4 May UN R155 and R156: Proposal for amendments (France, Germany, Luxembourg, Netherlands, and UK) GRVA-25-07 2026-05-04 Proposal to amend UN R155 and UN R156 regarding approval authority requirements:<ul><li>Add a refusal ground to para. 5.1.3. of UN R155 where the Certificate of Compliance for the Cyber Security Management System has not been issued by the same approval authority granting type approval</li><li>Insert new para. 5.4. into UN R156 to provide that approval authorities shall not grant any type approval if the Certificate of Compliance for the Software Update Management System has not been issued by the same approval authority granting type approval.</li></ul> France Germany Luxembourg Netherlands UK
6 Jul Proposal to amend UN R155 and UN R156 (France, Germany, Luxembourg, Netherlands, and UK) GRVA/2026/30 2026-07-06 Proposal to amend UN R155 by inserting new para. 5.1.3.(e) establishing that the Certificate of Compliance for the Cyber Security Management System shall not be issued by a different Approval Authority than the one granting type approval, and amend UN R156 by inserting new para. 5.4. establishing that Approval Authorities shall not grant type approval if the Certificate of Compliance for the Software Update Management System has not been issued by the same Approval Authority granting type approval. Justification includes ensuring holistic cybersecurity assessment, clarifying reporting obligations under para. 7.2.2.2.(g), addressing unharmonized mutual recognition of management system certificates, maintaining consistency between regulations, and upholding the fundamental principle that approval authorities retain responsibility for all aspects of type approval. France Germany Luxembourg Netherlands UK
12 Mar Proposal to amend UN R155 and UN R156 (Germany) TFCS-37-02 2026-03-12 Proposal to amend UN R155 and UN R156 to require that Certificates of Compliance for Cyber Security Management Systems and Software Update Management Systems be issued by the same approval authority that grants type approval. Germany reported a case where different authorities issued the certificate and type approval, creating assessment and enforcement issues. The proposal aims to ensure holistic cyber security evaluation and align both regulations. Germany