Assessment of software update procedures

UN Regulation 156 - automotive software

Comply with UN Regulation 156

Comply with UN Regulation 156

UN Regulation 156 makes the approval of software updates mandatory for all vehicles with such capabilities

The regulation covers requirements for vehicle and component software updates, but also for a Software Update Management System (SUMS). Automotive manufacturers must therefore maintain a certified SUMS, which must be assessed and renewed at least every three years.

For EU type approval, the European Union’s General Safety Regulation (GSR) requires software update compliance with the UN Regulation 156. The UN regulation’s requirements harmonize with the upcoming ISO 24089 “Road vehicles – Software engineering” standard. Both UN Regulation 156 and ISO 24089 require security and safety to be enforced across the entire automotive software update mechanism.

An assessment of automotive software updates identifies a manufacturer’s level of conformity to the UN Regulation 156 and ISO 24089 standard.

Why the assessment of automotive software updates is important

Without the implementation, operation and maintenance of a software update management system (SUMS), manufacturers cannot gain type approval for software-update enabled vehicles and will not be able to sell them in European markets. Manufacturers and suppliers must therefore provide evidence that the requirements for the vehicle and the components are implemented according to the UN regulation.

An efficient and systematic assessment by an independent third-party is necessary to identify a manufacturer’s level of conformity to the UN Regulation 156 and ISO 24089 standard. Our assessment verifies your organization’s ability to develop and maintain a safe and secure software update mechanism and associated processes. Additionally, you can ensure that a component, or even the entire vehicle can perform software updates safely and securely – giving you the required evidence to gain EU type approval.

Helping You comply with UN and ISO requirements

UN Regulation 156 Assessment ServicesOur TÜV SÜD experts can help you understand the UN and ISO requirements and how they affect your products and systems. We support you to identify compliance gaps in your processes and how they can be closed. Furthermore, we can assist you in ensuring that your software update processes fulfill UN Regulation 156 and ISO 24089 requirements, so you can achieve certification of your software update management system, which can be provided by TÜV SÜD’s Technical Service.

Our experts are actively involved in the latest automotive cybersecurity and software update engineering standards development activities (ISO 21434 and ISO 24089), providing our clients with the most up-to-date knowledge of current and future requirements.

We also participate in relevant UNECE committees, developing cybersecurity regulations and software updates (UNECE WP.29 GRVA). We were also involved in the development of the first technical guideline in Singapore (TR68-3) for the secure and safe deployment of fully autonomous vehicles. Our systematic and holistic assessment reports enable you to design and verify safe and secure automotive components for connected and automated vehicles with update capabilities.

By partnering with TÜV SÜD, you gain the following benefits:

  • Minimize risk by ensuring your processes, vehicles and components fulfill all software update requirements so that they receive type approval and can be sold on the market
  • Minimize time to market by improving the efficiency of your software update and type approval processes
  • Gain access to TÜV SÜD’s international network of technical experts
  • Demonstrate your dedication to accurately assessing automotive software updating so you can increase your customer trust

Our software update assessment services 

TÜV SÜD’s expert assessment of automotive software updates and software update management system (SUMS) identifies if your organization’s processes provide a suitable and sustainable framework for your software update mechanism. Our assessment determines whether you fulfil the SUMS requirements of both UN Regulation 156 and ISO 24089.

Our assessment ensures that:

  • Manufacturers and suppliers implement appropriate organizational governance to produce components or vehicles capable of processing safe and secure software updates.
  • The specific requirements for updates and over-the-air updates are implemented correctly.
  • Software version identification is possible.
  • All required processes and documentation are produced in accordance with the ISO 24089 standard and the impending UN regulation.

Our assessments are flexible and can be adapted to fit your organization’s needs, by assessing the entire organization or covering specific departments. This can also be applied in the early implementation stages and allows for efficient re-assessment, so that changes in your organization or processes can be reflected quickly. Our detailed technical report includes a performance analysis and recommends how to close existing gaps.

TÜV SÜD’s assessment for safe and secure automotive software updates:

Contact Us


Autonomous Driving Regulations
White paper

Automated driving requires international regulations

Learn about the current version of the UNECE regulation for automated lane keeping systems (ALKS)

Learn More

Homologation of Automated Vehicles: The Regulatory Challenge
White paper

Homologation of Automated Vehicles: The Regulatory Challenge

A six-point approach for developing a regulatory framework.

Learn More

Interior view of an car with illustrations in the front
White paper

Virtual Homologation of an ALKS According to UNECE R157

Gain insights into UNECE R157 and scenario-based test approaches

Learn More

Highly automated car, case study ADSCENE


Assessment of a development process for test scenarios, used for the safety evaluation of ADS according to ISO/DIS 34502 and the PEGASUS method.

Learn More


Next Steps

Site Selector