The provision in paragraph 5.3.5. may need clarification on what the granting Approval Authority should do, if that Authority can’t take into account the comments received as per paragraph 5.3.4. Should it continue processing with granting the approval or postpone granting? The proposal is to clarify that the Approval Authority should postpone granting the approval until the agreement on the common interpretation of the questioned issue is reached.

Report to 182nd WP.29 session from the 39th IWG on DETA meeting.

Mark up of the draft UN Regulation on cyber security (WP.29/2020/79) towards transposition of technical requirements into an instrument under the 1998 Agreement.

Question concerning coverage of cybersecurity risks under the new UN R155 on cybersecurity managements and under UN R116 (with the understanding of the current proposals to split UN R116 into three separate regulations).

CS/OTA informal group proposal for a document to assist with the implementation of the new UN Regulation on cybersecurity management. This document is also available with track changes in a word document format and portable document format.

Proposal to clarify that the Approval Authority should postpone granting a cybersecurity management approval in the absence of agreement on the common interpretation of a provision where the interpretation of the Approval Authority has raised comments from other authorities under the review procedure provided for in paragraph 5.3.4.

Cybersecurity and OTA software updates task force session dedicated to discussion of interpretation documents to support the use of UN R155 on cybersecurity approvals and UN R156 on software update approvals.

Document as amended during the third day of the third TFCS ad hoc session.

Clean version of the UN R155 interpretation document pursuant to the third TFCS ad hoc session.

Document as amended during the 2nd day of the third TFCS ad hoc session.

Interpretation document as updated during the first day of the 3rd Interpretation Document ad hoc session of the Cybersecurity and Software Updates task force (27-29 July).

Template (reviewed by Germany, the Netherlands, the United Kingdom, the European Commission, Japan, and France) for the exchange of type-approval information related to cybersecurity via the electronic Data Exchange for Type Approvals (DETA) system.

Small drafting group comments.

Comments concerning the implementation of the following paragraph:
7.3.7. The vehicle manufacturer shall implement measures for the vehicle type to:

1. detect and prevent cyber-attacks against vehicles of the vehicle type;
2. support the monitoring capability of the vehicle manufacturer with regards to detecting threats, vulnerabilities and cyber-attacks relevant to the vehicle type;
3. provide data forensic capability to enable analysis of attempted or successful cyberattacks.

Document prepared by the Task Force chair.

Proposal for a new UN Regulation on uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system.

Proposal agreed by interested Contracting Parties to resolve concerns regarding “peer review” of cybersecurity type approvals.

Proposal for provisions regarding the extension, expiration, or withdrawal of a cybersecurity approval.

Proposal for a new UN Regulation as approved by GRVA during its 6th session for the type approval of vehicles with regard to their cybersecurity protection.

Proposal to require the definition of security requirements for the vehicle type.

The proposal replaces the protection of critical elements with the protection of the vehicle type in general to ensure that a critical element can be secured by security mechanisms in other elements of the vehicle type. This clarifies that secure gateways can be used to shield parts of an E/E architecture which contain critical elements. Further, the proposal introduces a transitional period for the obligation to implement the mitigation measures of Annex 5, Part B and C. During this transitional period, the manufacturer can introduce alternative appropriate mitigation measures on the basis of technical feasibility.

Proposal to clarify provisions regarding

• skills and procedures required of the Approval Authority and its Technical Service(s),
• mandatory peer review of the Approval Authority’s skills, procedures and assessment methods and pass/fail criteria,
• notification of intended type approvals and availability of documentation for inspection,
• minimizing the risk of expiry of the CSMS Certificate before issuance of a new Certificate, and
• exemptions for approvals granted before 1 July 2024.

Proposal to clarify provisions regarding

• skills and procedures required of the Approval Authority and its Technical Service(s),
• mandatory peer review of the Approval Authority’s skills, procedures and assessment methods and pass/fail criteria,
• notification of intended type approvals and availability of documentation for inspection,
• minimizing the risk of expiry of the CSMS Certificate before issuance of a new Certificate, and
• exemptions for approvals granted before 1 July 2024.

Proposal to exclude vehicles of categories R, S and T from the initial scope of the draft UN Regulations.

Proposal to require vehicle manufacturers to provide relevant cybersecurity information (cybersecurity goals, specifications, requirements) to authorised replacement-part manufacturers.

Update on the status of discussions aiming to resolve open items in the draft UN Regulation on cybersecurity following the 5th GRVA session.

Proposals to clarify the draft text.

Draft text for a new UN Regulation on the certification of cybersecurity management systems and the approval of vehicles with regarding to cybersecurity. This draft will be considered during the 6th GRVA session.

Russia-coordinated effort to reconcile divergent views on the concept for type authority review of other type approval authority decisions on cybersecurity management system certification.

Proposal to insert the provision, “This regulation is without prejudice to national or regional regulations dealing with the development and replacement of parts and systems, physical and digital, with regards to ensure their compatibility with cybersecurity.”

Proposal to delete the phrase “actively seek guidance” regarding Type Approval Authority consultations, shortening the period during which authorities can express reservations regarding a draft approval from 30 days to 14 days, and clarifications to the text.

Proposal to define the absence of a Cyber Security Management System certificate (e.g., expiration or withdrawal) as a modification affecting vehicle technical performance (and therefore, the type approval of the vehicle).

Proposal from the GRVA secretariat to align the text of the draft UN Regulation on cybersecurity with the text of Schedule 6 of the 1958 Agreement.

Proposal from France to delete provisions allowing a “cross check” of cybersecurity management certifications among approval authorities in favor of defined requirements for technical services.

The amendment proposal by TF CS/OTA to improve the text (ECE/TRANS/WP.29/GRVA/2020/3) with respect to the Approval Authorities and granting of type approvals

Text submitted by the expert from Japan proposing an amendment to document GRVA-05-05 from TF CS/OTA

Explanatory document submitted by the expert from FIGIEFA to be read in conjunction with the UN Regulation on Cybersecurity (ECE/TRANS/WP.29/GRVA/2020/2). This document describes process flow for national/regional authorities to define objective minimum compliance criteria.

Text submitted by the experts from EGEA, FIA, FIGIEFA and ETRMA for amendments and modifications to ECE/TRANS/WP29/GRVA/2020/2 & ECE/TRANS/WP29/GRVA/2020/3

Proposal submitted by the expert from FIGIEFA for amendments to the draft regulations on Cyber Security and Software Updates (GRVA/2020/2, GRVA/2020/3 and GRVA/2020/4) to address concerns regarding service and maintenance and the use of replacement parts.

Proposal to delete limitations regarding the choice of cryptographic modules.

Clean version of the task force draft text. Only Annex 5 is not reviewed.

Consolidating all changes through the second day of the 17th task force session.

Draft document pursuant to the first day of the 17th task force session.