30. The expert from the Russian Federation introduced ECE/TRANS/WP.29/GRVA/2021/5. He recalled the discussion at the seventh session of GRVA on para. 5.3.5 in UN Regulation No. 155. The expert from OICA provided comments (GRVA-09-08). The expert from Germany advised to not paraphrase Schedule 6 or add requirements that would differ from those in the 1958 Agreement. The expert from Japan expressed concerns related to the implementation of the provisions in the 1958 Agreement and therefore proposed to keep the text unchanged. The expert from France supported the position expressed by the expert from Japan. The experts from Italy and UK expressed similar positions. The expert from the Russian Federation explained that the case was not related to disputes as in Schedule 6. He proposed to withdraw his proposal and to discuss it at a meeting of the IWG on International Whole Vehicle Type Approval.

4. GRVA considered the provisional agenda prepared for this session (ECE/TRANS/WP.29/GRVA/2021/1) and decided to delete the proposed item 6(c). GRVA adopted the agenda as reproduced in GRVA-09-24/Rev.1, that included the informal documents received before the session started. (All informal documents submitted are listed in Annex I of the session report.) Annex II provides the list of Informal Working Groups (IWG) reporting to GRVA.

5. GRVA also agreed on the running order for the session (GRVA-09-01/Rev.1) and noted the technical information contained in GRVA-09-02 for this online session.

47. WP.29 received the oral report of the representative of United Kingdom of Great Britain and Northern Ireland, Co-Chair of the IWG on ITS, mentioning that the group, at its second session on 6 November 2020, (i) reviewed the draft revised UNECE Road Map on Intelligent Transport Systems and recommended its endorsement by WP.29, (ii) discussed the offer of UNECE and the International Telecommunications Union (ITU) to organize the first session of the 2021 Future Networked Car event, which will be dedicated to regulatory activities on automated and connected vehicles and (iii) received a presentation on Vehicle-to-Everything (V2X) communication for Cooperative Driving Automation from the expert from Japan, Mr. N. Ogawa, working for ITS research in Technical Research department of Mazda Motor Corporation Tokyo HQ and member of the Strategic Innovation Promotion Program (SIP) Automated Driving System for Universal Service (ADUS) initiative, which is a project of the Japanese Government.

48. WP.29 considered and endorsed the draft revised UNECE Road Map on Intelligent Transport Systems (ITS) proposed in WP.29-182-12. WP.29 requested the secretariat to submit it, as amended during the session, to ITC and its Bureau at its November 2020 session, for preparation of the eighty third session of ITC.

49. WP.29 proposed that delegates of the IWG on ITS and delegates of GRVA IWGs working on relevant topics, represent the World Forum at annual Future Networked Car events that are organized by the International Telecommunications Union (ITU).

50. WP.29 noted the information mentioned by the representative of ITU concerning the allocation of frequencies dedicated to vehicle-to-vehicle communication and decided to further discuss this point at its March 2021 session.

51. WP.29 endorsed the extension of the mandate of the IWG on ITS until November 2025.

77. WP.29 endorsed informal documents WP.29-182-05 and WP.29-182-06. WP.29 requested the secretariat to issue them with an official symbol for the March 2021 session of WP.29.

63. The secretariat introduced ECE/TRANS/WP.29/2021/59 and ECE/TRANS/WP.29/2021/60 based on informal documents WP.29-182-05 and WP.29-182-07, and WP.29-182-06, respectively, endorsed by WP.29 at its November 2020 session. WP.29 thanked the secretariat for providing the official documents with the translations in French and Russian and formally adopted them.

96. The representative from Germany, Chair of the IWG on DETA, updated the World Forum concerning the work of the IWG at its thirty-ninth session, held on 04 November 2020. He proposed that WP.29 consider and endorse the Guidelines for the use of DETA with regard to the exchange of information on Cyber Security (WP.29-182-07)

97. WP.29 endorsed informal document WP.29-182-07.

98. The Secretary updated WP.29 on the situation for hosting DETA at UNECE recalling the blocking of regular budget funding at the Administrative and Budget Committee (Fifth Committee) of the UN General Assembly. He proposed to seek alternative funding possibilities in close cooperation with interested Contracting Parties and stakeholders.

