What is UN 155?
Road vehicles are increasingly dependent on IT systems for successful operation. This inevitably makes them targets for cyber attacks, consequently placing utmost importance on appropriate cyber security measures.
UN Regulation No. 155 is looking to address this by increasing the pressure on the automotive industry. The industry is responding positively, by allocating new resources to cybersecurity and assigning specialists to investigate.
Originally founded as the Working Party on the Construction of Vehicles, UNECE WP.29 is the world forum for the harmonisation of vehicle regulations of the United Nations Economic Commission for Europe. This will be regarded as the “UN regulations” for international vehicle construction.
How to comply with UN R155
UN Regulation R155 includes the section UNECE WP.29 GRVA that specifies specific requirements for cybersecurity and for the Cybersecurity Management System (CSMS). Although UN R155 is already very comprehensive, the international standard ISO/SAE 21434 also needs to be taken into consideration.
Let’s begin by looking at the relationship between the ISO/SAE 21434 standard and the UN R155, formally defined as a regulation.
For those unfamiliar with the terms, Standards (such as ISO/SAE 21434) are usually reference points designed by the industry itself under the control of an authority such as the ISO (the International Organization for Standardization). Regulations, in contrast, are legally binding directives issued by an official body, such as a government.
The importance of being compliant to UN R155
In the case of the automotive industry and the UNECE Regulation No 155, these are binding requirements that must be complied with to obtain type approval and therefore market access. A lack of compliance with the regulation can consequently lead to a sales ban in the corresponding area of application (in the case of UN R155, over 60 countries are already adopting the regulation).
UN R155 requires the setup and implementation of a management system that focuses on cybersecurity within the vehicle, which can also be audited.Contact us for your tailored solution
The UN Regulation No. 155 came into force at the beginning of 2021, and two dates are binding:
- from July 2022, the requirements within the UNECE member countries (from the 1958 Agreement) now apply to all new vehicle types for type approval;
- and from July 2024 they will apply to all vehicles.
Neither the USA nor China are signatories to UN R155 but due the nature of the global market, it is expected that UN R155 will become the de facto global standard.
Resillion’s supporting services
Our automotive and cyber security experts can advise you on approaching vehicular cyber security.
Need help with a Cyber Security Management System? Or support, based on ISO 21434, with: process (training, considering risks), technical level (training following the implementation), and development (identifying risks + awareness training during development phase).