AUTOCRYPT, a leading automotive cybersecurity solutions provider, announced that the company’s automotive software testing tool, AutoCrypt CSTP Fuzzer, successfully received the Amazon Web Services (AWS) Foundational Technical Review (FTR) validation, enabling the solution to earn Partner Software Path Certification. The FTR is a rigorous technical assessment conducted by AWS to ensure that solutions meet best practices in areas such as security, reliability, and operational compliance. This achievement lays the groundwork for offering the solution in a cloud-based Software as a Service (SaaS) format.
The AutoCrypt CSTP Fuzzer solution is a key component of the AUTOCRYPT’s Cybersecurity Testing Platform (CSTP), a security diagnostic tool that leverages fuzzing techniques to automatically detect and analyze potential vulnerabilities around vehicle communications. By passing the AWS FTR validation process, the solution has demonstrated compliance with AWS standards for Security, Reliability and Operational Excellence.
Strengthening Global Presence with AWS Integration
Through listing the solution on the AWS Marketplace, AUTOCRYPT anticipates expanded opportunities to serve international markets by making it easier for customers to access its authorized software solutions. With the solution accessible through virtual Windows environments based on AmazonWorkSpaces,a fully managed desktop computing service, users can perform security testing and proof-of-concept (PoC) activities in a SaaS environmentwithout complex installation or hardware setup.
Cybersecurity Mandates Fuel Demand for SaaS solutions
With automotive cybersecurity regulations set to become mandatory by 2028 for most vehicles sold globally — and the Cyber Resilience Act (CRA) extending security requirements across all digitally connected industries — demand for cloud-based SaaS solutions have emerged as a strategic choice for stakeholders seeking to balance development efficiency and regulatory compliance.
In response to these shifts, AUTOCRYPT is pursuing broader cloud-based deployment of its automotive cybersecurity solutions, starting with the launch of AWS-certified SaaS products. This supports the company’s long-term strategy to scale its SaaS business model, diversify revenue streams, and accelerate international growth.
Founder and CEO, Seokwoo Lee said, “This marks a significant milestone for Autocrypt as it validates the reliability of our technology within the cloud ecosystem. With the global SaaS market projected to reach USD 370 billion, and the automotive software market estimated at USD 600 trillion by 2030, we are committed to reinforcing our global footprint by positioning cloud-based security solutions as a key pillar of future growth.”
AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. Its comprehensive suite of automotive cybersecurity testing services and platforms includes the award-winning AutoCrypt CSTP, which supports automotive OEMs and suppliers in meeting regulatory standards ilke ISO/SAE 21434, UNECE WP.29 UN R155, as well as other emerging global standards.
As we enter an era increasingly populated by highly autonomous vehicles, there is a vast range of dynamic driving scenarios that Automated Driving Systems (ADS) may encounter. From hazardous environmental conditions to internal system failures and external cybersecurity risks, ensuring ADS safety across diverse operating situations is essential for enabling safe autonomous driving experiences.
The recent release of “ISO 34505: 2025”underscores this need by providing a structured framework for generating, evaluating and managing test scenarios that reflect real world driving conditions. By standardizing how test scenarios should be defined and tested, the initiative aims to enable consistent, repeatable validation practices across the industry and thereby support development of robust ADS provision.
As autonomous systems grow more complex, the need for robust, scalable validation practices become increasingly critical. In response, an integrated approach — combining regulatory audits, system-level testing and adversarial simulations — provides OEMs and Tier 1 suppliers a structured path for both vehicle safety and regulatory compliance. Focusing on cybersecurity, this blog outlines the key components and methodologies of ADS Validation, and demonstrates how an integrated approach can be effectively executed.
Automated Driving System (ADS) Validation: Approach & Methodology
According to “SAE J3016: 2021”, Autonomous Driving System (ADS) refer to thecollective technology stack responsible for performing dynamic driving tasks (DDT) at SAE Level3 and above. With the system taking full responsibility for autonomous decision-making and vehicle control, validating ADS safety calls for identifying diverse validation targets and a multidisciplinary process for executing them.
