UNECE / Automotive


Modern vehicles include hundreds of connected components (ECUs) which have the mission to monitor and control the implemented functionality.


While some of the ECUs are responsible for the operation of the main vehicle functionalities such as brakes or engine, others are linked to modern functionalities such as infotainment, vehicle to vehicle, vehicle to infrastructure, etc.

In total, all of these components together need to be robust and well designed from a cybersecurity point of view. In light of recent demonstrated security attacks on cars, cybersecurity is an element that became mandatory also in the landscape or international vehicle regulations.


Bureau Veritas can support you along the way with consultancy in the development of the security features, as well as review of the processes and official regulatory audits.


The latest UNECE regulations – on Cybersecurity (R155) and Software Updates (R156) – were created to keep track with the threats associated with a modern vehicle. Such vehicles are designed to facilitate a broad range of external interfaces, car to car and car to infrastructure connectivity, as well as support for (Over The Air) software updates. The regulations put equal emphasize on the processes used by the OEM during the whole life cycle of the vehicle, as well as the testing and validation on the vehicle type itself. A typical audit in line with these regulations will contain a special focus on the documented and implemented services, as well as testing by sampling.

As an entity involved in the development and testing of the new regulations since their draft state, Bureau Veritas can support with a wide range of services, including gap analysis, consultancy and support in implementation, as well as official type approval audits.


Support and Preparation – Review of processes and consultancy in drafting/implementation
– Workshops on cybersecurity and regulatory requirements
– Risk assessments on vehicles and components
– Penetration testing of components and systems
Compliance and Testing – ISO/SAE 21434 Compliance Gap Analysis
Certification/Regulatory – UNECE Cybersecurity (R155) and Software Updates (R156) Compliance Gap Analysis
– UNECE Cybersecurity (R155) and Software Updates (R156) Type Approval
– Common Criteria Certification