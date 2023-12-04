Reading Time: 2 minutes

As automation and digitization have taken hold of the automotive industry, smart vehicles incorporated with advanced IT systems and autonomous driving features are at risk from cyberattacks. Due to this threat, the World Forum for Harmonization of Vehicle Regulations of the United Nations Economic Commission for Europe (UNECE) introduced R155 regulations. How do R155 regulations work? Who should be concerned about the impact of these changes on business and when should they? How should these changes be implemented?

R155 UNECE Regulation – a new dimension of cyber security

In 2020, the UNECE adopted two fundamental regulations aimed at establishing rules for cyber security in the automotive industry. The R155 Regulation focuses on Cyber Security and the Cyber Security Management System (CSMS), while R156 focuses on Software Update and the Software Update Management System (SUMS).

Cyber security threats are countered through these regulations, which require vehicle manufacturers to take specific security measures.

What companies are affected by the R155/R156 regulations?

The regulations apply to a broad spectrum of automotive players, including:

vehicle manufacturers (OEMs),

automotive electronics manufacturing companies,

suppliers (tier 1 and tier 2).

The UN R155 regulations must be implemented for the vehicles the companies offer to comply with basic cyber security standards. The revised regulations require OEMs to create and maintain organized and thoroughly documented cybersecurity procedures.

When should UN R155 regulations be implemented?

A new set of requirements for approving new types of vehicles went into effect in July 2022. As of July 2024, all vehicles produced must meet these guidelines.

The consequences of not implementing R155 at the organization

Failure to comply with cyber security requirements by set deadlines can lead to severe consequences. Ignoring the implementation of applicable regulations can lead to fines and even product sales suspension in some markets! It is worth noting that 64 UNECE-regulated markets are affected. On top of all that, intangible losses, such as damage to a company’s reputation or loss of customer trust in the brand, cannot be ignored.

Neglecting UN R155 regulations also entails a whole range of negative legal and economic consequences, detrimental to profitability.

For manufacturers in Poland, the deadline for implementing these rules is July 2024. While it may seem like there is still plenty of time, it is critical to consider the full extent of the lapses required for implementation and approval. These processes can be extremely time-consuming, especially when necessity is taken into account:

the implementation of cyber security procedures that cover the company’s entire operations, not just individual projects;

the obligation to ensure that all subcontractors operate in compliance with the updated regulations;

potentially limited auditor availability in the period immediately before the deadline.

R155 introduction is not only a responsibility. That way, we open up to new markets and facilitate more accessible launches of our products. Nonetheless, failure to implement the regulation may come with severe consequences, such as financial penalties and even suspension of sales, directly affecting the company’s reputation.

UNECE R155 regulations – trust proven partners

Over the past decade, Solwit has worked with many automotive companies to develop software quality processes and implement testing procedures in accordance with ISO 26262, ISO 21434, SAE J3061, and R155 standards.

We have experience in software testing, cyber security process audits and development, and the automotive industry.

Get in touch with us on solwit.com if you need help implementing the R155 standard!