99. WP.29 noted that the development of additional functionalities, Unique Identifier, UI, and Declaration of Conformity, DoC, funded by private sector stakeholders was blocked due to contractual issues. OICA, CLEPA, ETRTO and CITA confirmed their continued availability to fund these developments but asked for support from UNECE to overcome contracting issues as soon as possible; OICA referred to the WHDC (World Harmonised Driving Cycle for heavy duty vehicles) which included, some 20 years ago, a test programme funded by industry and suggested that it could be useful to review the contracting procedures that were used at that time.

96. The representative from Germany, Chair of the IWG on DETA, updated the World Forum concerning the work of the IWG at its thirty-ninth session, held on 04 November 2020. He proposed that WP.29 consider and endorse the Guidelines for the use of DETA with regard to the exchange of information on Cyber Security (WP.29-182-07)

97. WP.29 endorsed informal document WP.29-182-07.

98. The Secretary updated WP.29 on the situation for hosting DETA at UNECE recalling the blocking of regular budget funding at the Administrative and Budget Committee (Fifth Committee) of the UN General Assembly. He proposed to seek alternative funding possibilities in close cooperation with interested Contracting Parties and stakeholders.

99. WP.29 noted that the development of additional functionalities, Unique Identifier, UI, and Declaration of Conformity, DoC, funded by private sector stakeholders was blocked due to contractual issues. OICA, CLEPA, ETRTO and CITA confirmed their continued availability to fund these developments but asked for support from UNECE to overcome contracting issues as soon as possible; OICA referred to the WHDC (World Harmonised Driving Cycle for heavy duty vehicles) which included, some 20 years ago, a test programme funded by industry and suggested that it could be useful to review the contracting procedures that were used at that time.

63. The secretariat introduced ECE/TRANS/WP.29/2021/59 and ECE/TRANS/WP.29/2021/60 based on informal documents WP.29-182-05 and WP.29-182-07, and WP.29-182-06, respectively, endorsed by WP.29 at its November 2020 session. WP.29 thanked the secretariat for providing the official documents with the translations in French and Russian and formally adopted them.

83. Following the virtual and informal session in lieu of the seventh session of GRVA, the secretariat prepared the list of decisions stemming from this session, in English, French and Russian (GRVA-07-76). It had been submitted to the Heads of Delegations and the permanent representations of contracting parties in Geneva for an approval by silence procedure, in accordance with the special procedures established by the UNECE Executive Committee. The secretariat informed the delegations by email, ten days after the procedure had been initiated, that the silence had not been broken.

25. The expert from Japan, Co-Chair of the IWG on Cyber Security and Over-The-Air Software Updates (CS/OTA), reported on the activities of the group (GRVA-07-49) and introduced GRVA-07-04-Rev.1. GRVA discussed the need to adopt this document before the entry into force of UN Regulation No. [155] (Cyber Security and Cyber Security Management Systems). GRVA agreed that the Regulation stands on its own but also that cyber security was a rather new matter for some members of the community, who could immediately benefit from the documents.

26. GRVA endorsed GRVA-07-04-Rev.1, proposing guidance on how to interpret UN Regulation No. [155] and recommended it for endorsement by WP.29 at its November 2020 session, on the basis of an informal document.

28. The expert from the Netherlands, Chair of the IWG on Database for Exchange of Type Approval documentation (DETA), introduced GRVA-07-25 (aimed at clarifying DETA related provisions in ECE/TRANS/WP.29/2020/94). GRVA endorsed it, in principle, as a draft guidance for the Authorities on the way to use DETA, hosted by Germany, in line with the relevant provisions in UN Regulation No. [155]. GRVA noted that the document would be finalized prior to WP.29 in November 2020, so that it can be adopted together with the document above.

29. GRVA requested the secretariat to provide a specific place on its website for all cyber security and software updates related documents.

