18. The expert from Japan, Co-Chair of the Task Force on Cyber Security and Over-the-Air Software Updates presented GRVA-02-03, containing a status report of the group’s activities since the previous GRVA session and introducing ECE/TRANS/WP.29/GRVA/2019/2. He mentioned that the group responded in writing to all the questions and comments received on the proposal.

19. The expert from FIA welcomed the proposal produced by the group but mentioned that it did not reflect their position regarding life time requirements.

20. The expert from OICA wondered whether such aspect raised by FIA would belong to the scope of the 1958 Agreement. The secretariat answered that some precedents could help answering this question e.g. UN Regulation No. 49 (including conformity of in-service vehicles/engines provisions), UN Regulation No. 59 (Replacement (retrofit) silencing systems), UN Regulation No. 83 (including durability requirements and “in use” requirements), UN Regulation No. 90 (Replacement braking parts) and UN Regulation No. 133 (Recyclability of motor vehicles). He stated that he was not aware of any provision of the Agreement that would limit the activities under this Agreement only to the performance of new vehicles. The expert from OICA, Secretary of the Task Force agreed to submit in written an informal document highlighting the difficulty faced by the group with this aspect. He presented, on the last day of the second GRVA session, GRVA-02-46 that described the issue of post-production, understood as the product lifetime starting after the production is definitely discontinued.

21. The expert from Germany and the Netherlands stated that the document should address the three following phases: system/vehicle development, production and post-production.

22. The expert from Japan supported the proposal ECE/TRANS/WP.29/GRVA/2019/2 and stated the need to adopt this document during this session, since the new UN Regulation proposed in the document was one of the important and needed Regulations for the improvement of vehicle safety.

23. The expert from EC provided comments on the proposal (GRVA-02-37).

24. The expert from IMMA presented GRVA-02-18, proposing to exclude vehicles of category L from the scope of the document.

25. The expert from Japan, Co-Chair of the Task Force, responding to the advice received from the previous session of GRVA, reported on its proposal for a test phase to assure the draft produced. He presented the aim and the desired output of this activity.

26. GRVA agreed to keep the documents under this agenda item for continued review at next GRVA session. GRVA invited the Task Force to address the comments received and to proceed with the test phase. GRVA noted the need to make further progress on this item and requested the secretariat to explore the possibility to organize a special session of GRVA in May or June 2019.

27. GRVA noted that the presentation of GRVA-02-03 also introduced ECE/TRANS/WP.29/GRVA/2019/3, that the proposal for a test phase would also apply to the software updates work stream. The expert from Japan also supported the document ECE/TRANS/WP.29/GRVA/2019/3. He indicated Japan’s support for the earliest adoption (during this session), since the issue was important and a UN Regulation was needed for the improvement of vehicle safety.

28. The expert from EC provided comments on the proposal (GRVA-02-37).

29. The expert from IMMA presented GRVA-02-18, proposing to exclude vehicles of Category L from the scope of the document.

30. The expert from ITU stated that regulating communication would require specific expertise and that the precedent at the Working Party on General Safety provisions with the UN Regulation No. 144 (Accident Emergency Call Systems) ignored communication aspects and durability provisions. He raised the question whether a vehicle equipped with safety systems based on communication would still be roadworthy in case the communication would no longer function e.g. when the communication system would be obsolete. GRVA agreed that the Task Force on Cyber Security and Over-the-Air Software Updates was a good example demonstrating that WP.29 was able to attract the required experts with the right expertise and to make very quick progress on such strategic issues. GRVA agreed about the need to discuss the roadworthiness of vehicles in case of the vehicle communication unit obsolescence would impact the well performing of safety systems.

31. GRVA agreed to keep ECE/TRANS/WP.29/GRVA/2019/3 and GRVA-01-18 on the agenda of the next GRVA session.

21. The expert from the United Kingdom, Co-Chair of the Task Force on Cyber Security and Over-The-Air software updates (TF CS/OTA) reported on the activities of the group since June 2019. (Details are provided in GRVA-04-45.) He explained the activities of the test phase and reported that it was positive. He stated that the draft proposal (ECE/TRANS/WP.29/GRVA/2019/2 as amended) worked and provided value. He mentioned that the experience gathered during this phase would be reflected in an interpretation document and that the documents under development would be improved for consideration at the next session of GRVA.

