logo
stripes

UNECE R155 – Cybersecurity (CSMS & Type Approval)

This section provides an introductory, high-level overview of UNECE Regulation No. 155: organizational capability (CSMS), lifecycle risk management, supplier integration, monitoring/incident handling, and evidence for vehicle type approval. For authoritative requirements, refer to the official regulation text and your approval authority’s guidance.

Disclaimer: Summary content only. Consult the official UNECE R155 regulation and national authority documentation for the full, normative requirements.

At a Glance

CSMS

Organizational governance, roles, competence, processes, and evidence.

Risk Management

Identify threats, assess feasibility/impact, treat risks, and trace evidence.

Type Approval

Show that CSMS and risk practices are applied to the specific vehicle type.

Chapters

Overview

Purpose, key concepts, and relationship to ISO/SAE 21434 & R156.

Overview →

Scope

Who/what is covered, lifecycle boundaries, and out-of-scope clarifications.

Scope →

CSMS

Governance, process framework, competence, supplier coverage, improvement.

CSMS →

Risk Management

TARA alignment, treatment strategy, acceptance rules, and traceability.

Risk Management →

Vehicle Type Approval

What authorities examine and how to package conformance evidence.

Vehicle Type Approval →

Monitoring & Incident Management

Telemetry, PSIRT, CVD, SLAs, comms, and feedback to CSMS/TARA.

Monitoring & Incidents →

Supplier & External Interfaces

Flow-down, evidence exchange, assessments/audits, and ops coordination.

Supplier & Interfaces →

FAQ

Quick answers to the most common implementation and audit questions.

Read →

Preparing for R155 Type Approval?

We support OEMs and suppliers with CSMS assessments, evidence pack assembly, TARA reviews, PSIRT readiness, and SUMS alignment (R156/ISO 24089).

Contact Us by filling the form in our main page