24 June 2021

TÜV SÜD is Designated Body for Cyber Security and Software Updates

Germany’s Federal Motor Authority (KBA) has designated TÜV SÜD as a Technical Service for cyber security and software updates in motor vehicles. UNECE Regulations R155 and R156, which came into effect in spring 2021, form the international regulatory framework for type approval and the certification of management systems. They define exactly which requirements OEMs must fulfil in the fields of cyber security and software updates. As a designated Technical Service, TÜV SÜD performs management system audits and prepares a comprehensive report on which KBA bases its type approval. This KBA designation enables TÜV SÜD to further expand its range of services catering to the design and development of connected and automated vehicles, thereby emphasising its position as one of the leading third-party service providers in this important future industry.

“Our designation as a Technical Service for cyber security and software updates is a fundamental building-block in our service portfolio for OEMs, addressing all issues of automated and connected vehicles. In future, we will be able to assist our customers with all tasks related to type approval required by UN Regulations 155 and 156 for cyber security and software updates“, says Raphael Hofer, Head of Technical Service, TÜV SÜD. As a Designated Body, TÜV SÜD can now assess both the manufacturers’ management systems and the security architecture for their capabilities in the fields of cyber security and software updates, and prepare the test reports required by KBA for the issue of a type approval. The basis is formed by the first UNECE Regulations for automated driving functions and their associated Regulations for cyber security (R155) and software updates (R 156) as well as the General Safety Regulation (Reg. (EU) 2019/2144). “Cyber security is one of the core topics of the mobility of tomorrow. Our designation means that with immediate effect, manufacturers can rely one hundred percent on the expertise of our TÜV SÜD specialists in the development and type approval of their vehicles. We thus contribute significantly to vehicle safety and security, thereby supporting a quick and successful market launch for automated and connected vehicles”, says Hofer.

What is involved

UNECE Regulations 155 and 156 introduce framework conditions for cyber security and update capabilities across all vehicles, requiring vehicle manufacturers to establish a certified cyber security management system (CSMS) or software update management system (SUMS). The CSMS includes comprehensive tests and documentation of the installed security architecture, which ensures security throughout the vehicles’ life cycle. In addition to the general level of security against cyber attacks, testing also covers the installation, functionality and identification of cyber security incidents and the relevant responses. This is where standards including the ISO 21434 come into play; the international cyber security standard was developed with the active involvement of TÜV SÜD. R156, in turn, addresses testing of software update processes, which must function securely and reliably – including “over the air”. It is based on standards such as the international standard ISO 24089 on software update engineering for road vehicles, which was likewise developed with TÜV SÜD’s active involvement.

As members of a Designated Body, the TÜV SÜD experts accompany vehicle manufacturers throughout the entire type approval process at KBA. To do so, they assess system architecture based on the documents submitted by the manufacturers, such as the specification of system architecture and the results of penetration tests. Beyond this, the experts provide audits and certification of management systems and conduct additional tests in their own or external testing laboratories where necessary. The process is concluded by comprehensive reports which form the basis for type approval at KBA.

Rapid market success

From cyber security and functional safety, testing and certification to approval and the design and development of regulatory framework conditions, TÜV SÜD provides assistance and support right from the start. The provider of testing, inspection and certification (TIC) services works with various partners at national, European and international levels to drive the fast success of automated and connected vehicles. International standards and regulations are a key factor in this success, ultimately ensuring that all vehicles on our roads – irrespective of their country of origin – fulfil the same safety and security requirements. Safety and security, in turn, are the cornerstones of trust, and thus of the successful mobility of tomorrow. Given this, last year the UN member states agreed for the first time on a uniform and binding regulation for automated lane keeping systems (ALKS) in ECE-R-157. The regulatory framework is accompanied by the UNECE Regulations for Cyber Security (R155) and Software Updates (R156), which came into effect in late January. TÜV SÜD successfully passed the audits held by the Federal Motor Authority (KBA) and is now designated for these two regulations.

“We are very pleased that we have been designated as a Technical Service for cyber security and software updates, and look forward to supporting our customers in these areas”, says Raphael Hofer.

Download Press Release

Press-contact: Vincenzo Lucà

Next Steps

Site Selector