16. GRVA worked on the basis of GRVA-05-05-Rev.1 prepared by the Secretary at the end of the fifth session of GRVA.

5. GRVA considered the provisional agenda prepared for this session and adopted it (ECE/TRANS/WP.29/GRVA/2020/18). GRVA noted the running order document (GRVA-06-01) prepared by the Chair for this session. This report provides the list of all informal documents distributed during the session, in Annex I of the session report.

7. GRVA reviewed in detail GRVA-06-02 prepared by the ACSF group for consideration at this session.

8. GRVA reviewed the scope of the proposed Regulation, discussed a number of items such as the alignment of definitions with existing standards, whether or not the Software Indentification Number (RxSWIN) mechanism in the draft UN Regulation on Software Updates and Software Update Management Systems should be implemented on a mandatory basis.

24. The Chair regretted that GRVA did not have enough time for reviewing the proposal submitted by the expert from AVERE and also for the proposal submitted by the expert from the United Kingdom of Great Britain and Northern Ireland. GRVA agreed to consider these two items at its September 2020 session.

17. GRVA requested the Secretary to consolidate the ALKS, DSSAD and VMAD documents (GRVA-05-07-Rev.1). GRVA discussed on this basis open items such as the terms in the formula in paragraph 5.2.5.2. (GRVA-05-44), the parameters to be registered by DSSAD, the content of Appendix 1 to Annex 4 etc. The Secretary produced two other revisions in the course of the week, which were used by GRVA to build consensus. The outcome of the session on ALKS is reflected in GRVA-05-07-Rev.3. GRVA agreed to use this version in preparation of the sixth GRVA session.

13. The Secretary produced upon request of GRVA a consolidated version of the draft UN Regulation on ALKS based on the input received during the session (GRVA-06-02-Rev.1). The expert from OICA introduced GRVA-06-16 with amendment proposal to the revision 1. After each half day session, the Secretary produced revised consolidation reflecting the current state of the discussions. GRVA adopted GRVA-06-02-Rev.4 and requested the secretariat to submit it (without square brackets) as a draft new UN Regulation on ALKS to WP.29 and the Administrative Committee of the 1958 Agreement (AC.1) for consideration and vote at their June 2020 sessions. GRVA decided that the collection of data to determine the competent and careful driver model as per Appendix 3 to Annex 4 shall be performed in order to gather information and allow Type Approval Authorities to provide feedback to the IWG on VMAD.

17. The expert from CEMA introduced GRVA-06-03 proposing to remove the vehicle categories S, R and T from the scope of the draft Regulation on Cyber Security and Cyber Security Management Systems. GRVA noted the concern expressed by the expert from Austria about the fact that modern vehicles of these categories were highly connected and automated and were also involved in road traffic. GRVA agreed with the position expressed by CEMA at this stage, as these vehicle categories were not specifically considered when drafting the regulation. GRVA invited the experts from CEMA to review the draft regulation.

18. The expert from FIGIEFA introduced corrections to the wording that they proposed at the fifth session of GRVA. GRVA agreed with the corrections proposed for paragraph 1.4. GRVA referred the part of the proposal addressing the Interpretation Document to the Task Force on CS/OTA for detailed review.

15. The Secretary presented, in the absence of leadership of the group, GRVA-06-05 informing GRVA on the activities performed by the Task Force on Cyber Security and OTA issues since the fifth session of GRVA.

9. The expert from the United States of America introduced the outcome of the recent meeting of the IWG on DSSAD regarding DSSAD for ALKS (see GRVA-06-06 under agenda item 3).

14. GRVA reviewed the contribution (GRVA-06-06) of the IWG on DSSAD for the activities on ALKS under agenda item 3.

19. The expert from OICA presented GRVA-06-08-Rev.1 introducing GRVA-06-07 proposing amendments to the scope, clarifications in para. 5.1.3., paras. 7.2.2.2-7.2.2.4. and para. 7.3.7., a proposed way forward for the resolution of the discussion on paras. 5.3.1-5.3.4, transitional provisions in para. 7.3.1. and the deletion to the reference to Part. C in Annex 5.

