Proposal to amend para. 5.1.3. of UN R155 to add a refusal ground where the Certificate of Compliance for the Cyber Security Management System has not been issued by the same approval authority granting type approval, and insert new para. 5.4. into UN R156 to provide that approval authorities shall not grant any type approval if the Certificate of Compliance for the Software Update Management System has not been issued by the same approval authority granting type approval. The proposal, based on TFCS-37-02, ensures that Certificates of Compliance and type-approvals for UN R155 and UN R156 are issued by the same approval authority to enable holistic assessment and clarify reporting obligations.

Proposal to amend para. 5.3.2. to require approval authorities to notify other approval authorities of methods and criteria used to assess measures taken in accordance with the Regulation, insert new para. 8.2. to exclude equipment with negligible intrinsic cyber security risk from further assessment where installation does not impinge on the cyber security management system and is connected exclusively via an approved interface, insert new para. 8.3. to exclude standard domestic, business or industrial equipment connected only for power from further assessment where the equipment is unmodified and complies with applicable regional and national cyber security requirements, and amend Annex 1 to include any equipment excluded from assessment pursuant to paras. 8.2. and 8.3.