Regulation Status: Draft
Published Date: Latest draft published February, 2020
In 1958, in the midst of post-war growth policies, members of the United Nations Economic Commission for Europe (UNECE) signed an agreement concerning type approval and mutual recognition of wheeled vehicles, equipment and parts.
Vehicle type approval is a process whereby an approval authority verifies that the vehicle meets minimum performance criteria related to safety, privacy and more. Mutual recognition means that once the vehicle is granted approval from a certified authority (e.g., TUV, Dekra, UL, etc.) the vehicle can be imported, registered and sold in all countries signed on the agreement.
Underneath UNECE, whose mission is to promote economic integration and cooperation, is the World Forum for the Harmonization of Vehicles Regulations (WP.29). WP.29 is responsible for keeping the regulation concurrent and has made significant progress in furthering the central tenets of UNECE’s mission. As of 2020, the contracting parties (CPs) to UNECE’s 1958 agreement has grown to 54 including all EU countries and other OECD nations (see Figure 1 below) like Japan, Turkey, Russia, Australia and South Africa.
Figure 1: Contracting Parties to the 1958 Agreement
The adoption of vehicle connectivity and automated driving functions has changed the safety and privacy discussion in the automotive sector. In response to this, WP.29 established the Working Party on Automated / Autonomous and Connected Vehicles (a.k.a ‘GRVA’) to recommend updated requirements for the type approval process. For each relevant topic concerning connected vehicles and automated driving, a dedicated task force was set up. The subsidiary GRVA task forces can be seen in the list below.
- CS/OTA – cyber security and OTA updates
- MVC – modular vehicle combinations
- ACSF – automatically commanded steering function
- AEBD/LDWS – automatic emergency braking and lane departure warning systems
- VMAD – validation method for automated driving
- FRAV – functional requirements for autonomous vehicles
The focus of this blog, and subsequent Argus blogs on WP.29, will be limited to the work of the CS/OTA task force and specifically the cyber security recommendations it submits to GRVA for consideration and approval. The most recent draft regulation on CS & OTA can be found on the UNECE website here. In it, new requirements for type approval, reporting, and cyber security for vehicles, and the organizations that manufacture them, are outlined in detail.
As of this writing, the European Union and Japan have set dates for adopting the cyber security regulation discussed in this document (see expected implementation timeline in Figure 2 below).
Figure 2: Expected adoption and implementation timeline
*Japan is expected to adopt a national regulation to accommodate differences between its planned implementation and the actual passage of the UN regulation.
**In regulation 2019/2144 of the European Parliament, EU nations are expected to implement, “…UN Regulations or other regulatory acts on [vehicle] cyber security…on a mandatory basis as soon as possible after their entry into force.”
The expanding global participation in UNECE vehicle regulations reflects a shared interest in its mission. Moreover, even if a country is not a CP to the 1958 agreement, most countries de facto accept UN type-approved vehicles for import, registration, sale and use. Meaning, there’s a good chance that if you work in the automotive industry, the products and services you build or sell are most likely motivated in some way by the requirements for type approval.
While slow to be realized and implemented, further regulatory consolidation on topics like connectivity, automation, privacy and cyber security can be expected in the future. With political stalemate in DC and no other regulatory framework with similar scope and reach, this draft UN regulation on cyber security is the most significant regulatory initiative in the world on automotive cyber security and over the air updates.