logo
stripes
logo
stripes

UNECE R155 – Cybersecurity (CSMS & Type Approval)

This section provides an introductory, high-level overview of UNECE Regulation No. 155: organizational capability (CSMS), lifecycle risk management, supplier integration, monitoring/incident handling, and evidence for vehicle type approval. For authoritative requirements, refer to the official regulation text and your approval authority’s guidance.

Disclaimer: Summary content only. Consult the official UNECE R155 regulation and national authority documentation for the full, normative requirements.

At a Glance

CSMS

Organizational governance, roles, competence, processes, and evidence.

Risk Management

Identify threats, assess feasibility/impact, treat risks, and trace evidence.

Type Approval

Show that CSMS and risk practices are applied to the specific vehicle type.

Chapters

Overview

Purpose, key concepts, and relationship to ISO/SAE 21434 & R156.

Overview →

Scope

Who/what is covered, lifecycle boundaries, and out-of-scope clarifications.

Scope →

CSMS

Governance, process framework, competence, supplier coverage, improvement.

CSMS →

Risk Management

TARA alignment, treatment strategy, acceptance rules, and traceability.

Risk Management →

Vehicle Type Approval

What authorities examine and how to package conformance evidence.

Vehicle Type Approval →

Monitoring & Incident Management

Telemetry, PSIRT, CVD, SLAs, comms, and feedback to CSMS/TARA.

Monitoring & Incidents →

Supplier & External Interfaces

Flow-down, evidence exchange, assessments/audits, and ops coordination.

Supplier & Interfaces →

FAQ

Quick answers to the most common implementation and audit questions.

Read

Preparing for R155 Type Approval?

We support OEMs and suppliers with CSMS assessments, evidence pack assembly, TARA reviews, PSIRT readiness, and SUMS alignment (R156/ISO 24089).

Contact Us by filling the form in our main page