. With us, you benefit from a know-how that covers the multi-layered aspects of cybersecurity in combination with classic vehicle safety aspects - up to certification according to the standards relevant for you.

In the future, a certified Cybersecurity Management System (CSMS) will be a mandatory requirement for the type approval of vehicles. For this purpose vehicle manufacturers shall prove to the approval authority or a designated technical service - that a CSMS is established in their company for the development, production and subsequent life cycle of the approved vehicle types in accordance with the requirements of UN-R 155.

In addition, the new UN-R 155 includes the requirement for type approval of the electrical/electronic architecture (EEA) installed in the vehicles. For this purpose, manufacturers shall prove that the processes specified in the CSMS are adhered to for the EEA in development, production and over their service life. Proof is based on documentation and practical tests through a sampling procedure.

We are at your disposal as auditors in the approval process with reference to cybersecurity:

1. For CSMS certification according to UN-R 155, we conduct the audit at manufacturers. On this basis, the approval authority can grant the type approval after positive examination of all further documents.
2. We carry out required inspections of EEA types (Vehicle Type) including spot checks on vehicles. Based on positive verifications, the approval authorities grant type approval with regard to cybersecurity for the type of an EEA.
3. Type tests for obtaining an EU-WVTA (European Union Whole Vehicle Type Approval) as well as system approvals, among others, based on UN regulations we offer to full extent for all relevant vehicle categories. The approval authorities grant the corresponding type approvals based on these type assessments.