Proposal to introduce an explanation clarifying the possibility for Approval Authorities to recognise Certificates of Compliance for Cyber Security Management Systems (CSMS) issued by the Approval Authority of another Contracting Party.
83. The Chair of GRVA introduced ECE/TRANS/WP.29/2023/45, a proposal for amendments to the Interpretation Document of UN Regulation No. 155, including the outcome of several workshops held among various Type Approval Authorities on how to implement the provision of UN Regulation No. 155.
84. WP.29 adopted the document ECE/TRANS/WP.29/2023/45.
48. The expert from Japan, Co-Chair of the IWG on CS/OTA, presented GRVA-15-42 (status report) introducing GRVA-15-05 (amendment proposal to UN Regulation No. 155) and GRVA-15-06 (amendments to the interpretation document to UN Regulation No. 155). The expert from France supported both proposals. The expert from OICA mentioned the questionnaire regarding the handling of software updates for vehicles already registered, distributed among the group’s participants. The expert from Germany informed GRVA that his country already had defined software updates categories for already registered vehicles (see more details in para. 73 below).
49. GRVA adopted GRVA-15-05, as reproduced in Annex V to the session report, and requested the secretariat to submit it to WP.29 and AC.1 as draft supplement to UN Regulation No. 155 for consideration and vote in June 2023.
61. The expert from France introduced ECE/TRANS/WP.29/GRVA/2023/5 aimed at clarifying the possibility to recognize the Cyber Security Management System Certificate of compliance delivered by other contracting parties. He mentioned the work done during the last workshop to update the initial wording of the explanation. He presented the outcome of the workshop reproduced in GRVA-15-21.
62. GRVA adopted ECE/TRANS/WP.29/GRVA/2023/5, as amended by GRVA-15-21 as well as GRVA-15-06. GRVA requested the secretariat to submit them as an amendment to the Interpretation Document for UN Regulation No. 155 to WP.29 and AC.1 for consideration and vote at their June 2023 sessions.
102. The Chair of GRVA recalled the purpose of the interpretation document for UN Regulation No. 155. He presented ECE/TRANS/WP.29/2022/61, proposing updates to the interpretation document that were reflecting the published final version of the ISO/SAE 21434 standard referred to in that document. He announced that GRVA would potentially submit further amendments for consideration at the March 2023 session of WP.29.
103. WP.29 adopted that document with the following amendments:
Section Y, amend the quote of para. 7.3.1 in UN Regulation No. 155, to read:
| …“7.3.1. | The manufacturer shall have a valid Certificate of Compliance for the Cyber Security Management System relevant to the vehicle type being approved. |
| However, for type approvals first issued before 1 July 2024 and for each extension thereof, if the vehicle manufacturer can demonstrate that the vehicle type could not be developed in compliance with the CSMS, then the vehicle manufacturer shall demonstrate that cyber security was adequately considered during the development phase of the vehicle type concerned.”… |
| Section AB, amend the quote of para. 7.3.4 in UN Regulation No. 155, to read: | |
| …“7.3.4. | The vehicle manufacturer shall … another appropriate mitigation is implemented. |
| In particular, for type approvals first issued before 1 July 2024 and for each extension thereof, the vehicle manufacturer shall ensure that another appropriate mitigation is implemented if a mitigation measure referred to in Annex 5, Part B or C is technically not feasible. The respective assessment of the technical feasibility shall be provided by the manufacturer to the approval authority.”… | |
| GRVA-15-21 | |
| WP.29/2022/61 | |
| GRVA/2023/5 | |
| GRVA-15-06 |