UNECE Regulation No. 156 – Software Updates
UNECE R156 defines requirements for managing and performing software updates for road vehicles in a controlled, traceable, and secure manner. Together with R155 (Cybersecurity) and ISO/SAE 21434, it forms the international regulatory framework ensuring cybersecurity and software integrity throughout the vehicle lifecycle.
Overview
Learn what R156 regulates, its relation to R155, and why software update governance is critical for vehicle cybersecurity and compliance.
Overview →Scope
Defines which vehicles, systems, and updates are covered by R156, including exclusions and linkages to type approval.
Scope →SUMS
The Software Update Management System defines the organizational framework for planning, approving, delivering, and verifying updates.
SUMS →Update Process
The end-to-end process: from planning and packaging to delivery, installation, and validation — aligned with ISO 24089.
UpdateProcess →Integrity & Authenticity
Learn how R156 ensures that every software package is signed, verified, and protected against tampering or unauthorized installation.
Integrity & Authenticity →CampaignManagement
How software update campaigns are planned, staged, and monitored with pause/resume and rollback capability.
Campaign Management →Post-Update Validation
After installation, manufacturers must confirm functional integrity, safety compatibility, and successful deployment.
Post-Update Validation →Records & Traceability
Requirements for maintaining per-campaign and per-VIN records, with immutable, verifiable evidence trails.
Records & Traceability →Learn More
- UNECE R155 – Cybersecurity Regulation
- ISO/SAE 21434 – Road Vehicles Cybersecurity Engineering
- UNECE Vehicle Regulations Portal →