logo
stripes

ISO/SAE 21434 – Overview

ISO/SAE 21434:2021 is the international standard for road vehicle cybersecurity engineering. It defines a common framework to manage cybersecurity risks across the entire lifecycle of a vehicle — from concept and development through production, operation, and decommissioning.

The standard was jointly developed by the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE) to address the growing need for systematic protection against cyber threats in modern, connected vehicles.

Why It Matters

  • Connected vehicles are exposed to new cyber risks, ranging from data theft to remote control attacks.
  • ISO 21434 provides a structured, risk-based approach to ensure that cybersecurity is engineered into every phase of vehicle development.
  • It underpins regulatory requirements such as UNECE R155 (Cybersecurity Management System) and R156 (Software Updates).

Scope

The scope of ISO 21434 covers all electrical and electronic systems in vehicles, their components, and interfaces. It applies to OEMs, suppliers, and service providers who contribute to vehicle design, development, or maintenance.

The standard does not prescribe specific technologies, but requires organizations to demonstrate that risks are identified, assessed, and treated appropriately.

Key Principles

  • Lifecycle Coverage: Cybersecurity must be considered from concept through end-of-life.
  • Risk-Oriented Approach: Use threat analysis and risk assessment (TARA) to drive design decisions.
  • Integration with Safety: Works in conjunction with ISO 26262 to ensure safety and security are both addressed.
  • Organizational Responsibility: Requires a Cybersecurity Management System (CSMS) for governance and continuous improvement.

Relationship to Other Standards

ISO 21434 is closely aligned with international regulations and standards, including:

  • UNECE R155: Requires OEMs to implement a CSMS compliant with ISO 21434 principles.
  • UNECE R156: Focuses on secure software updates, supported by processes defined in ISO 21434.
  • GB/T 44495/44496: Chinese standards that mirror ISO 21434 requirements for the domestic market.

Conclusion

ISO/SAE 21434 provides the foundation for automotive cybersecurity engineering. While it does not mandate specific technical solutions, it ensures that every stakeholder applies a structured process to manage risks consistently. For full details, organizations should refer to the official ISO/SAE 21434:2021 publication.

Disclaimer: This page is an introductory overview. For complete requirements, consult the official ISO/SAE 21434:2021 standard, available from ISO or SAE.