The UN Regulation No. 155 (UN R155) has been in the works for years now, entered into effect in June 2022, with the 2nd phase entering into effect July 2024. In December 2023, Porsche became the 1st car maker to announce it would discontinue the sale of its popular Macan (ICE) in Europe because it couldn’t comply with UN R155.

A report from McKinsey & Co. estimated that car makers’ spending on cybersecurity will increase from $4.9 billion in 2020 to $9.7 billion in 2030, an annual growth of more than 7 percent.

David Mor-Ofek, head of Product at C2A Security, and a member of the working group that drafted the ISO/SAE 21434 standard, had this to comment on Porsche’s decision: “With this [UN R155] regulation, the industry often pays more attention to the in-vehicle implications, but the organizational effort is much broader and expensive. Especially in an industry governed by a complex supply chain, with >100 suppliers, establishing proper processes and protocols to manage risk throughout the vehicle lifecycle can prove too much for some. And I believe that’s what we’re seeing here with Porsche.”

After July 7, car makers must prove they have a cybersecurity management system (CSMS) across their entire fleet, otherwise, they risk losing their Type Approval to sell cars in Europe.

Simplify Compliance With C2A Security

For car makers and Tier 1 suppliers, adopting solutions like EVSec Platform can simplify regulatory compliance by providing an integrated cybersecurity management system (CSMS) and software bill of materials (BOM) for the entire vehicle supply chain. Schedule a demo today.