GRVA-04-22
Cybersecurity: Proposal to amend document GRVA/2019/2
Source(s)
Germany
Date
20 Sep 2019
Status
Informal GR review
Subject
Meeting(s)

Proposal from Germany to introduce additional definitions, clarify the management system certification process, enable the withdrawal (revocation) of a vehicle type approval, to require the vehicle manufacturer to maintain an Information Security Operations Centre (ISOC) to handle servicing of its vehicle fleet, and to improve the processes for identification of risks and threats and their mitigation.

Downloads
UNECE server
Related documents
Excerpts from session reports
GRVA | Session 4 | 24-27 Sep 2019

21. The expert from the United Kingdom, Co-Chair of the Task Force on Cyber Security and Over-The-Air software updates (TF CS/OTA) reported on the activities of the group since June 2019. (Details are provided in GRVA-04-45.) He explained the activities of the test phase and reported that it was positive. He stated that the draft proposal (ECE/TRANS/WP.29/GRVA/2019/2 as amended) worked and provided value. He mentioned that the experience gathered during this phase would be reflected in an interpretation document and that the documents under development would be improved for consideration at the next session of GRVA.

22. The expert from IMMA introduced GRVA-04-25, proposing amendments to the scope of the draft regulation. GRVA referred the proposal to the Task Force.

23. The expert from Germany provided comments in GRVA-04-22. GRVA agreed to refer them to the Task Force.

24. The expert from the European Commission recalled that a report would have to be prepared for review at the next session of WP.29. He presented a proposal to clarify the scope of the draft UN Regulation on cyber security (GRVA-04-32). He noted that the challenges of the group were similar to those that the IWG on VMAD would face, when working on audits.

25. The expert from the USA commended the Task Force for its work. But she requested that the technical requirements be prepared (as previously agreed) in a document that could serve the 1998 Agreement as well.

26. The expert from Sweden informed that his country had now established a Cyber Security authority. GRVA welcomed the participation of Cyber Security authorities at the Task Force meetings.

27. The expert from FIGIEFA introduced GRVA-04-04 proposing amendments to the scope as well as new proposals related to access to data by authorized parties. She announced that she would support the alternative proposal concerning the scope presented in
GRVA-04-32. The expert from OICA also supported amendments to the scope but not the other amendments proposed in GRVA-04-32. The expert from EC stated the importance to remain vigilant concerning the access to data in vehicles. GRVA transmitted the amendment proposals to the task force.

28. The expert from FIA introduced GRVA-04-40 proposing to clarify the lifecycle and lifetime definitions. He suggested that the lifetime definition should also include the time after a vehicle is deregistered and until it is scrapped. GRVA did not conclude on this item and transmitted the document to the Task Force.

29. GRVA invited the Task Force to prepare the proposal for a new UN Regulation on cyber security, a draft guidance document, a draft resolution with recommendations together with draft requirements in a document that can serve the 1998 Agreement and a report on the test phase.

30. GRVA agreed to request an extension of the mandate of the Task Force for two years.

New and Upcoming
System Pages
Regulations
Working Groups
GlobalAutoRegs
© 2026 GlobalAutoRegs