# UN-R 155 **slug:** `un-r-155` · **URL:** `/knowledge/glossary/un-r-155/` · **category:** Automotive Standards · **reviewer:** Tatiana ### Definition UN-R 155 (UN Regulation No. 155) is the United Nations regulation that mandates a Cybersecurity Management System (CSMS) for new vehicle type approvals. Adopted in 2020 and mandatory in the European Union and many other regulatory regimes since 2024, it transforms automotive cybersecurity from a recommended practice into a regulatory requirement. ### What it means UN-R 155 requires vehicle manufacturers seeking type approval to operate a CSMS that addresses cybersecurity throughout the vehicle lifecycle: risk identification, risk treatment, supplier management, incident response, and post-production monitoring. The regulation does not specify implementation; manufacturers typically implement using [ISO/SAE 21434](/knowledge/glossary/iso-sae-21434/) as the de-facto framework. The companion regulation UN-R 156 mandates a Software Update Management System (SUMS) for over-the-air software updates. For vehicle manufacturers and Tier-1 suppliers, the regulatory deadline drives most automotive cybersecurity work. Most engagement requests we see in this space frame UN-R 155 compliance as the business outcome, with [ISO/SAE 21434](/knowledge/glossary/iso-sae-21434/) readiness and [TARA](/knowledge/glossary/tara/) execution as the implementation path. ### Related terms - [ISO/SAE 21434](/knowledge/glossary/iso-sae-21434/) - [TARA](/knowledge/glossary/tara/) ### Authoritative sources - [UN-R 155 (UNECE)](https://unece.org/transport/documents/2021/03/standards/un-regulation-no-155-cyber-security-and-cyber-security) - [UN-R 156 companion regulation](https://unece.org/transport/documents/2021/03/standards/un-regulation-no-156-software-update-and-software-update) ---