The first pillar, Functional Performance, focuses on ensuring theembedded vehicle system behaves as expected across a full range ofdriving conditions — particularly under abnormal scenarios such as complex environments or sensor limitations.In alignment with the“ISO 34505: 2025” standard, which outlines scenario-based ADS testing, this pillarevaluates system capabilities in perception, decision making and control execution under realistic conditions.
The second pillar,Internal System Reliability, addresses resilience against system-levelfaults. This includes the inspection offault detection mechanisms, hardware failure mitigation strategies, and adherence withAutomotive Safety Integrity Level (ASIL) grades. Relevant to the “ISO 26262: 2018” standard defining the framework around electrical/electronic (E/E) system failures, this pillar assesses the system’s ability to maintain safety in the presence of internal malfunctions.
The third factor, External Cybersecurity Resilience, evaluates the system’s tolerance against external cybersecurity threats. Verification over secure communication and data integrityunder potential attackssuch as vehicle hacking, spoofing and denial-of-service (DoS)) is a key objective of this pillar. Associated with the “ISO/SAE 21434: 2021” standard illustrating cybersecurity risk management for vehicle E/E systems across the lifecycle, this phase assesses the system’s ability to proactivelymitigate attack vectors targeting sensors, ECUs and OTA updates.
II. Techniques
While various techniques exist to evaluate functional performance, system reliabilityand external attack resilience, this blog focuses on three core cybersecurity validation methods — Compliance Auditing, Software-in-the-Loop (SiL) Module Testing, Hardware-in-the-Loop (HiL) Penetration Testing — to better illustrate the differences across diverse validation approaches.
The first technique, Compliance Auditing, focuses on verifying whether development practices and system architectures align with established safety and cybersecurity regulations (e.g. ISO/SAE 21434, UN R155). This method is widely used by OEMs and Tier 1 suppliersto conduct gap analyses during early-development stages or in preparation for CSMS Certification audits, to check whether internal processes conform to regulatory requirements.
AutoCrypt CSTP Complianceserves as a representative tool to accommodate these needs by validating vehicle vulnerabilities on a unified platform. It supports multiple testing domains including Security Validation, Functional Testing, Penetration Testing, Fuzz Testing and Vulnerability Testing and consolidates results into a comprehensive reportsuitable for regulatory submission.By combining testing execution and documentation, it reduces redundant tasks and streamlines the compliance process.
Another key validation technique is Software-in-the-Loop (SiL) Module Testing, which assesses robustness of embedded security components in virtualized test environments before hardware integration. Commonly applied to TEE (Trusted Execution Environment) based key management testing and V2X certificate handling simulation, this technique enables rapid iteration and early validation of security logic in controlled conditions, before advancing to high-cost hardware testing.
In accordance with these needs, the AutoCrypt CSTP Functional Tester validates hardware-dependent security functions using virtual ECU models in a Software-in-the-Loop (SiL) environment. By integrating communication interfaces, debugging tools, ECU source code and test code, this solution facilitates early detection of design flaws and integration issues well before mass production.
Another core testing approach is Hardware-in-the-Loop (HiL) Penetration Testing,which evaluates cybersecurity resilience of physical ECUs by simulating real-world attack vectors in controlled HiL testing environments. Often applied for in-vehicle network fuzz testing and Telematics Control Units (TCUs) penetration testing, this technique identifies system vulnerabilities under actual runtime configurations, moving beyond theoretical scenarios.
Serving this purpose, the AutoCrypt CSTP Fuzzer solution actively injects malformed, unexpected inputs into in-vehicle networks to test ECU-level resistance to cyber intrusions. Coveringa broad spectrum of communication layers including theNetwork Layer (e.g. CAN, CAN-FD, Automotive Ethernet), Application Layer (e.g. UDSonCAN, UDSonCAN-FD) and Transport/Data Layer (e.g. VehicleCAN, VehicleCAN-FD), the tool enablesprecise testing of vehicle systems under a wide range of adversarial conditions.
Effective ADS Validation through an Integrated Approach
With a wide range of checkpoints to address and multiple techniques available, establishing a cohesive and effective strategy for ADS validation is essential. To meet this need, a structured progression — fromCompliance Auditing to Software-in-the loop Testing and finally to Penetration Testing — offers a practical pathway for comprehensive and efficient ADS validation.
