Includes changes made during the Workshop.

Document includes in-session edits by the workshop.

Proposal to amend UN R155 and UN R156 to require that Certificates of Compliance for Cyber Security Management Systems and Software Update Management Systems be issued by the same approval authority that grants type approval. Germany reported a case where different authorities issued the certificate and type approval, creating assessment and enforcement issues. The proposal aims to ensure holistic cyber security evaluation and align both regulations.

Draft specific guidance for vehicle types that are based on another vehicle type. This specific guidance is without prejudice to national procedures (e.g. as defined in the R155 methods and criteria) and applies to various use cases, such as vehicles developed, produced and/or sold in collaboration with another manufacturer, completed and transformed vehicles, “multi-stage” vehicles, etc.

Proposal to set clear criteria for manufacturers of transformed vehicles to determine when a given transformed vehicle needs or needs not undergo a more detailed cyber security review according to the processes for transformed vehicles currently being discussed by the GRVA workshop on cybers ecurity and software updates.