UNECE WP.29 Cybersecurity Regulations

post-01

UNECE WP.29 Cybersecurity Regulations

The United Nations Economic Commission for Europe (UNECE) was set up in 1947 as one of the five regional commissions of United Nations Economic & Social Council (UN ECOSOC).  As per the UN ECE website, its mission is defined as

“UNECE's major aim is to promote pan-European economic integration. UNECE includes 56 member States in Europe, North America and Asia. However, all interested United Nations member States may participate in the work of UNECE. Over 70 international professional organizations and other non-governmental organizations take part in UNECE activities.”

 

WP.29 is a working party of the Sustainable Transport Division of UNECE and its formal name is the World Forum for Harmonization of Vehicle Regulations.  It is the responsibility of WP.29 to manage the multilateral Agreements signed in 1958, 1997 and 1998 concerning the technical prescriptions for the construction, approval of wheeled vehicles as well as their Periodic Technical Inspection.  Furthermore, WP.29 must work to further develop, improve & amend UN Regulations, UN Global Technical Regulations and UN Rules within the framework of these three Agreements. 

As per the UNECE website, the main objective of WP.29 is

“Overall, the regulatory framework developed by the World Forum WP.29 allows the market introduction of innovative vehicle technologies, while continuously improving global vehicle safety. The framework enables decreasing environmental pollution and energy consumption, as well as the improvement of anti-theft capabilities.”

 

On 24 June 2020, two new UN Regulations were adopted by UNECE’s World Forum for Harmonization of Vehicle Regulations (WP.29) that ensure a focus on cybersecurity for Connected & Autonomous (CAVs).  These two regulations require that measures be implemented across four (4) distinct domains[AK2] :

  • Managing vehicle cyber risks
  • Securing vehicles by design to mitigate risks along the value chain
  • Detecting and responding to security incidents across vehicle fleet
  • Providing safe and secure software updates and ensuring vehicle safety is not compromised, introducing a legal basis for so-called “Over-the-Air” (O.T.A.) updates to on-board vehicle software.

 

The regulations will apply to passenger cars, vans, trucks, and buses and will enter into force in January 2021.  It is important that these regulations do not specific a specific cybersecurity methodology but requires that such measures be implemented in the Automotive Supply Chain.  This means that organizations can implement ISO 21434 to ensure compliance with these standards.