What is UNECE/R156?

UNECE/R156, also known as “United Nations Regulation No. 156 – Uniform provisions concerning the approval of vehicles with regard to software updates and the software update management system”, is a regulation that sets out the requirements for software updates in vehicles.

The main objective of this standard is to establish a common framework for the management of software updates in vehicles. This framework aims to ensure that software updates are performed in a safe and efficient manner, minimizing the risk of introducing security vulnerabilities.

It applies to vehicles of categories M, N, O, R, S and T that allow software upgrades. This includes both light and heavy-duty vehicles.

Implementations & Requirements of UNECE/R156

  • The implementation of UNECE/R156 presents several challenges for vehicle manufacturers:

    • Cyber risk management: UNECE/R156 introduces a framework for cyber risk management, including the promotion of a cyber security culture, organizational and governance issues, project dependencies and ongoing maintenance. Automotive manufacturers and OEMs (Original Equipment Manufacturer) are responsible for ensuring that cyber risks are monitored, detected and mitigated throughout the vehicle lifecycle.
    • Approval requirements: The UNECE/R156 standard requires a certified Software Update Management System as a prerequisite for automotive manufacturers to obtain vehicle type approval and sell new vehicle types. This can pose a significant challenge for manufacturers who have no previous experience in managing software updates.
    • Over-The-Air (OTA) software updates: Given the increasing complexity and expanding code base of modern vehicles, secure and robust OTA software updates are essential to mitigate cybersecurity vulnerabilities. However, implementing OTA software updates can be challenging due to the need to ensure that updates are performed securely and efficiently.
    • Continuous compliance: The UNECE/R156 standard requires continuous monitoring and compliance. This means that manufacturers must have systems in place to monitor and respond to new threats and vulnerabilities as they emerge.

    UNECE/R156 sets out several requirements that vehicle manufacturers must comply with in relation to software updates. These requirements are divided into several sections, including application for type-approval, general specifications, modification of vehicle type and extension of type-approval, conformity of production, penalties for non-conformity of production, and definitive discontinuation of production.

    If a vehicle manufacturer does not comply with the requirements set out in UNECE/R156, it may face several sanctions. For example, if a vehicle does not comply with the cybersecurity requirements, type-approval may be refused. In addition, the certificate of conformity of the software update management system may be withdrawn.

    In brief, UNECE/R156 standard is an important step towards improving the management of software updates in the automotive sector. As vehicles become increasingly connected and autonomous, the management of software updates becomes a growing concern. This standard provides a framework for vehicle manufacturers to develop the necessary processes to safely and efficiently manage software updates.

Link to UNECE/R156 https://unece.org/transport/documents/2021/03/standards/un-regulation-no-156-software-update-and-software-update