Explanatory document submitted by the expert from FIGIEFA to be read in conjunction with the UN Regulation on Cybersecurity (ECE/TRANS/WP.29/GRVA/2020/2). This document describes process flow for national/regional authorities to define objective minimum compliance criteria.
25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.
26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.
27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.
28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.
29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.
30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.
31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.
32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.
33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.
34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).
35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.