20. The expert from Germany introduced an alternative amendment proposal to the transitional provision para. 7.3.1..

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

19. The expert from OICA presented GRVA-06-08-Rev.1 introducing GRVA-06-07 proposing amendments to the scope, clarifications in para. 5.1.3., paras. 7.2.2.2-7.2.2.4. and para. 7.3.7., a proposed way forward for the resolution of the discussion on paras. 5.3.1-5.3.4, transitional provisions in para. 7.3.1. and the deletion to the reference to Part. C in Annex 5.

20. The expert from Germany introduced an alternative amendment proposal to the transitional provision para. 7.3.1..

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

10. GRVA discussed about the best way to incorporate the Appendix prepared by the IWG on Validation Methods for Automated Driving (GRVA-06-09). GRVA noted the work on this Appendix was based on data collected in Japan and Northern America but that no data from Europe could be used. The expert from the Russian Federation expressed concerns about the implementation of the provisions in this Appendix. Some delegations expressed doubts about the values proposed in square bracket, whether they would be representative for their market.

11. The expert from the European Commission introduced GRVA-06-10 proposing the text for a generic Annex (possibly applicable to all Automated Driving Systems, including ALKS) on special requirements to be applied to the safety aspects of electronic control systems and their audit. GRVA reviewed the submission by the expert from Canada, Co-Chair of the IWG on VMAD, of an alternative proposal with a few editorial corrections and modifying the scope of the annex, substituting Automated Driving Systems by ALKS throughout the text of the annex.

12. The expert from the United Kingdom of Great Britain and Northern Ireland recalled their position on the need to allow ALKS to perform a lane change if necessary, during an emergency manoeuvre. GRVA did not have the time to review in detail his proposal (GRVA-06-11) and agreed to resume this discussion at the GRVA session in September 2020.

24. The Chair regretted that GRVA did not have enough time for reviewing the proposal submitted by the expert from AVERE and also for the proposal submitted by the expert from the United Kingdom of Great Britain and Northern Ireland. GRVA agreed to consider these two items at its September 2020 session.

24. The Chair regretted that GRVA did not have enough time for reviewing the proposal submitted by the expert from AVERE and also for the proposal submitted by the expert from the United Kingdom of Great Britain and Northern Ireland. GRVA agreed to consider these two items at its September 2020 session.

43. The expert from AVERE introduced ECE/TRANS/WP.29/GRVA/2020/7 and ECE/TRANS/WP.29/GRVA/2020/8 (and their respective amendments in GRVA-05-08 and GRVA-05-24), proposing amendments to the ACSF provisions, resuming the discussion started in September 2019. He mentioned the support provided by the expert from the United Kingdom. The experts from Sweden and France provided comments. The experts from Denmark, Finland, the Netherlands and Norway expressed concerns. The expert from the Netherlands explained that the dynamics problems reported by the manufacturer, member of AVERE, were not due to the provisions in the Regulation but were due to design choices made by this manufacturer. The experts from the European Commission, Korea and United Kingdom and Northern Ireland supported the proposals; the expert from OICA, too. The expert from the Russian Federation proposed alternative proposals (GRVA-05-59) improving the text. The expert from the United Kingdom proposed GRVA-05-57 aimed at addressing the comments expressed by the expert from Sweden. GRVA reviewed all revised proposals produced by the expert from AVERE during the week but remained divided. GRVA agreed to review a revised proposal at the sixth session of GRVA, if time allows.

44. The Chair of GRVA noted the division of GRVA on this matter. He proposed that GRVA performs a general review of the Regulation at its September 2020 session.

