The UN IWG on Cyber Security and OTA will meet April 21-22, 2026 via video conference. The agenda includes adoption of the provisional agenda and minutes from the previous session, proposals for amendments to UN R155 and its interpretation document regarding multistage vehicles and type approval authorities, review of cyber and software requirements in the ADS Regulation, discussion of RXSWIN application, renewal of the IWG mandate expiring November 2026, and confirmation of next steps.

Proposal to amend UN R155 and UN R156 to require that Certificates of Compliance for Cyber Security Management Systems and Software Update Management Systems be issued by the same approval authority that grants type approval. Germany reported a case where different authorities issued the certificate and type approval, creating assessment and enforcement issues. The proposal aims to ensure holistic cyber security evaluation and align both regulations.

Proposal to amend UN R13, 13-H, 79, 89, 130, 131, 139, 140, 152, 155, 156, 157, 171, 175, and 178 by introducing provisions on software identification and software updates. Amendments add new paragraphs referring to Software Identification Number definitions in Consolidated Resolution R.E.3, require manufacturers to provide Technical Services with information on hardware and software influencing performance, permit vehicle manufacturers to apply for new approvals differentiating software versions for registered versus new vehicles while avoiding test duplication, and modify production discontinuation provisions to exclude cases where manufacturers seek approval extensions for software updates of registered vehicles.

Germany proposes that the TAA granting UN R155 or UN R156 type approvals shall be obliged to only use CSMS or SUMS certificates signed by the same TAA. Issues identified include that CSMS and SUMS are Management Systems covering entire manufacturers’ organizations, mandating the same TAA will have huge consequences for OEMs using multiple TAAs, and no such obligation exists for ISO 9001 and ISO 14001. A possible way forward in the short term is to keep text unchanged to allow different TAAs for Management Systems CoC and type approval based on voluntary acceptance and implement wording on information exchange and procedure if different TAAs involved.

The CS/OTA Task Force held its thirty-seventh session on 21-22 April 2026 by video conference. The group adopted the provisional agenda and minutes from the thirty-sixth session. Discussions addressed proposals for amendments to UN R155 concerning multi-stage vehicle approvals and separate technical units, for which a subworking group was established. Proposals were also considered on type approval authority responsibility for cyber security management systems and remote operation of automated driving systems. The group reviewed cyber and software requirements in the ADS GTR and WP.29/2022/60 as amended by WP.29/2023/87, and discussed application of RXSWIN to UN Regulations, selecting option 2 for presentation to GRVA with R155, R156, and R89 square bracketed. The IWG mandate renewal was discussed, with potential new items including component and STU approval and software numbering proposals.