22. The expert from IMMA introduced GRVA-04-25, proposing amendments to the scope of the draft regulation. GRVA referred the proposal to the Task Force.

23. The expert from Germany provided comments in GRVA-04-22. GRVA agreed to refer them to the Task Force.

24. The expert from the European Commission recalled that a report would have to be prepared for review at the next session of WP.29. He presented a proposal to clarify the scope of the draft UN Regulation on cyber security (GRVA-04-32). He noted that the challenges of the group were similar to those that the IWG on VMAD would face, when working on audits.

25. The expert from the USA commended the Task Force for its work. But she requested that the technical requirements be prepared (as previously agreed) in a document that could serve the 1998 Agreement as well.

26. The expert from Sweden informed that his country had now established a Cyber Security authority. GRVA welcomed the participation of Cyber Security authorities at the Task Force meetings.

27. The expert from FIGIEFA introduced GRVA-04-04 proposing amendments to the scope as well as new proposals related to access to data by authorized parties. She announced that she would support the alternative proposal concerning the scope presented in
GRVA-04-32. The expert from OICA also supported amendments to the scope but not the other amendments proposed in GRVA-04-32. The expert from EC stated the importance to remain vigilant concerning the access to data in vehicles. GRVA transmitted the amendment proposals to the task force.

28. The expert from FIA introduced GRVA-04-40 proposing to clarify the lifecycle and lifetime definitions. He suggested that the lifetime definition should also include the time after a vehicle is deregistered and until it is scrapped. GRVA did not conclude on this item and transmitted the document to the Task Force.

29. GRVA invited the Task Force to prepare the proposal for a new UN Regulation on cyber security, a draft guidance document, a draft resolution with recommendations together with draft requirements in a document that can serve the 1998 Agreement and a report on the test phase.

30. GRVA agreed to request an extension of the mandate of the Task Force for two years.

21. The expert from the United Kingdom, Co-Chair of the Task Force on Cyber Security and Over-The-Air software updates (TF CS/OTA) reported on the activities of the group since June 2019. (Details are provided in GRVA-04-45.) He explained the activities of the test phase and reported that it was positive. He stated that the draft proposal (ECE/TRANS/WP.29/GRVA/2019/2 as amended) worked and provided value. He mentioned that the experience gathered during this phase would be reflected in an interpretation document and that the documents under development would be improved for consideration at the next session of GRVA.

22. The expert from IMMA introduced GRVA-04-25, proposing amendments to the scope of the draft regulation. GRVA referred the proposal to the Task Force.

23. The expert from Germany provided comments in GRVA-04-22. GRVA agreed to refer them to the Task Force.

24. The expert from the European Commission recalled that a report would have to be prepared for review at the next session of WP.29. He presented a proposal to clarify the scope of the draft UN Regulation on cyber security (GRVA-04-32). He noted that the challenges of the group were similar to those that the IWG on VMAD would face, when working on audits.

25. The expert from the USA commended the Task Force for its work. But she requested that the technical requirements be prepared (as previously agreed) in a document that could serve the 1998 Agreement as well.

26. The expert from Sweden informed that his country had now established a Cyber Security authority. GRVA welcomed the participation of Cyber Security authorities at the Task Force meetings.

27. The expert from FIGIEFA introduced GRVA-04-04 proposing amendments to the scope as well as new proposals related to access to data by authorized parties. She announced that she would support the alternative proposal concerning the scope presented in
GRVA-04-32. The expert from OICA also supported amendments to the scope but not the other amendments proposed in GRVA-04-32. The expert from EC stated the importance to remain vigilant concerning the access to data in vehicles. GRVA transmitted the amendment proposals to the task force.

28. The expert from FIA introduced GRVA-04-40 proposing to clarify the lifecycle and lifetime definitions. He suggested that the lifetime definition should also include the time after a vehicle is deregistered and until it is scrapped. GRVA did not conclude on this item and transmitted the document to the Task Force.

29. GRVA invited the Task Force to prepare the proposal for a new UN Regulation on cyber security, a draft guidance document, a draft resolution with recommendations together with draft requirements in a document that can serve the 1998 Agreement and a report on the test phase.

30. GRVA agreed to request an extension of the mandate of the Task Force for two years.