Skip to content
SynergyBit
Other compliance

UN R155 – vehicle cybersecurity (CSMS)

Establish a vehicle cyber security management system per UN R155 and ISO/SAE 21434.

UN Regulation No. 155 (UNECE WP.29) introduces mandatory cybersecurity for vehicles. Manufacturers must have a Cyber Security Management System (CSMS) covering the whole vehicle lifecycle – otherwise they cannot obtain type approval.

We help vehicle manufacturers and component suppliers establish a CSMS: we set up threat analysis and risk assessment (TARA), lifecycle processes, supplier management and monitoring – in line with ISO/SAE 21434 – and prepare you for the type approval audit.

What you get

Cyber Security Management System (CSMS)

Implementing cybersecurity management processes covering vehicle development, production and operation per UN R155.

Threat analysis and risk assessment (TARA)

Performing TARA at the vehicle and component level and designing the corresponding countermeasures.

ISO/SAE 21434 alignment

Linking the CSMS to ISO/SAE 21434 and managing cybersecurity across the supply chain.

Monitoring and audit readiness

Post-market threat and incident monitoring and preparing the evidence for type approval.

How it works

  1. 01

    Assessment and TARA

    We map the state, perform a threat analysis and risk assessment and identify gaps against UN R155.

  2. 02

    CSMS implementation

    We build the processes, documentation and supplier management per UN R155 and ISO/SAE 21434.

  3. 03

    Approval preparation

    We prepare you for the CSMS audit and the evidence for vehicle type approval.

Outcomes for you

  • A working CSMS per UN R155
  • A completed threat analysis and risk assessment (TARA)
  • Alignment with ISO/SAE 21434
  • Readiness for the audit and type approval

Frequently asked questions

Who does UN R155 apply to?
Vehicle manufacturers and their suppliers in UNECE markets (including the EU). In the EU, a CSMS per UN R155 is a condition for type approval – for new types since 2022 and for all newly produced vehicles since July 2024.
How does UN R155 relate to ISO/SAE 21434?
UN R155 sets the obligation to have a CSMS; ISO/SAE 21434 provides the engineering framework for handling vehicle cybersecurity in practice. They are usually implemented together – we help with both.
Do you also cover UN R156 (software updates)?
Yes. UN R156 (Software Update Management System, SUMS) is closely related to UN R155. We can align both regulations so processes are not created twice.

Related services

Back to services

MDR – medical devices

Advisory and preparation for Regulation (EU) 2017/745 (MDR): classification, technical documentation, clinical evaluation, QMS and the path to CE marking.

Learn more

IVDR – in vitro diagnostics

Advisory and preparation for Regulation (EU) 2017/746 (IVDR): classification into classes A–D, technical documentation, performance evaluation, QMS and the path to CE marking.

Learn more

ISO 27001 – information security management

We help you implement an information security management system (ISMS) per ISO/IEC 27001 – from risk assessment to certification audit readiness.

Learn more

Start with CRA before the deadline catches up with you

A free consultation will quickly show you where you stand and the shortest path to compliance.

Book a consultation