11. The expert from the European Commission introduced GRVA-06-10 proposing the text for a generic Annex (possibly applicable to all Automated Driving Systems, including ALKS) on special requirements to be applied to the safety aspects of electronic control systems and their audit. GRVA reviewed the submission by the expert from Canada, Co-Chair of the IWG on VMAD, of an alternative proposal with a few editorial corrections and modifying the scope of the annex, substituting Automated Driving Systems by ALKS throughout the text of the annex.

6. The expert from Germany, Secretary of the Informal Working Group (IWG) on Automatically Commanded Steering Function (ACSF) presented GRVA-06-14 informing on the progress made since the fifth session of GRVA on the draft UN Regulation on Automated Lane Keeping Systems (ALKS).

19. The expert from OICA presented GRVA-06-08-Rev.1 introducing GRVA-06-07 proposing amendments to the scope, clarifications in para. 5.1.3., paras. 7.2.2.2-7.2.2.4. and para. 7.3.7., a proposed way forward for the resolution of the discussion on paras. 5.3.1-5.3.4, transitional provisions in para. 7.3.1. and the deletion to the reference to Part. C in Annex 5.

20. The expert from Germany introduced an alternative amendment proposal to the transitional provision para. 7.3.1..

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

13. The Secretary produced upon request of GRVA a consolidated version of the draft UN Regulation on ALKS based on the input received during the session (GRVA-06-02-Rev.1). The expert from OICA introduced GRVA-06-16 with amendment proposal to the revision 1. After each half day session, the Secretary produced revised consolidation reflecting the current state of the discussions. GRVA adopted GRVA-06-02-Rev.4 and requested the secretariat to submit it (without square brackets) as a draft new UN Regulation on ALKS to WP.29 and the Administrative Committee of the 1958 Agreement (AC.1) for consideration and vote at their June 2020 sessions. GRVA decided that the collection of data to determine the competent and careful driver model as per Appendix 3 to Annex 4 shall be performed in order to gather information and allow Type Approval Authorities to provide feedback to the IWG on VMAD.

21. The expert from the European Commission introduced GRVA-06-17 and GRVA-06-17-Rev.1, aimed at resolving the Contracting Parties discussion on paras. 5.3.1.-5.3.4. GRVA could not reach consensus on the proposal. GRVA agreed to make further progress until the June 2020 session of WP.29 along the following agreed principles:

1. Introduction of prescriptions regarding the competencies of the Technical Services involved;
2. Introduction of provisions on the upload of the type approvals in DETA;
3. Introduction of a peer review concept that prevents sovereignty issues regarding the issuance of Type Approvals;
4. Introduction of a reference to Schedule 6 of the 1958 Agreement.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

21. The expert from the European Commission introduced GRVA-06-17 and GRVA-06-17-Rev.1, aimed at resolving the Contracting Parties discussion on paras. 5.3.1.-5.3.4. GRVA could not reach consensus on the proposal. GRVA agreed to make further progress until the June 2020 session of WP.29 along the following agreed principles:

1. Introduction of prescriptions regarding the competencies of the Technical Services involved;
2. Introduction of provisions on the upload of the type approvals in DETA;
3. Introduction of a peer review concept that prevents sovereignty issues regarding the issuance of Type Approvals;
4. Introduction of a reference to Schedule 6 of the 1958 Agreement.

22. The expert from Spain introduced GRVA-06-18 aimed at specifying security definition requirements for the vehicle type. GRVA agreed to consider a revised proposal at its September 2020 session.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

23. GRVA adopted GRVA-06-19-Rev.1 and requested the secretariat to submit it (without paras 5.3.1.-5.3.4.) as draft UN Regulation on Cyber Security and Cyber Security Management Systems to WP.29 and AC.1 for consideration and vote at their June 2020 session.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

5. GRVA considered the provisional agenda prepared for this session and adopted it (ECE/TRANS/WP.29/GRVA/2020/18). GRVA noted the running order document (GRVA-06-01) prepared by the Chair for this session. This report provides the list of all informal documents distributed during the session, in Annex I of the session report.