The new UNECE regulations for the Cybersecurity Management System (R155) and Software Update Management System (R156) have been adopted by UNECE’s World Forum for Harmonization of Vehicle Regulations

UNECE R155 and UNECE R156 extend type approval to lifetime management of cybersecurity and software. 

The regulations will apply to passenger cars, vans, trucks and buses. They will enter into force start of January 2021 and cover:

  • Managing vehicle cyber risks;
  • Securing vehicles by design to mitigate risks along the value chain;
  • Detecting and responding to security incidents across vehicle fleet;
  • Providing safe and secure software updates and ensuring vehicle safety is not compromised
  • Introducing a legal basis for Over the Air (OTA) updates


UNECE Cyber Security Management facilitates Security throughout the whole company.

The CSMS Standard requires an OEM to provide Cybersecurity throughout the whole lifecycle of a vehicle.

This means that Cybersecurity has to be integrated from the Design point of view, until the End of Support. UNECE CSMS demands the following:

  • Risk Management throughout the whole company and lifecycle of each car.
  • Risk Assessments for every Vehicle Type
  • Cybersecurity Audits for each Vehicle Type
  • Vulnerability Analysis throughout the whole development and production process
  • Monitoring of Cybersecurity and Incident Response on existing Vehicle Types
  • Documentation of a Cyber Security Management


UNECE Software Update Management (SUMS) facilitates that SW updates and their impact on type approval parameters is visible to driver and traceable by external authorities, to ensure systematic approval and necessary governance mechanisms.

For governance it demands certification of OEM following a checklist which is summarized in the Regulation. Type approval parameters include: Environment, Theft, Safety, Connectivity, Information Sharing.

UNECE SUMS addresses three major aspects:     

  • Assessment of relevant vehicle manufacturer management system
  • Assessment and certification of vehicles
  • Implementation of a software identification scheme

What we offer

Based on years of experience with Cybersecurity and Safety, Vector Consulting Services supports with:

  • UNECE SUMS and CSMS ReadinessCheck
  • Preparation for Certification Assessments together with regional and international certification authorities
  • Support in the implementation of the UNECE standards for CSMS and SUMS
  • Process assessments for existing SUMS and CSMS Solutions
  • Development of Processes and Roles 
  • Efficient Solutions for RxSWIN Management