Automotive Standards
UN-R 155
UN-R 155 (UN Regulation No. 155) is the United Nations regulation that mandates a Cybersecurity Management System (CSMS) for new vehicle type approvals. Adopted in 2020 and mandatory in the European Union and many other regulatory regimes since 2024, it transforms automotive cybersecurity from a recommended practice into a regulatory requirement.
Definition
UN-R 155 (UN Regulation No. 155) is the United Nations regulation that mandates a Cybersecurity Management System (CSMS) for new vehicle type approvals. Adopted in 2020 and mandatory in the European Union and many other regulatory regimes since 2024, it transforms automotive cybersecurity from a recommended practice into a regulatory requirement.
What it means
UN-R 155 requires vehicle manufacturers seeking type approval to operate a CSMS that addresses cybersecurity throughout the vehicle lifecycle: risk identification, risk treatment, supplier management, incident response, and post-production monitoring. The regulation does not specify implementation; manufacturers typically implement using ISO/SAE 21434 as the de-facto framework.
The companion regulation UN-R 156 mandates a Software Update Management System (SUMS) for over-the-air software updates.
For vehicle manufacturers and Tier-1 suppliers, the regulatory deadline drives most automotive cybersecurity work. Most engagement requests we see in this space frame UN-R 155 compliance as the business outcome, with ISO/SAE 21434 readiness and TARA execution as the implementation path.
Related terms
- ISO/SAE 21434 - TARA
Authoritative sources
- UN-R 155 (UNECE) - UN-R 156 companion regulation
---