July 22, 2020
UN Regulations on Cybersecurity and Software Updates to pave the way for mass roll out of connected vehicles
The automotive sector is undergoing a profound
transformation with the digitalization of in-car systems that are necessary to
deliver vehicle automation, connectivity and shared mobility. Today, cars
contain up to 150 electronic control units and about 100 million lines of
software code – four times more than a fighter jet –, projected to rise to 300
million lines of code by 2030.
This comes with significant cybersecurity risks, as
hackers seek to access electronic systems and data, threatening vehicle safety
and consumer privacy.
Two new UN Regulations on Cybersecurity and
Software Updates will help tackle these risks by establishing clear performance
and audit requirements for car manufacturers. These are the first ever
internationally harmonized and binding norms in this area.
The two new UN Regulations, adopted by the UNECE’s
World Forum for Harmonization of Vehicle Regulations, require that measures be
implemented across 4 distinct disciplines:
- Managing vehicle cyber risks;
- Securing vehicles by design to mitigate risks along
the value chain;
- Detecting and responding to security incidents
across vehicle fleet;
- Providing safe and secure software updates and
ensuring vehicle safety is not compromised, introducing a legal basis for
so-called “Over-the-Air” (O.T.A.) updates to on-board vehicle software.
The regulations will apply to passenger cars, vans,
trucks and buses. They will enter into force in January 2021.
In the European Union, the new regulation on cyber
security will be mandatory for all new vehicle types from July 2022 and will
become mandatory for all new vehicles produced from July 2024.
widespread use of UN Regulations in the automotive sector around the world, the
broad adoption of these regulations across the world is expected.
Regulation on Cybersecurity and Cyber Security Management Systems text
is available at: http://www.unece.org/fileadmin/DAM/trans/doc/2020/wp29grva/ECE-TRANS-WP29-2020-079-Revised.pdf
The UN Regulation on Software Updates and
Software Updates Management Systems text is available at: https://undocs.org/ECE/TRANS/WP.29/2020/80