The rapid progress of technology and digitalisation in the automobile industry has brought with it a number of advantages as well as new challenges, particularly in cybersecurity. Constant development and the integration of new technology has meant that vehicles are ever more dependent on sophisticated electronics and software systems. These, unfortunately, are ever more vulnerable to cybernetic attacks that threaten their security.

In response to these growing fears, the United Nations Economic Commission for Europe (UNECE) adopted two important directives on ensuring the security of connected vehicles*: UN Regulation no. 155 and no. 156. The adoption of these regulations represents a major advance in ensuring the security of connected vehicles and their systems. These regulations provide a comprehensive framework for the protection of connected vehicles from cybernetic attacks while supporting the safe use of those vehicles.

These regulations stipulate minimum requirements for cybersecurity.

A further important benefit of these regulations is the harmonisation of cybersecurity standards worldwide. With the growing globalisation of the automobile industry, it is essential that cybersecurity standards are consistent and generally accepted. The adoption of these regulations ensures a level playing field for all automobile producers, ensuring that the same standards are applied to all vehicles irrespective of where they are produced or sold.

! From July 2022 compliance with these regulations is mandatory for new types of vehicles. (Producers who fail to meet the criteria may not be allowed to register the relevant vehicle types). !

! From July 2024 the regulations will apply to all new vehicles. !

Overall, the regulations must be introduced in four areas:

  • cybernetic risk management for vehicles
  • vehicle protection according to the “security-by-design” approach with the goal of reducing risk in the whole of the value chain
  • detection of and defence against attacks in all vehicles
  • provision of software security updates and introduction of legal basis for online software updates (OTA updates)

Both regulations apply to passenger vehicles, vans, goods vehicles and buses if they are equipped with automated driving functions. This category also includes new types of automated chassis, shuttle vehicles or comparable vehicles. The regulations additionally apply to trailers that contain at least one electronic driving unit.

*connected vehicle = vehicles capable of two-way communication with other systems outside the vehicle (innovative assistance systems, partially autonomous driving …)


Ing. Lenka Mariánková

Ing. Lenka Mariánková

Product Manager

Technical specialist

Ing. Michal Hager

Ing. Michal Hager

Head of Cyber Security Department

Poptávkový formulář - detail produktu EN

Write to us


Maximum file size: 3MB


Why choose EZÚ?

  • EZÚ is one of the few certification bodies in the world that participates in the legislative process

  • We have a team of top experts and our own cybernetic laboratory.

  • EZÚ collaborates with CESNET.

  • We are a state body with a long history and the status of a qualified, trustworthy certification authority

  • We place considerable emphasis on the independence and impartiality of our auditors and the quality of the resulting outputs

Reasons to get certification

  • Mapping of the current state of cybersecurity and identification of suggestions for improvement.
  • Ensuring of cybersecurity and it continuous improvement.
  • Protection from major financial losses and damage to or destruction of assets.
  • Process improvement and acceleration (especially for IT services).
  • Effective use of finances to ensure cybersecurity.
  • Security of individual components of IT infrastructure (down to the level of firmware and microprocessors).
  • Security of the supply chain.