48. The expert from Japan, Co-Chair of the IWG on CS/OTA, presented GRVA-15-42 (status report) introducing GRVA-15-05 (amendment proposal to UN Regulation No. 155) and GRVA-15-06 (amendments to the interpretation document to UN Regulation No. 155). The expert from France supported both proposals. The expert from OICA mentioned the questionnaire regarding the handling of software updates for vehicles already registered, distributed among the group’s participants. The expert from Germany informed GRVA that his country already had defined software updates categories for already registered vehicles (see more details in para. 73 below).
49. GRVA adopted GRVA-15-05, as reproduced in Annex V to the session report, and requested the secretariat to submit it to WP.29 and AC.1 as draft supplement to UN Regulation No. 155 for consideration and vote in June 2023.
50. GRVA recalled that WP.29 extended the mandate of the IWG on CS/OTA until November 2024 and discussed the work plan for the group.
51. The expert from Canada recalled his suggestion under agenda item 3. The expert from Germany supported the idea to enlarge the scope of the group. The expert from France expressed France support for the activities of the informal working group as well as for the workshops organized by the expert from Japan and the Secretary. The expert from OICA also expressed support for the activities of the informal working group.
52. The expert from Japan, Co-Chair of the IWG, noted the decisions of GRVA to develop a work plan to update the Terms of Reference (ToR) of the group.
53. GRVA noted that Mr D. Handley would no longer be Co-Chair of the group and agreed that Mr. D. Hannah would replace him.
54. GRVA requested the IWG on CS/OTA to elaborate updated Terms of Reference, with a list of work items and a corresponding timeline (until November 2024 and possibly beyond) until the next session of GRVA and invited all delegations to prepare for this discussion.
55. The expert from Japan, organizer of the workshops on the implementation of UN Regulation No. 155 presented GRVA-15-28, listing the questions raised as well as the provided answers and comments by the participants. He proposed that the table could be turned into an official working document in the near future. The experts from France, Germany and Italy expressed support for these activities and suggested that the table could be appended to the interpretation document on UN Regulation No. 155.
56. The expert from Canada mentioned that his Country issued Canada’s Vehicle Cyber Security Assessment Tool (VCAT), a voluntary self-assessment tool developed to help vehicle manufacturers and Tier 1 and 2 suppliers assess the cyber security performance and resilience of their vehicles and vehicle components.
57. GRVA expressed its hope for the development of a UN GTR in that field and welcomed insights and experience sharing.
58. The expert from China recalled the purpose of the workshop on cyber security organized with the contracting parties to the 1958 and 1998 Agreement which provided useful information. He suggested to continue such an exchange.
59. GRVA welcomed the report (GRVA-15-27) on the outcomes of the workshops on implementation of UN Regulation No. 155, provided by the expert from Japan.
60. GRVA welcomed the continuation of workshops related to the implementation of UN Regulations Nos. 155 and 156. Given the existing document (GRVA-15-28) for the purpose of the 1958 and 1998 Agreement and the increasing global cooperation in the field of cyber security and software management, GRVA also encouraged the organization of workshops for the contracting parties of both Agreements.
61. The expert from France introduced ECE/TRANS/WP.29/GRVA/2023/5 aimed at clarifying the possibility to recognize the Cyber Security Management System Certificate of compliance delivered by other contracting parties. He mentioned the work done during the last workshop to update the initial wording of the explanation. He presented the outcome of the workshop reproduced in GRVA-15-21.
62. GRVA adopted ECE/TRANS/WP.29/GRVA/2023/5, as amended by GRVA-15-21 as well as GRVA-15-06. GRVA requested the secretariat to submit them as an amendment to the Interpretation Document for UN Regulation No. 155 to WP.29 and AC.1 for consideration and vote at their June 2023 sessions.
63. The expert from SAE International presented GRVA-15-46 and GRVA-15-18 related to a potential design restriction depending on the interpretation of Annex 5 to UN Regulation No. 155. He acknowledged the review of this matter by the IWG on CS/OTA but called on GRVA to reconsider this matter. He explained that cryptographical authentication may be a good solution to mitigate the spoofing of Global Navigation Satellite System (GNSS) signals (e.g. V2X, GNSS messages), but that this example should not be listed before this technology was broadly deployed at production level.
64. The expert from ITU explained the technical matter again and reconfirmed that the technology was not yet deployed.
65. The expert from the United Kingdom of Great Britain and Northern Ireland thought that there were some misunderstandings as UN Regulation No. 155 was not mandating any technology.
66. The expert from the United States of America recalled the points made so far: (a) the method listed was not available for use, (b) alternatives were not mentioned, and (c) other technology could reach the same level of performance.
67. The expert from the European Commission agreed to review this issue.
68. The expert from SAE International confirmed that the Regulation itself did not mandate the technology but he explained that in practice the example may become a requirement, as this already happened to a Tier 2 supplier.
69. GRVA agreed to resume consideration of this matter at its May 2023 session.
70. The expert from CEMA introduced GRVA-15-45 and updated GRVA on their activities regarding cyber security. He informed GRVA on the European situation regarding UN Regulation No. 155 and the European Union (EU) Cyber-Resilience Act (CRA) passed in 2022. He compared both legal instruments and stated that CRA put more responsibility on the supply chain than UN Regulation No. 155 and that CRA was based on self-certification.
71. The expert from Germany noted significant differences between the two acts, one being general/horizontal and the other one being vertical/for the sector. The expert from the United Kingdom of Great Britain and Northern Ireland agreed with Germany and stated that he liked to see an appropriate cyber security regulation covering agricultural vehicles. He stated that a horizontal regulation was very appropriate for domestic appliances and connected toys but not for agricultural vehicles. The expert from Denmark agreed with this statement too. He recommended to include vehicles of Category T. He suggested to exclude towed vehicles of Category S. The expert from Italy proposed to postpone that item until May 2023.
72. GRVA agreed to resume discussions in May 2023 on the inclusion of agricultural vehicles in UN Regulation No. 155. Some European parties agreed to evaluate the impact of the EU CRA on the agricultural vehicle and machinery sector until the May 2023 session.