25. The expert from Japan, Co-Chair of the IWG on Cyber Security and Over-The-Air Software Updates (CS/OTA), reported on the activities of the group (GRVA-07-49) and introduced GRVA-07-04-Rev.1. GRVA discussed the need to adopt this document before the entry into force of UN Regulation No. [155] (Cyber Security and Cyber Security Management Systems). GRVA agreed that the Regulation stands on its own but also that cyber security was a rather new matter for some members of the community, who could immediately benefit from the documents.

26. GRVA endorsed GRVA-07-04-Rev.1, proposing guidance on how to interpret UN Regulation No. [155] and recommended it for endorsement by WP.29 at its November 2020 session, on the basis of an informal document.

30. The expert from FIA presented GRVA-07-41, referring to WP.29-181-10 and proposing to insert in UN Regulation No. 155 the Protection Profiles that they developed in cooperation with TüVIT. The expert from OICA responded to the proposal (GRVA-07-36). The expert from FIA agreed to respond to the challenges raised by the expert from OICA. The expert from the Russian Federation asked for more details about the Protection Profiles in practice. The expert from CEN recalled his submission of WP.29-179-27 provided for information to WP.29. The expert from China inquired about the nature of the Protection Profile, if it was a guidance or regulatory requirements. The expert from FIA responded that Protection Profiles are a methodology. GRVA invited the stakeholders to continue discussion at the IWG level. The expert from the Netherlands agreed to support this discussion.

27. The expert from the Russian Federation presented GRVA-07-08, proposing a clarification of para. 5.3.5. of UN Regulation No. [155]. The expert from Japan explained that the proposed clarification should be carefully reviewed as it could lead to restrictions to the rights of Contracting Parties according to the 1958 Agreement. The author agreed and mentioned that ECE/TRANS/WP.29/2020/97 already provided some clarifications.

23. The representative of FIA presented WP.29-181-10 introducing their report on the Protection Profile and Common Criteria methodology that could potentially address FIA’s concern regarding the performance and the maintenance of vehicles regarding cyber security over their lifetime.

24. The representative of United Kingdom of Great Britain and Northern Ireland recalled that such an approach was already discussed by the Informal Working Group on Cyber Security and Over-The-Air issues. He advised that the report would also be reviewed by the IWG on Periodic Technical Inspection.

25. WP.29 agreed that this report would be referred to the Working Party on Automated/autonomous and Connected Vehicles (GRVA) as well as other relevant groups.

30. The expert from FIA presented GRVA-07-41, referring to WP.29-181-10 and proposing to insert in UN Regulation No. 155 the Protection Profiles that they developed in cooperation with TüVIT. The expert from OICA responded to the proposal (GRVA-07-36). The expert from FIA agreed to respond to the challenges raised by the expert from OICA. The expert from the Russian Federation asked for more details about the Protection Profiles in practice. The expert from CEN recalled his submission of WP.29-179-27 provided for information to WP.29. The expert from China inquired about the nature of the Protection Profile, if it was a guidance or regulatory requirements. The expert from FIA responded that Protection Profiles are a methodology. GRVA invited the stakeholders to continue discussion at the IWG level. The expert from the Netherlands agreed to support this discussion.

12. AC.2 reviewed the progress made on the activities listed in the Framework document on autonomous/automated vehicles and discussed aspects of Big Data and Artificial Intelligence technologies impact on the work of WP.29. AC.2 agreed to continue discussions on these matters at its November 2020 session.

22. The secretariat presented, for information, WP.29-181-05, reflecting the advancement evaluation of the activities listed in the Framework Document on Automated/autonomous Vehicles (ECE/TRANS/WP.29/2019/34/Rev.2).

28. The expert from the Netherlands, Chair of the IWG on Database for Exchange of Type Approval documentation (DETA), introduced GRVA-07-25 (aimed at clarifying DETA related provisions in ECE/TRANS/WP.29/2020/94). GRVA endorsed it, in principle, as a draft guidance for the Authorities on the way to use DETA, hosted by Germany, in line with the relevant provisions in UN Regulation No. [155]. GRVA noted that the document would be finalized prior to WP.29 in November 2020, so that it can be adopted together with the document above.

29. GRVA requested the secretariat to provide a specific place on its website for all cyber security and software updates related documents.

