Cyber-Security & Software update
International
The UN Regulations 155 (Cyber-Security) and 156 (Software update) introduce new requirements for manufacturers and technical services: in addition to the initial assessment of the manufacturer and the product testing by the technical service, the demonstration of implemented and effective dedicated management systems for cyber-security and software updates is also required in order to obtain Type Approval.
Responsibilities in the approval process in accordance with UN-R155/R156
- designate the technical services
- carry out own audits of the management system and, where applicable, of the product.
- issues, suspends or withdraws the certificate required by the UN Regulations on the Cyber-Security Management System (CSMS) and the Software Update Management System (SUMS) on the basis of the audit reports and other information of the technical service.
- grant the Type Approval
- in cooperation with the Federal Office for Information Security (BSI), immediately evaluates reports on cyber security relevant occurrences and takes the necessary measures.
- organizes exchanges of experience between interested parties with a view to further developing the procedure.
- actively participates in meetings of the relevant UN- and (EU-) bodies.
- generally, performs audits of the management system (CSMS/SUMS) and the approval object.
- send test reports and relevant information from the manufacturer to the KBA.
- produces in compliance with harmonized regulations (including UN-R155 and UN-R156).
- continuously ensure that the management systems required by UN-R155 and UN-R156 are installed, effective or updated accordingly.
- monitors (according to UN-R155) its own vehicle fleet and backend infrastructure and takes measures to protect it against cyber-attacks.
afford the
- KBA and its representative the necessary entry and access to information for the duration of the validity of the CSMS/SUMS certificate and/or Type Approval granted by the KBA.
- technical service the necessary entry and access to information for a period of 3 years.
- provide the technical service and the KBA with the information, documents and records required for the evaluation.
- reports to the KBA at least once a year on the effectiveness of the required management systems.
- immediately notify the KBA of vulnerabilities or attacks that have an impact on the cyber-security of the vehicles, in accordance with UN-R155.
National
Software is becoming increasingly important in the road vehicle sector. The Software inside the vehicles needs to be updated to allow new functionalities or to correct faults. Due to many different situations in which Software-Updates in vehicles are already being carried out today, it is necessary to integrate them into the existing Type-Approval processes. Although this classification made below refers to vehicles under the Regulation (EU) 2018/858, it also applies to vehicles under the Regulations (EU) 167/2013 and 168/2013.
The following categories of Software-Updates were defined on the basis that
- harmonized law is considered;
- vehicle manufacturers only change their own Software;
- the vehicles are already registered and therefore placed into the market;
- the execution of the Software-Update is technologically neutral;
- no Hardware changes are required to the vehicle concerned in order to carry out the Software-Update;
- the documentation, testing and successful execution of the Software-Update is the responsibility of the vehicle manufacturer, which follows the principles of UN Regulation No. 156 or similar regulations and involves, where necessary, the Type-Approval Authority;
- Software-Updates can in principle be checked as part of Market Surveillance.
- at the time of the Software-Update the condition of the vehicle concerned complies to the originally granted Type-Approval.
This category is regulated by Article 14 of Regulation (EU) 2018/858.
The Type-Approval Authority shall be informed by the manufacturer of the non-compliance (e. g. incorrect sensor calibration) and of any measures taken. The manufacturer can usually carry out the Software-Update on his own responsibility to restore the conformity to the originally granted Type-Approval or the Regulation. The Type-Approval Authority accepts the measures proposed by the manufacturer or, if necessary, impose further measures.
The operating licence as well as the Type-Approval and national vehicle documents remain unaffected by the Software-Update.
This category doesn’t affect any safety-/environmental-/type-approval properties of the vehicle (e. g. seat functions of the rear seat row) and the approved condition of the vehicle is not affected by the Software-Update.
If the manufacturer’s legal check against the requirements of Article 33 of Regulation (EU) 2018/858 and § 19 StVZO (only in German) shows that the Type-Approval Authority doesn’t have to be involved, the Type-Approval Authority doesn’t necessarily need to be involved.
The operating licence as well as the Type-Approval and national vehicle documents remain unaffected by the Software-Update.
This category concerns Software-Updates to activate additional safety-/environmental-/type-approval related functions already covered by a valid System Type-Approval at the time of the first vehicle registration, but which have not been activated by the manufacturer at the time of the first vehicle registration (e. g. activation of a driver assistance function in accordance with UN Regulation No. 79).
The manufacturer verifies that the changes caused by the Software-Update doesn’t affect the vehicle or Type-Approval documents. Since the change caused by the Software-Update had already been verified with the System Type-Approval by the Type-Approval Authority, no re-examination by the Type-Approval Authority is required.
The operating licence as well as the Type-Approval and national vehicle documents remain unaffected by the Software-Update.
This category concerns Software-Updates to activate additional safety-/environmental-/type-approval related functions not yet covered by a valid System Type-Approval at the time of the first vehicle registration (e. g. new driver assistance system based on a future UN Regulation). Usually, such Software-Updates are initiated by the vehicle owner.
The change made by the Software-Update must be covered by an extension of the vehicle Type-Approval after the time of the first vehicle registration. The manufacturer obtains this extension from the Type-Approval Authority before the Software-Update is carried out.
If the manufacturer’s legal check against the requirements of § 19 StVZO (only in german) shows that there is no need to involve the Type-Approval Authority beyond the extension of the vehicle Type-Approval already carried out, the Type-Approval Authority doesn’t necessarily need to be involved. The manufacturer always has the possibility to apply to the Type-Approval Authority for a proof in accordance with § 19 Abs. 3 Nr. 1 b) StVZO (only in german).
The operating licence as well as the national vehicle documents remain unaffected by the Software-Update.
In addition to the requirements of the respective categories (see category 2 – 4 and 6) for cases e. g. the change of the maximum nominal engine power, the requirements of the Fahrzeug-Zulassungsverordnung (only in german) that are relevant for the amendment of the vehicle documents apply.
This category concerns in particular, Software-Updates after the discontinuation of production of the vehicle type for which the individual vehicle is based on (e. g. Mitigation of a vulnerability related to Cyber-Secruity). For this category, it is not possible under harmonized law to extend vehicle Type Approvals with any necessary technical checks or documentation by the Type-Approval Authority.
If the manufacturer’s legal check against the requirements of § 19 StVZO (only in German) shows that the Type-Approval Authority doesn’t have to be involved, the Type-Approval Authority doesn’t necessarily need to be involved. The manufacturer always has the possibility to have compliance with one of the options listed in § 19 Abs. 3 StVZO (e. g. ABE under § 22 StVZO (only in German)).
The operating licence as well as the national vehicle documents remain unaffected by the Software-Update.
Im Folgenden finden Sie einige Hinweise zu Fragestellungen. Diese Hinweise werden entsprechend der weiteren Erfahrungen und Entwicklungen nach Konsultationen mit den betroffenen Stellen überarbeitet.
Hinsichtlich der Anwendung der UN-Regelungen wird auch auf die „Interpretation Documents“ zu der jeweiligen UN-Regelung (UN-R155 und UN-R156) hingewiesen.
Checklist Process Verification PDF, 127KB, File does not meet accessibility standards
Checklist Test ProcedurePDF, 128KB, File does not meet accessibility standards
Checklist Test Procedure (landscape format)PDF, 162KB, File does not meet accessibility standards
Risk Analysis ChecklistPDF, 177KB, File does not meet accessibility standards