What is UN 155?

Road vehicles are increasingly dependent on IT systems for successful operation. This inevitably makes them targets for cyber attacks, consequently placing utmost importance on appropriate cyber security measures.

UN Regulation No. 155 is looking to address this by increasing the pressure on the automotive industry. The industry is responding positively, by allocating new resources to cybersecurity and assigning specialists to investigate.

Originally founded as the Working Party on the Construction of Vehicles, UNECE WP.29 is the world forum for the harmonisation of vehicle regulations of the United Nations Economic Commission for Europe. This will be regarded as the “UN regulations” for international vehicle construction.

How to comply with UN R155

UN Regulation R155 includes the section UNECE WP.29 GRVA that specifies specific requirements for cybersecurity and for the Cybersecurity Management System (CSMS). Although UN R155 is already very comprehensive, the international standard ISO/SAE 21434 also needs to be taken into consideration.

Let’s begin by looking at the relationship between the ISO/SAE 21434 standard and the UN R155, formally defined as a regulation.

For those unfamiliar with the terms, Standards (such as ISO/SAE 21434) are usually reference points designed by the industry itself under the control of an authority such as the ISO (the International Organization for Standardization). Regulations, in contrast, are legally binding directives issued by an official body, such as a government.

The importance of being compliant to UN R155

In the case of the automotive industry and the UNECE Regulation No 155, these are binding requirements that must be complied with to obtain type approval and therefore market access. A lack of compliance with the regulation can consequently lead to a sales ban in the corresponding area of application (in the case of UN R155, over 60 countries are already adopting the regulation).

Requirements

UN R155 requires the setup and implementation of a management system that focuses on cybersecurity within the vehicle, which can also be audited.

Contact us for your tailored solution

Timeline

The UN Regulation No. 155 came into force at the beginning of 2021, and two dates are binding:

  • from July 2022, the requirements within the UNECE member countries (from the 1958 Agreement) now apply to all new vehicle types for type approval;
  • and from July 2024 they will apply to all vehicles.

Neither the USA nor China are signatories to UN R155 but due the nature of the global market, it is expected that UN R155 will become the de facto global standard.

Resillion’s supporting services

Our automotive and cyber security experts can advise you on approaching vehicular cyber security.

Need help with a Cyber Security Management System? Or support, based on ISO 21434, with: process (training, considering risks), technical level (training following the implementation), and development (identifying risks + awareness training during development phase).

Talk to our experts

Talk to us

By continuing, you accept our Privacy Policy








    Our Accreditations and Certifications

    Crest Accreditation Resillion
    Check Penetration Testing
    RvA L690 Accreditation
    ISO 27001
    ISO 9001 Resillion
    CCV Cyber Pentest
    Cyber Essentials
    CE+assessor

    Contact Us