Proving cyber security - your ticket to the automotive future

As a supplier or development service provider in the automotive industry, you are working on the mobility of the future. Digital technologies for vehicles and infrastructure play a central role here. But to what extent do you already take cybersecurity requirements into account?

As of July 2022, new types of electrical/electronic architectures (EEA) installed in vehicles in the European Union (EU) shall comply with the Regulation No. 155 Cybersecurity (UN-R 155). From July 2024, they shall be fully developed in accordance with the "UN Regulation on uniform provisions concerning the approval of vehicles with regard to cybersecurity and cybersecurity management system", UN-R 155 for short, in line with the requirements for a cybersecurity management system (CSMS) specified therein. Until then, in the UNECE signatory states, a justification shall be given, provided during type testing of new vehicle types introduced after July 2022 their EEA cannot fully meet the requirements of the this UN regulation. As of July 2024, all vehicles in of category M and or N shall meet the requirements of UN-R 155 in order to gain road admission in the EU.

It is mandatory for manufacturers to comply with these regulations. Without the corresponding type tests and manufacturer's descriptions, the authorities will not grant any type approvals.

What does this mean for you as a supplier? According to the requirements of UN-R 155, the vehicle manufacturer shall ensure that the required cybersecurity level is established across all participants in an existing supply chain. Thus, suppliers face the additional challenge of providing alignment with the specific processes of the vehicle manufacturers involved.

To prove that your company and products meet cybersecurity requirements, we offer the following services:

• Audit/ certification of processes of the CSMS according to ISO SAE 21434
• Assessment/ certification of cybersecurity of products according to ISO SAE 21434

Both legislators and OEMs require evidence of the cybersecurity of your products and processes – be it the implementation of an automotive cybersecurity management system, the type approval of electrical/electronic architectures (EEA) installed in vehicles or the application of further cybersecurity standards.

Without the relevant cybersecurity certifications, your customers will not receive type approvals in the future. While Tier 1 suppliers are often closely networked with the manufacturer on this topic, it is not always possible for Tier 2 suppliers to keep track of developments in cybersecurity standards. In any case, key questions arise such as:

• What legal requirements do I need to meet with regard to cybersecurity?
• Which standards affect my company and my products?
• Which of these standards should I be sure to demonstrate compliance with?
• How does this affect my relationships with my suppliers and customers, all the way to the OEM?