Automotive Cybersecurity Regulatory Framework

During the last few years, cybersecurity has become one of the key aspects in the automotive industry to ensure the safety and security of vehicles throughout their lifecycle. The implementation of new technologies and the goal of deploying fully automated vehicles in the not-so-distant future have created new needs regarding vehicle safety. As the automotive industry shifts toward automated and connected vehicles, the possibility of cyberattacks emerges as a significant concern. To address these challenges, different regulatory bodies and governments worldwide have developed or are developing a new set of regulations and standards with varying approaches to legislate or standardize the minimum criteria that manufacturers must follow to ensure security against potential attacks, adding requirements to ensure the cybersecurity of the vehicles at all levels. At the United Nations level, UN Regulation 155 was introduced in 2021, establishing requirements for manufacturers' cybersecurity management systems as well as for vehicles themselves. In parallel, ISO/SAE 21434 establishes a new framework and a common language for communicating and managing vehicular cybersecurity risks. Other regions, such as China and the United States, are also deploying additional regulations and recommendations to address this specific topic. Understanding the approach followed by different regions, along with identifying the synergies and differences between these regulatory frameworks, is essential for manufacturers navigating this complex landscape of automotive cybersecurity compliance.