Draft text for a new UN Regulation on the certification of cybersecurity management systems and the approval of vehicles with regarding to cybersecurity. This draft will be considered during the 6th GRVA session.

Proposal to exclude vehicles of categories R, S and T from the initial scope of the draft UN Regulations.

Proposal to require vehicle manufacturers to provide relevant cybersecurity information (cybersecurity goals, specifications, requirements) to authorised replacement-part manufacturers.

Update on the status of discussions aiming to resolve open items in the draft UN Regulation on cybersecurity following the 5th GRVA session.

Proposals to clarify the draft text.

The proposal replaces the protection of critical elements with the protection of the vehicle type in general to ensure that a critical element can be secured by security mechanisms in other elements of the vehicle type. This clarifies that secure gateways can be used to shield parts of an E/E architecture which contain critical elements. Further, the proposal introduces a transitional period for the obligation to implement the mitigation measures of Annex 5, Part B and C. During this transitional period, the manufacturer can introduce alternative appropriate mitigation measures on the basis of technical feasibility.

Proposal to clarify provisions regarding

• skills and procedures required of the Approval Authority and its Technical Service(s),
• mandatory peer review of the Approval Authority’s skills, procedures and assessment methods and pass/fail criteria,
• notification of intended type approvals and availability of documentation for inspection,
• minimizing the risk of expiry of the CSMS Certificate before issuance of a new Certificate, and
• exemptions for approvals granted before 1 July 2024.

Proposal for a new UN Regulation as approved by GRVA during its 6th session for the type approval of vehicles with regard to their cybersecurity protection.