On the way to a secure software update with UN Regulation No. 156

With UN Regulation No. 156 (UN R156) and the requirements for the Software Update Management System (SUMS), the urgency for the automotive industry to act increases. Unlike standards such as ISO/SAE 21434, regulation UN R156 is not a general recommendation, but legally binding for market participants. The pressure to ensure the correct application of UN R156 is therefore very high. What is required for this? Get an overview: in our live webcast on Tuesday, October 5, 2021 at 14:00 (CET / UTC +2).

SUMS Webcast
SUMS Webcast

The application of UN R156 becomes mandatory for type approval: UN R156 effectively comes into force July 2022 and July 2024

As in almost all cybersecurity-related standards and regulations for the automotive industry, UN Regulation No. 156 also sets a strict timeline: All newly produced cars must comply with the regulation by July 2024 at the latest. Newly launched vehicle types must even ensure compliance with the regulation by July 2022.

The European Union has already adapted UN R156 into applicable law, meaning that the respective requirements are legally binding in the EU. In this context, there is the question of what is the situation with the United States and China, which are not UNECE member states? If car manufacturers from these countries want to sell their cars in UNECE member states, they must adopt at least equivalent principles to UN R156 and demonstrate compliance.

Thus, there is a significant pressure on the automotive value chain to act in order to correctly set the course for the newly defined requirements for software updates, the software update management system and over-the-air updates in practice.

The scope of the secure software update is more than just the update itself

Software updates and UN R156 are not just about the specific software update that a vehicle receives. The execution of a software update in accordance with UN Regulation No. 156 brings certain requirements with it that are far more complex than just the update itself on the car.

For example, certain requirements apply to the original equipment manufacturer (OEM) and the suppliers, to the vehicle type, but also the owner/user of the vehicle have to be considered as a relevant part of the process.

In detail, these are very specific procedures, specifications for documentation and far-reaching information and communication flows, which must be set up properly in order to guarantee a secure software update process along all phases of the vehicle lifecycle.

From development to vehicle type approval all the way to sales and in-field operations, almost all aspects of the automotive ecosystem play a role in the security of software updates.

SUMS Webcast
SUMS Webcast

The timeline of the update: before the update is after the update

For the overall security and integrity of the software update process, it is not only necessary to involve all players in the value chain, but it is also important to take a holistic view of the software update time axis.

In the context of the pre-update, it is important to ensure that the preconditions for the update are properly in place – from the update infrastructure to the vehicle and more.

For the execution of the actual update (primarily but not only as an over-the-air update), it is also necessary to ensure certain parameters.

And afterwards, in the post-update phase, further requirements have to be met, e.g. with regard to documentation, etc.

This is where the so-called RXSWIN (the Regulation X Software Identification Number) plays a crucial role. The RXSWIN can be thought of as a dedicated identifier for the type approval relevant software of the Electronic Control System, defined by the vehicle manufacturer.

In our free info webcast on Tuesday, October 5 at 14:00 (CET / UTC +2), we will provide insights into the structure and requirements of UN Regulation No 156.

What exactly does the regulation require to ensure secure software updates along UNR156 requirements? What does the Software Update Management System mean for the organization? We also give a first insight into ISO 24089, which contains the technical requirements to establish the SUMS.

The webcast is free of charge, please register in advance using the form below.

Register here for the free UN R156 & SUMS info webcast on Tuesday, October 5, 2021 at 2:00 PM (CET / UTC+2).

    Thank you for your interest in our upcoming free info webinar UN Regulation No. 156 and Software Update Management System. Please use the form on the right to send us your specific questions on the topic in advance. We will do our best to provide the corresponding answers in the live webinar.

    If you would like to address specific educational and consulting needs related to the topic in advance, please send us a non-binding message using our contact form.

    Phone: +49 (0) 89 9542 808 00
    E-Mail: office (at) cyres-consulting.com



      Essential Guide

      The Essential Guide to ISO/SAE 21434

      How to manage the challenges of the new automotive cybersecurity standards and regulations

      Essential Guide

      The Essential Guide to ISO/SAE 21434

      How to manage the challenges of the new automotive cybersecurity standards and regulations