Regulation Worldview for Deploying OTA & Data Management Solutions

Connected vehicles continue to pose new challenges to automakers. Navigating regular software updates across multiple ECUs, amalgamating thousands of terabytes of fleet data each month, and executing remote commands have been made possible with over-the-air (OTA) update and data management solutions like those powered by Sibros. The next roadblock for OEMs is achieving compliance with the myriad of different international regulations. 

Regulations for connected vehicles fall into four general categories:

1. Cybersecurity 
2. Data Management
3. Software Management (Operations)
4. Functional Safety

Most of these categories have some form of overlap. For instance, many data protection regulations contain relevant cybersecurity measures, while the functional safety of a vehicle during and after an OTA update requires defense mechanisms to prevent hacking and unauthorized update deployment. Although the essence of these standards is universal—to provide comprehensive safety and security—many countries have their own unique approach. Below we have highlighted some of the major automotive markets of the world and their respective regulations. 

As you can see, some types of regulations have not been adopted on a countrywide level, but might be required by certain regions or industries. For example, the United States does not have comprehensive data privacy laws, however certain states, such as California have enacted their own policies. Another example is ASPICE, which outlines best practices for automotive software development and integration. At this point, ASPICE has not been adopted as an international industry standard. It is, however, an expectation for many suppliers wishing to work with automakers across the globe. Similarly, TISAX is an information security management regulation required for any member of the German automotive supply chain. This includes Tier 1 and Tier 2 suppliers, regardless of whether they are based in Germany. 

While most countries have some form of data protection law in place, GDPR is the most widely adopted. This standard is not exclusive to the automotive market and as such many non-EU countries are working towards “Granted Adequacy” to avoid disruptions in business with EU nations and GDPR signatories.  

UNECE WP.29 regulations are the first of their kind and specific to the automotive industry. They have served as the basis for similar regulations across the globe, including China’s cybersecurity and software management regulations. To learn more about WP.29 and how R155 and R156 are impacting OEMs around the world, please download our white paper. 

As you can see, all the countries on our list are Member Bodies of the International Organization of Standardization (ISO/SAE). This is a non-governmental group of national standard bodies that work together to create international standards for everything from data privacy to functional safety and operational procedures. Each country has only one ISO “member” that encourages the propagation and adoption of standards within the country and contributes to new standard development. Although ISO standards are not necessarily enforced on a government level, compliance with relevant standards, especially those pertaining to functional safety, is pretty much expected within the automotive industry. 

The good news is automakers don’t have to drive down this complicated road of compliance alone. To learn more about how Sibros can power your connected fleet with an internationally compliant OTA update and data management solution, contact us today.