- The certification ‘Cybersecurity in vehicles-UNECE/R155-ESTP’ has been developed by AENOR and EUROCYBCAR. For this certification, the technology ESTP-EUROCYBCAR has proven to be vital in order to demonstrate that a vehicle is compliant to the regulation UNECE/R155.
- This European norm has been in effect since July 6, 2024, and it requires manufacturers to sell and produce vehicles that are in line with the cybersecurity requirements set by the standard. All this in order to minimize the possibility of these vehicles being cyberattacked with the aim of stealing the vehicle, spying on the driver, or even taking remote control of the vehicle to cause an accident.
- The ‘Cybersecurity in vehicles-UNECE/R155-ESTP’ certificate states that the vehicle in question minimizes the risk of suffering a cyberattack that could affect the privacy and safety of its occupants, as well as the integrity of the vehicle’s systems.
November, 2024
EUROCYBCAR and AENOR have jointly developed the ‘Cybersecurity in Vehicles-UNECE/R155-ESTP’ certificate, which demonstrates whether a vehicle – car, truck, bus, van, or motorhome – complies with the cybersecurity requirements set by the UNECE/R155 regulation, meaning it properly protects the privacy and safety of the people traveling on board.
Within this new certification process, the ESTP Technology plays a key role: an innovative modular platform created by EUROCYBCAR – a tech company based in Vitoria-Gasteiz – that enables a standardized, objective, and automated process for analyzing and evaluating the cybersecurity level of vehicles. This process applies the ESTP Methodology – proprietary to EUROCYBCAR and in the process of international patenting since 2019 – and follows the example requirements set by the UNECE/R155 regulation and ISO 21434.
Thanks to the AENOR certificate and the technical evaluation process by EUROCYBCAR, the buyer of a new vehicle will first be able to know if it complies with the European cybersecurity regulation for vehicles – UNECE/R155 – and, additionally, will be able to compare the cybersecurity levels between different vehicles. This allows them to determine which vehicle better protects their life, makes it harder to access their private data, or prevents the theft of their vehicle..
Nowadays, the cars on our roads are large computers on wheels traveling at a speed of 120 km/h all the while receiving, managing, storing, and transmitting large amounts of data generated by the vehicles themselves and any elements that make up the mobility ecosystem with which they interact – other vehicles, mobility apps and infrastructures, passengers, users, IoT devices, etc. –.
To achieve this level of connectivity, every vehicle now has at a minimum, Bluetooth, USB, Keyless, WiFi, eCall, GPS… but what could a cracker do by exploiting this technology if it is not sufficiently protected? Steal the car, infect it with a virus, activate the airbags, spy on the driver and passengers, obtain personal data stored inside, stop the engine, activate or deactivate the central locking, track the daily routes of the vehicle… It is even possible that, if the vehicle is not properly cyber-protected, through a simple action like charging a mobile phone by ‘plugging it in’ via the vehicle’s USB port, the user could be introducing a virus into the vehicle that might even stop it while driving.
Starting from July 6, and thanks to UNECE/R155 – the European cybersecurity regulation for vehicles – all of the above is less likely to happen since cars, trucks, buses, vans, and motorhomes – whether newly approved or newly manufactured – that travel on European roads, are required to implement basic cybersecurity measures that protect both the privacy and the lives of the driver and passengers.
To evaluate the vehicles, EUROCYBCAR’s ESTP Methodology conducts three types of tests: Fisical access (e.g., through the OBD, USB port, or any other physical connection), remote access (e.g., keyless system, WiFi, Bluetooth, or GPS), and APPS integrated into the vehicle or downloadable by the user onto a mobile device, allowing them to remotely control various functions such as heating, location, or the opening and closing of doors. Once this cybersecurity evaluation process carried out by EUROCYBCAR is completed, AENOR – acting as the certifying body – issues the corresponding cybersecurity certificate, which verifies compliance with the cybersecurity requirements established by UNECE/R155. This certificate also indicates the level of cybersecurity achieved by the vehicle and, therefore, whether it implements effective means and controls to minimize the risk of a cyberattack against the integrity of the vehicle’s systems, the privacy, and the safety of the people on board.
The Director of Strategic Marketing and Business Development at AENOR, Javier Mejía, stated that “the hyperconnectivity that characterizes our century has turned cybersecurity into a concern and a need shared by society as a whole. That’s why AENOR and EUROCYBCAR have joined forces to protect and build trust regarding the commitment to fight cybercrime that affects vehicle manufacturers”.
On her side, the CEO and founder of EUROCYBCAR, Azucena Hernández Palmero, stated that “for both EUROCYBCAR and AENOR, the priority is for users to know whether they are truly traveling in a vehicle that meets the mandatory cybersecurity requirements, because their privacy and, above all, their lives are at stake”.
EUROCYBCAR and AENOR, pioneers in evaluating and certificating the level of cybersecurity of vehicles, became a worldwide milestone in the year 2022.
As a consequence of the cooperation between EUROCYBCAR and AENOR, in the month of April 2022, a Spanish motorcycle became the first ever vehicle in the world to obtain the ‘Cybersecurity in Vehicles-UNECE/R155-ESTP’ certificate. This motorcycle was an electric motorcycle, the NUUK CargoPro, making the Basque Country and Spain international leaders in the field of cybersecurity applied to mobility.
After completing this international milestone, EUROCYBCAR promoted the modification of the UNECE/R155 regulation, which, at the beginning, left motorcycles out, and in September 2024, UNECE notified the decision of taking into account motorcycles, scooters, and electric bikes that exceed 25 km/h, after proving that they are as connected as other types of vehicles that were taken into account since the beginning.
●●● More information
ABOUT EUROCYBCAR
EUROCYBCAR is an innovative technology company based in Vitoria-Gasteiz that has access to the ESTP technology.an innovative modular platform, unique in the world and with an international patent, that allows identifying, evaluating, and certifying the risks that affect the cybersecurity of the vehicles, fleet management systems, the mobility apps and infrastructure, and the cybersecurity management systems (CSMS) according to UNECE/R155 and ISO 21434 using their own ESTP, the EUROCYBCAR Standard Test Protocol.
EUROCYBCAR also works on developing some educational courses on the different evaluation methodologies, current legislation, and other fields of cybersecurity applied to the automotive sector and everything that has something to do with mobility. EUROCYBCAR’s objective is working in favor of safe mobility in terms of cybersecurity..
ABOUT AENOR
AENOR contributes to the transformation of society by creating trust between different organizations and the people by means of evaluation services of conformity, formation, information, and consultancy of business transformation. AENOR is the leader entity in generating trust in Spain; over 88.000 work centers all over the world have some of the many certificates of AENOR in some fields such as quality management, sustainability, verification of non-financial information, animal welfare, security, and health at the workplace, digitalization, or compliance.
Among AENOR’s competitive advantages that set it apart from other companies are its highest brand recognition among businesses (B2B) and consumers (B2C); having its own staff, which allows it to manage accumulated knowledge for the benefit of its clients; innovating in solving new competitiveness gaps thanks to its proximity to sources of knowledge; and its geographical and sectoral reach.
AENOR is a global entity that operates in 87 countries. In Spain, it has 19 offices across all autonomous communities, with its own auditors and a permanent presence in 12 other countries, mainly in Latin America and Europe.
More información about EUROCYBCAR:
Lucía Redondo
Corporate Communications and Social Media Area
Tel.: + 34 689 315 507
comunicacion@eurocybcar.com
Link to download the press release in Word.
Link to download the press release in PDF.
Link to download a high-res picture
Link to download AENOR logo