27. The expert from the Russian Federation presented GRVA-07-08, proposing a clarification of para. 5.3.5. of UN Regulation No. [155]. The expert from Japan explained that the proposed clarification should be carefully reviewed as it could lead to restrictions to the rights of Contracting Parties according to the 1958 Agreement. The author agreed and mentioned that ECE/TRANS/WP.29/2020/97 already provided some clarifications.

13. AC.2 discussed ITC decisions: Nos. 17 and 18 related to the Intelligent Transport Systems (ITS) Road Map and proposed the IWG on ITS to lead the activities for an update of the ITS Road Map; and No. 52 on the financing of DETA.

34. The secretariat presented the list of main decisions adopted at the eighty-first session of ITC (25-28 February 2020). Decisions Nos. 15–18 and 50–52 were emphasized as of particular importance to the work of WP.29.

35. In decision No. 15, ITC took note of the status of implementation of the Intelligent Transport Systems (ITS) Road Map that was launched at its seventy-fourth session and encouraged continuation of the work of SC.1 on smart roads; of SC.3 on smart shipping, River Information Systems, and innovative technologies in the recently adopted Signs and Signals for Inland Waterways (SIGNI); of WP.1 on the safe deployment of automated vehicles in traffic; of WP.15 on telematics for the transport of dangerous goods; of WP.29 on the adoption of the framework document on the safety of automated vehicles; of WP.29/GRVA on regulating autonomous/automated and connected vehicles (incl. cyber security); and of WP.30 on eTIR, as fostering regulatory and other activities in these areas would ensure the benefits that ITS could provide in terms of safety, environmental protection, energy efficiency and traffic management.

36. In decision No. 16, ITC invited WP.1 and WP.29 to continue their close cooperation to facilitate the safe deployment of automated vehicles.

37. In decision No. 17, ITC noted with satisfaction that the ITS Road Map 2011–2020, which would come to its conclusion in 2020, encouraged ITS activities linked to infrastructure and all transport modes and contributed to addressing ITS issues in an integrated approach.

38. In decision No. 18, ITC decided that, on this basis and considering the importance of ITS in light of global mega trends, technological developments, and the ongoing transformation of the Committee and its Working Parties, an updated ITS Road Map would be warranted and, therefore, requested the secretariat, in close cooperation with relevant Working Parties and subsidiary bodies, to prepare it for consideration in the framework of relevant Working parties and ITC Bureau and possible adoption at its eighty-third session, subject to availability of resources.

39. In decision No. 50, ITC endorsed the establishment by WP.29 of the Framework Document on Automated/Autonomous Vehicles and its implementation mainly by the Working Party on Autonomous/Automated Vehicles (GRVA).

40. In decision No. 51, ITC noted with regret the limitation of the 179th WP.29 session to three days only as a result of the financial crisis.

41. In decision No. 52, ITC reiterated its support for hosting of the type-approval database DETA at ECE, following the entry into force of Revision 3 to the 1958 Agreement, took note of information on the status of ECE hosting of DETA and reiterated its support for the request for financing of DETA under the United Nations regular budget.

42. WP.29 identified IWG on ITS as the ideal body to support the update of the ITS Road Map and requested the IWG to develop in close cooperation with the secretariat a first draft in view of the next ITC session.

23. GRVA adopted GRVA-06-19-Rev.1 and requested the secretariat to submit it (without paras 5.3.1.-5.3.4.) as draft UN Regulation on Cyber Security and Cyber Security Management Systems to WP.29 and AC.1 for consideration and vote at their June 2020 session.

19. The expert from OICA presented GRVA-06-08-Rev.1 introducing GRVA-06-07 proposing amendments to the scope, clarifications in para. 5.1.3., paras. 7.2.2.2-7.2.2.4. and para. 7.3.7., a proposed way forward for the resolution of the discussion on paras. 5.3.1-5.3.4, transitional provisions in para. 7.3.1. and the deletion to the reference to Part. C in Annex 5.

