logo
stripes

Regulations & Alignment

ISO/SAE 21434 provides the framework for cybersecurity engineering in road vehicles. However, organizations must also comply with regulatory requirements that make cybersecurity a condition for vehicle type approval and market access.

UNECE Regulation R155 – Cybersecurity

Adopted by the United Nations Economic Commission for Europe (UNECE), R155 requires manufacturers to establish and maintain a Cybersecurity Management System (CSMS). Key aspects include:

  • Demonstrating that cybersecurity risks are systematically managed across the vehicle lifecycle.
  • Providing evidence of processes for threat analysis, risk treatment, and incident response.
  • Ensuring supplier and third-party risks are covered.

ISO/SAE 21434 is recognized as the main standard to implement the requirements of UNECE R155.

UNECE Regulation R156 – Software Updates

R156 complements R155 by requiring manufacturers to implement a Software Update Management System (SUMS). This ensures that software updates are:

  • Authentic and integrity-protected.
  • Securely delivered, whether over-the-air (OTA) or via service tools.
  • Traceable, with records demonstrating compliance.

ISO/SAE 21434 provides the cybersecurity processes that underpin a compliant SUMS.

Chinese Standards – GB/T 44495 & 44496

In China, the national standards GB/T 44495 and GB/T 44496 closely mirror ISO/SAE 21434 and UNECE requirements. They align domestic compliance with international expectations while adding region-specific details.

Other Related Standards

  • ISO 26262 – Functional safety for road vehicles, which complements cybersecurity requirements.
  • ISO 24089 – Software update engineering, aligned with R156.
  • Regional regulations – Market-specific adaptations that often rely on ISO/SAE 21434 as a baseline.

Global Impact

Compliance with these regulations is now mandatory for type approval in many markets. Manufacturers must demonstrate both a CSMS and a SUMS, supported by ISO/SAE 21434 processes, in order to sell vehicles in the EU, UK, Japan, South Korea, and other jurisdictions adopting UNECE rules.

Outputs

  • Evidence of a functioning CSMS (UNECE R155).
  • Evidence of a functioning SUMS (UNECE R156).
  • Compliance documentation for GB/T 44495/44496 in China.
  • Audit-ready work products from ISO/SAE 21434 processes.
Disclaimer: This page summarizes international regulations related to ISO/SAE 21434. For complete legal requirements, consult the official UNECE regulations and GB/T standards.