top of page


Mr. John Smith

Job title



Research and/or engineering questions / objective Un regulation N. 155 was adopted in June 2020 by the World Forum for the Harmonisation of Vehicle Regulations of the United Nations. Only 2 years later, in July 2022, it became mandatory for all the new type-approval of vehicles in Europe, according to the General Safety Regulation (Regulation (EU) 2019/2144). During those 2 years and until today, an extensive work has been carried out by all the stakeholders involved in the homologation process (manufacturers, technical services, type-approval authorities, …). This paper includes a series of examples of the activities carried out by IDIADA, as a Technical Service in order to align with the requirements of this Regulation. Methodology DIADA, as a Technical Service for the type approval of vehicles, designated through different Type Approval Authorities has been part of the discussions of the regulatory expert groups for more than 25 years. In addition to that, IDIADA has a vast experience in the field of braking, both in the development and validation areas. The experiences collected by IDIADA during the last years (from the initial discussions about the regulation on Cybersecurity until today) are identified, classified, and detailed in this paper. Results The experiences identified can be classified in different groups: Organizational changes: The impact of UN regulation N. 155 on the organisation of the Technical Services has been relevant. Groups of experts devoted to Cybersecurity had to be created, with a transversal responsibility also on other regulations which may also be affected by Cybersecurity requirements. Additionally, the qualification requirements of the Regulation require the interaction between different areas of knowledge, which may be internal within the company or even external. Qualification requirements: A Regulation which such specialized technical requirements within a very specific area of knowledge as cybersecurity requires the creation of new profiles within the technical Service. If, traditionally, the homologation engineers had a strong background in mechanical engineering. However, the requirements of UN Regulation N. 155 lead to new profiles, such as software engineers, telecommunication engineers, as well as experts in the assessment of management systems. Methodology requirements: Besides the complex technical requirements, UN Regulation N. 155 is also introducing new procedures to the homologation process. The requirement for a certification of the Cybersecurity Management System (or CSMS) requires a new approach from the Technical Services, traditionally focused in the evaluation of the vehicle, rather than the procedures. Timing: Regulation UN N. 155 approach requires an extended period in order to obtain the type approval of the vehicle, when compared to the traditional homologation processes. This means, consequently, that all the stakeholders involve need to be aware about that when defining the project schedule, but also that a sufficient amount of resources need to be available, as several projects may co-exist during long periods which may be extended to several months, unlike the traditional regulations, where the complete process could be completed in a matter of weeks. Limitation of this study: This paper is linked to the experiences collected by IDIADA, as a Technical Service for vehicle type approval. Experiences from other stakeholders in the process are not described in detail due to the sensitiveness of information related to cybersecurity. What does the paper offer that is new in the field in comparison to other works of the author? This paper presents a first-person approach to the reality of the type-approval process. Even if the Regulation was published together with several documents to ease the interpretation of the requirements, there are still some practical topics which require individual tailor-made solutions or adaptations from each involved stakeholder. Conclusion: Technical Services for Type-Approval have suffered a deep transformation in the last few years to be able to deal with the new regulatory challenges, especially those linked to UN Regulation N. 155. IDIADA has been involved from the very first steps of the drafting process and is currently one of the Technical Services with a highest level of activity in this field. Thus, the testimony of IDIADA represents a wide spectrum of the challenges encountered by the different stakeholders during the implementation of UN Regulation N. 155.

Mr. Carlos Lujan, Senior Project Engineer, Applus IDIADA

UN Regulation N. 155 on Vehicle Cyber-Security - Technical Service Prespective

FWC2023-CYB-015 • FISITA World Congress 2023 • Safety & cybersecurity


Sign up or login to the ICC to download this item and access the entire FISITA library.

Upgrade your ICC subscription to access all Library items.

Congratulations! Your ICC subscription gives you complete access to the FISITA Library.


Retrieving info...

Available for purchase on the FISITA Store


bottom of page