The automotive sector is undergoing a profound transformation with the digitalization of in-car systems that are necessary to deliver vehicle automation, connectivity and shared mobility. Today, cars contain up to 150 electronic control units and about 100 million lines of software code – four times more than a fighter jet –, projected to rise to 300 million lines of code by 2030.

This comes with significant cybersecurity risks, as hackers seek to access electronic systems and data, threatening vehicle safety and consumer privacy.

Two new UN Regulations on Cybersecurity and Software Updates will help tackle these risks by establishing clear performance and audit requirements for car manufacturers. These are the first ever internationally harmonized and binding norms in this area.

The two new UN Regulations, adopted yesterday by UNECE’s World Forum for Harmonization of Vehicle Regulations, require that measures be implemented across 4 distinct disciplines:

• Managing vehicle cyber risks;
• Securing vehicles by design to mitigate risks along the value chain;
• Detecting and responding to security incidents across vehicle fleet;
• Providing safe and secure software updates and ensuring vehicle safety is not compromised, introducing a legal basis for so-called “Over-the-Air” (O.T.A.) updates to on-board vehicle software.

The regulations will apply to passenger cars, vans, trucks and buses. They will enter into force in January 2021.

Read more