Due to UN Regulation No. 155 (stemmed from the UNECE WP.29), Porsche’s best-selling model – the Macan SUV (47,755 cars sold globally in the first half of 2023), will soon exit the European market and won’t be available for sale. The carmaker says upgrading the ICE (internal combustion engine) version to comply with the upcoming cybersecurity regulations which go into effect July 1, 2024, was too costly.

Schedule a time to meet with our team at CES 2024 here.

Porsche Cans Macan SUV Sales

Porsche has announced it will halt sales of its popular Macan SUV in Europe starting in spring 2024 due to new vehicle cybersecurity regulations issued by the United Nations Economic Commission for Europe (UNECE) – specifically the UN Regulation No. 155. The regulations require all new vehicles sold in the EU to meet certain cybersecurity standards alongside organizational processes and controls, or they will not be eligible for registration (Type Approval) after July 1, 2024.

David Mor-Ofek, head of Product at C2A Security, and a member of the working group that drafted the ISO/SAE 21434 standard, weighs in on Porsche’s decision: “With this regulation, the industry often pays more attention to the in-vehicle implications, but the organizational effort is much broader and expensive. Especially in an industry governed by a complex supply chain, with >100 suppliers, establishing proper processes and protocols to manage risk throughout the vehicle lifecycle can prove too much for some. And I believe that’s the case we’re seeing here with Porsche.”

David’s comments align with the following statement by a Porsche spokesperson: “Implementing the directive not only requires adjustments in the technical implementation, for example in the control units, but also essentially a change of processes in the development phase. For example, management systems [Cybersecurity Management System – CSMS] will have to be developed and certified for cybersecurity in the future.”

The spokesperson further explained that “the Macan was developed before the exact requirements of the cybersecurity regulations were known and it would be too costly to update the SUV to meet the rules.”

C2A Security’s EVSec Platform helps car makers and Tier 1 suppliers to simplify their compliance efforts, by automating the threat analysis and risk management practices. EVSec easily integrates within the customer’s existing DevOps tools chain, such as Siemens’ Polarion for Application Lifecycle Management and ServiceNow for automated asset management.

The mid-size Macan SUV is Porsche’s top-selling model globally (selling close to 21,000 cars in the US alone), meaning disappearing from the European market could substantially impact the brand’s sales and revenue.

Simplify Compliance With C2A Security

For automakers, adopting solutions like EVSec Platform can simplify regulatory compliance by providing an integrated cybersecurity management system (CSMS) and software bill of materials (SBOM) for the entire vehicle supply chain. C2A Security will exhibit at CES 2024 in Las Vegas, at the LVCC West Hall, booth 7216, holding demos of its automated DevSecOps Platform to customers and partners. Schedule a time to meet with our team at CES 2024 here.

Rather than a costly rebuild, compliance is achieved with minimal change. As Porsche has demonstrated, failing to meet evolving cybersecurity vehicle standards can lead to major business disruptions.

Click here to schedule a demo and find out what EVSec Platform can do for your business.