UNECE Vehicle Regulation
for Cyber Security & Software Updates

In the next years, many countries will incorporate the United Nations Economic Commission for Europe (UNECE) regulations R155 for cyber security and R156 for software update. The new regulations addressing the growing risk which is arising from the increasing connectivity and digitized vehicle environment. A huge challenge for the vehicle manufactures and their suppliers. CES is the partner for Continental to implement these regulations in their organization. Based on the experience, we offers regulation oriented and customer value-based consulting to all our customers.

In the automotive industry a business partner can requests from you to prove that your information security management complies with a defined level according to the requirements of the “VDA Information Security Assessment” (ISA). This proof is a complex and time consuming task especially, if several partners ask for it. The solution is TISAX.

UNECE regulation 155 (Cyber Security)

UNECE regulation 155 (Cyber Security) introduce a Cybersecurity Management System (CSMS) in  automotive on organization level.


  • Passenger vehicles
  • Busses
  • Light and heavy duty trucks
  • Quadricycles
  • Trailers

Time Schedule

UNECE regulation available March 2021, effective 2022/2024 (based on regulation (EU) 2019/2144)

Objective of regulation

  • Organizational structure and processes to minimize cybersecurity risks
  • Design of vehicle architecture and implement mitigations
  • Ensure cybersecurity throughout the entire life cycle of a vehicle


  • Setup of UNECE Cyber ​​Security Management System (CSMS)
  • Risk management across the entire company and the entire life cycle of each individual vehicle
  • Risk assessments for each type of vehicle
  • Cyber ​​security audits for every type of vehicle
  • Analysis of weak points during the entire development and production process
  • Cyber ​​security monitoring and incident response to existing vehicle types
  • Documentation of a cyber security management

UNECE regulation 156 (SW Updates)

UNECE regulation 156 (SW Updates introduce a legal framework for remote updates (over-the-air) with a Software Update Management System (SUMS).


  • Passenger vehicles
  • Busses
  • Light and heavy duty trucks
  • Quadricycles
  • Trailers
  • Interchangeable towed equipment
  • Tractory

Time Schedule

UNECE regulation available March 2021, potentially effective from  2022 onwards

Objective of regulation

  • Organizational structure and processes, incl. management of RxSWIN identification number
  • Requirements for safe execution, protection of RxSWIN identification number and user information
  • Implementation of RxSWIN identification number in existing system regulations
  • Secure Software updates with the guarantee that the vehicle safety is not reduced

Requirements (extract)

  • Setup of Software Update Management System (SUMS)
  • Systematic control and compliance with government guidelines
  • Establish Software identification management
  • Documentation of the hardware and software versions relevant for a vehicle type
  • Identification of the software relevance for type approval including the dependencies from software updates
  • Assessment whether a software update (SU) affects type approval and security of vehicle
  • Transparent information for vehicle owner about software updates

CES Consulting on UNECE Cybersecurity and Software Regulations

  • Process evaluation and assessment of organization regarding current regulations by UNECE
  • Development of processes and roles in line with regulations by UNECE
  • Implementation of Cybersecurity and Software Regulations standards
  • Preparation for certification
  • Readiness Check UNECE Software Update Management System (SUMS)
  • Readiness Check UNECE Cyber Security Management System (CSMS)
  • Support during certification
  • Continual improvement of SUMS/CSMS regulated by UNECE standards
  • Trainings about UNECE standards

5 important questions about cyber security UNECE regulations

In the future, vehicles are permanently and seamlessly connected. However, new functions such as wireless updates to vehicle electronics are accompanied by risks, especially when it comes to data transfer between cars and their environment. Therefore, cyber security is at the heart of the development of new vehicles.

The new regulations address the risks which arise from the increasing digitalization of vehicle functions and the connection of vehicles with their environment (connectivity). The regulations’ objective is to generate a harmonized regulatory framework for vehicle development to enable international vehicle trade.

The regulations target the whole organizational structure of a vehicle manufacturer to cover the vehicle product lifecycle.

This means to ensure cyber security and software updates for the vehicle in concept, development, production, utilization and retirement stages. UNECE R155 defines a standard for cyber security handling and the UNECE R156 for software update handling.

The primary target group are the vehicle manufactures. Nearly all vehicle categories as for example passenger vehicles, busses, light- and heavy-duty trucks and trailers are covered in the regulations. The vehicle manufactures are responsible to fulfill the regulations. They can pass parts of them to their suppliers by defining relevant requirements to cover the whole supply chain.

UNECE UNR 155 regulations are available since March 2021 and will be effective in 2022/2024 depending on the development state of the vehicle.

Therefore, vehicle manufactures must prepare for that dates to assure that markets will not be lost.

The EU for example will put this regulations into effect in 2022 via the EU regulations (Regulation (EU) 2019/2144) for general safety.

  1. Process evaluation to identify the process fulfillment of the regulations
  2. To improve processes by closing process gap for handling cyber security and software updates for vehicles
  3. Preparing the organization for the required certifications and supporting during the certification procedure
  4. Tailored trainings about UNR 155 / UNR 156 regulations as well as other standards and their implementation

Direct Contact

Henning Schweder
Tel: +49 151 74 61 66 21
Email: henning.schweder@conti-engineering.com

Relevant Links

System Engineering

Systems Engineering is an interdisciplinary approach for development of highly complex vehicle systems. We turn your idea into reality.

More »

Cyber Security & OTA Solutions​

Cyber security technology safeguards systems and safety-relevant components in vehicles against hacker attacks. Together with in-house partners we are able to provide a holistic end-to-end cybersecurity solution for your system.

More »

Security & Privacy

Vehicles are connected with the world of internet of the things (IoT), which enables to use new functions within the vehicle. However, to be usable in mobility world, the vehicle systems must face several tough challenges in security and privacy.

More »