20. The expert from Germany introduced an alternative amendment proposal to the transitional provision para. 7.3.1..

22. The expert from Spain introduced GRVA-06-18 aimed at specifying security definition requirements for the vehicle type. GRVA agreed to consider a revised proposal at its September 2020 session.

21. The expert from the European Commission introduced GRVA-06-17 and GRVA-06-17-Rev.1, aimed at resolving the Contracting Parties discussion on paras. 5.3.1.-5.3.4. GRVA could not reach consensus on the proposal. GRVA agreed to make further progress until the June 2020 session of WP.29 along the following agreed principles:

1. Introduction of prescriptions regarding the competencies of the Technical Services involved;
2. Introduction of provisions on the upload of the type approvals in DETA;
3. Introduction of a peer review concept that prevents sovereignty issues regarding the issuance of Type Approvals;
4. Introduction of a reference to Schedule 6 of the 1958 Agreement.

21. The expert from the European Commission introduced GRVA-06-17 and GRVA-06-17-Rev.1, aimed at resolving the Contracting Parties discussion on paras. 5.3.1.-5.3.4. GRVA could not reach consensus on the proposal. GRVA agreed to make further progress until the June 2020 session of WP.29 along the following agreed principles:

1. Introduction of prescriptions regarding the competencies of the Technical Services involved;
2. Introduction of provisions on the upload of the type approvals in DETA;
3. Introduction of a peer review concept that prevents sovereignty issues regarding the issuance of Type Approvals;
4. Introduction of a reference to Schedule 6 of the 1958 Agreement.

19. The expert from OICA presented GRVA-06-08-Rev.1 introducing GRVA-06-07 proposing amendments to the scope, clarifications in para. 5.1.3., paras. 7.2.2.2-7.2.2.4. and para. 7.3.7., a proposed way forward for the resolution of the discussion on paras. 5.3.1-5.3.4, transitional provisions in para. 7.3.1. and the deletion to the reference to Part. C in Annex 5.

20. The expert from Germany introduced an alternative amendment proposal to the transitional provision para. 7.3.1..

19. The expert from OICA presented GRVA-06-08-Rev.1 introducing GRVA-06-07 proposing amendments to the scope, clarifications in para. 5.1.3., paras. 7.2.2.2-7.2.2.4. and para. 7.3.7., a proposed way forward for the resolution of the discussion on paras. 5.3.1-5.3.4, transitional provisions in para. 7.3.1. and the deletion to the reference to Part. C in Annex 5.

20. The expert from Germany introduced an alternative amendment proposal to the transitional provision para. 7.3.1..

15. The Secretary presented, in the absence of leadership of the group, GRVA-06-05 informing GRVA on the activities performed by the Task Force on Cyber Security and OTA issues since the fifth session of GRVA.

18. The expert from FIGIEFA introduced corrections to the wording that they proposed at the fifth session of GRVA. GRVA agreed with the corrections proposed for paragraph 1.4. GRVA referred the part of the proposal addressing the Interpretation Document to the Task Force on CS/OTA for detailed review.

17. The expert from CEMA introduced GRVA-06-03 proposing to remove the vehicle categories S, R and T from the scope of the draft Regulation on Cyber Security and Cyber Security Management Systems. GRVA noted the concern expressed by the expert from Austria about the fact that modern vehicles of these categories were highly connected and automated and were also involved in road traffic. GRVA agreed with the position expressed by CEMA at this stage, as these vehicle categories were not specifically considered when drafting the regulation. GRVA invited the experts from CEMA to review the draft regulation.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

16. GRVA worked on the basis of GRVA-05-05-Rev.1 prepared by the Secretary at the end of the fifth session of GRVA.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

5. The Secretary presented GRVA-05-28, with the highlights of the November 2019 session of the World Forum for Harmonization of Vehicle Regulations (WP.29). He highlighted, among others, the question raised by WP.29 to the subsidiary bodies concerning the use of the Unique Identifier in relation with e.g. installation marking provisions. He referred to ECE/TRANS/WP.29/1149 for more details.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.

25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.

26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.

27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.

28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.

29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.

30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.

31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.

32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.

33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.

34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above).

1. GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
2. GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
3. GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
4. The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
5. GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.

35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.