New 2024 cybersecurity regulations for vehicles
The digital technology embedded in new vehicles continues to evolve, year after year, towards the incorporation of telecommunication technologies, data collection and processing, and intelligent controls. As in industrial environments in the past, traditionally isolated systems are becoming increasingly connected and vulnerable to attacks, which, on the other hand, also continue to grow in number and complexity.
In this context, the European Union agrees on two new regulations that will govern the cybersecurity requirements to be met by all vehicles circulating in its territory. These regulations are: R155, concerning the requirements for the management of cybersecurity, and R156, which stipulates the requirements for the management of software updates.
In Spain, these requirements will be mandatory for all vehicles from 1 July 2024, affecting not only the vehicles themselves, but also the operations of manufacturers and suppliers.
This guide aims to review the new regulation: what requirements does it define for vehicles, manufacturers and suppliers? what good practices can be applied to ensure compliance? what points may present the greatest challenges?
You will find a review of the most relevant points of both documents, providing advice, indications and observations aimed mainly at vehicle manufacturers, the main audience of the regulation, while at the same time facilitating the understanding of this new regulation for the general public and other entities in the sector's supply chain.