Over the next few years, many countries will introduce the United Nations Economic Commission for Europe (UNECE) regulations R155 on cybersecurity and R156 on software updates. The new regulations address the growing risk posed by increasing connectivity and the digitized vehicle environment – a major challenge for vehicle manufacturers and their suppliers. This article focuses primarily on regulation UN-R 156 for software updates and the establishment of a Software Update Management System (SUMS).
UNECE Regulation 156 – SUMS
UN-R156 establishes the framework for the type approval of software updates for vehicles and for the establishment of a Software Update Management System (SUMS). A SUMS ensures that the requirements for the provision of software updates described in UNECE Regulation 156 are met. A SUMS defines the organizational processes and procedures necessary for this and is based on the same model as a Cyber Security Management System (CSMS). It is the central control unit for software updates. The goal here is to develop, to control and to continuously improve all types of activities and processes that are essential for updates. To obtain type approval certification as OEMs, all mandatory type approval parameters must be included. UNECE Regulation 156 lists these parameters such as safety, connectivity, information exchange, theft and environment in a checklist for OEMS. Compliance with these parameters is crucial for type approval. By implementing a SUMS, OEMs and suppliers can ensure that they comply with the regulation for the delivery of software updates.
Overview of the most important points
- According to paragraph 2.3 of UN-R156, the term “software update” describes a package used to update the software to a new version, including a change in configuration parameters.
- According to paragraph 2.5 of UN-R156, SUMS is a systematic approach that defines organizational processes and procedures to meet the requirements for the delivery of software updates in accordance with UN-R156.
- In this regard, UN-R156 specifically addresses OTA updates. According to paragraph 2.9. of UN-R156, an OTA update means any method of wireless data transmission instead of a cable or other local connection.
- According to paragraph 6 of UN-R156, an original equipment manufacturer must obtain a so-called certificate of conformity for its SUMS from an appropriate type approval authority. A certificate of compliance is usually valid for up to three years from the date of delivery. Original equipment manufacturers must apply for a new certificate of conformity or an extension of the existing certificate of conformity in good time before the period of validity expires. A valid certificate of conformity for the SUMS is the main basis for a valid type approval.
- UN-R155 and UN-R156 primarily establish type approval requirements for OEMs in their typical role as whole vehicle type approval holders. Thus, they expect an OEM to implement and maintain a proper CSMS and SUMS and apply it to its respective type-approved vehicle types. Proper cybersecurity and software updates, on the other hand, generally involve supplier parts. Therefore, most suppliers are also included in cybersecurity and software update considerations. Accordingly, OEMs and suppliers must work closely together to ensure the cybersecurity of vehicles and their components
In addition, and potentially more so than before, OEMs will be required to monitor their vehicles in the field, identify potential cybersecurity or software risks, and – if necessary – provide software updates to mitigate these risks in a timely manner, e.g., in the form of voluntary service actions, a recall, or similar measures.
Four key aspects for implementing the requirements of software update management systems
To implement the requirements of the Software Update Management System (SUMS), the following activities are essential:
- Goals and specifications in governance should be created or expanded to enable the planning and operation of a software update management system and to make it implementable and monitorable through audits.
- Derived from these goals, the SUMS management processes have to be established. Besides implementation and auditing, it becomes crucial to identify processes for the distribution of information as well as reporting within the operating model. It is equally significant to ensure the correct execution of the SUMS and to enable continuous improvements. Another weighty aspect is also to ensure adequate traceability for vehicle type testing and approval. To ensure all this, risks in the execution of software updates as well as in the organization and infrastructure must be identified and included in risk management.
- Within the organization, this requires project-specific processes, responsibilities and roles. Moreover, it also concerns tools and technologies in control of the setup and the execution of the SUMS – especially in regards to the preparation of information for management, authorities or the technical service.
- Operationally, SUMS also includes consideration of vehicle configuration and performance requirements. In this context, the existing development and deployment processes should be reviewed to ensure, in particular, the documentation and traceability of the consideration of vehicle communication processes, the performance of systems and components, vehicle status, fault prevention, and fault control.
While these points were indispensable for the pure functionality of the vehicles before the regulations were implemented, the importance of good documentation and verifiability by the authorities or technical services must now be given the utmost attention. For this, good planning, implementation and documentation of communication with vehicle users as well as validation and verification of software updates are particularly important.
Why is the evaluation of automotive software updates so important?
Without the implementation, operation and maintenance of software update management systems, manufacturers cannot obtain type approval for software update-capable vehicles and sell them on European markets. Manufacturers and suppliers must therefore provide evidence that the requirements for the vehicle and components are implemented in accordance with the UN-Regulation.
An efficient and systematic assessment by an independent third party is necessary to determine a manufacturer’s level of compliance with UN-Regulation 156 and the ISO 24089 standard.
Magility can help your company implement these regulations. Based on our experience, we provide regulation-focused and value-based consulting to all of our clients. If you are interested in our consulting services, we look forward to hearing from you. Or follow us on LinkedIn to never miss any news.