At the first stage, Compliance Auditingdefines the baseline and sets the strategic direction through regulatory compliance and process control.
Next, software design implementation and testing activities are supported through Software-in-the-Loop (SiL) Module Testing, which enables validation before hardware integration.
Lastly, Hardware-in-the-Loop (HiL) Penetration Testing technique can be utilized to observe real-world cybersecurity readiness under adversarial conditions.
This layered approach demonstrates how each phase builds upon and reinforces the next, enabling a robust and scalable validation framework.
With AUTOCRYPT being an authorized Vehicle Type Approval (VTA) Technical Service (TS) Provider , the firm is uniquely positioned to integrate diverse testing techniques and facilitate comprehensive ADS validation through the AutoCrypt CSTP Platform. From the AutoCrypt CSTP Compliance, which ensures design-level safety, to the AutoCrypt CTSP Functional Tester, which verifies correct functional behavior and the AutoCrypt CSTP Fuzzer able to test attack resilience, the platform enables a unified security analysis by consolidating all validation layers into a single, integrated platform.
Supporting a streamlined process for Vehicle Type Approval fromADS validation to export of results into compliance documents (e.g. TARA Report, Cybersecurity Test Report), the whole approval process can be effectively managed.
To learn more about the Autocrypt CSTP platform, check this page. For more information about our comprehensive suite of our automotive products & offerings, check this page.
AUTOCRYPT, a leading global provider of automotive software and cybersecurity solutions, announced its official listing on the KOSDAQ market of the Korean Exchange (KRX) on July 15th, 2025. The listing is expected to enhance AUTOCRYPT’s global visibility, secure growth capital andstrengthen trust with global industry leaders.
Founded in 2019, AUTOCRYPT has rapidly expanded its global footprint, establishing partnerships with 21 leading automotive OEMs. The company provides end-to-end securityfor both in-vehicle and external communications, and is expanding into adjacent sectors such as agricultural equipment, construction machinery and robotics, in line with the Cyber Resilience Act (CRA), which mandates cybersecurityfor all digitally connected products.
A total of KRW 5.41 trillion (approximately USD 3.9 billion) in margin deposits were pledged by retail investors to participate in the initial public offering. Meanwhile 2,403 institutions took part in the demand forecast, resulting in an oversubscription ratio of 995 to 1.The final offering price was set at KRW 22,000 (USD 16), the upper limit of the initial price range.
Seokwoo Lee, Founder and CEO of AUTOCRYPT, expressed appreciation for the strong investor interest, stating “The market’s response reflects confidence in our proprietary technology and long-term vision. We will continue to invest in research and development, while deepening collaboration withglobal partners.” He added, “As regulatory demands grow and software-defined vehicles (SDVs) become more prevalent, we are expanding our lineup of cybersecurity tools to better support customers navigating the evolving mobility landscape.”
In H2 of 2025 the company plans on expanding its global pipeline and solidify its position as a global leader in automotive cybersecurity through the execution of international projects and strategic partnerships.
About Autocrypt Co., Ltd.
AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. Its comprehensive suite of automotive cybersecurity testing services and platforms includes the award-winning AutoCrypt CSTP, which supports automotive OEMs and suppliers in meeting regulatory standards ilke ISO/SAE 21434, UNECE WP.29 UN R155, as well as other emerging global standards.
Building on our previous post examining the industry’s transition from SAE Level 2 to Level 3 autonomy, this article revisits the topic in light of regulatory and commercial developments around autonomous driving. Our earlier analysis found that the slow progession toward Level 3 autonomy has been driven more by regulatory uncertainty than by technological limitations. Due to ongoing legalbottlenecks, we observed that OEMs introduced Level 2+ systems but remain hesitant to classify them as Level 3, primarily because of unresolved concerns around legal responsibility and risk management.
Since then, the regulatory and commercial landscape for autonomous driving has continued to evolve. This article highlights how recent policy shifts have accelerated Level 3+ deployment and testing efforts, while also examining the growing importance of open-source software in enabling software-defined vehicle (SDV) development. As SDVs grow more complex — both technically and in terms of regulatory oversight — it has become essential for OEMs and Tier 1 suppliers to stay aligned with ongoing developments and adapt their cybersecurity practices accordingly.
Bridging Regulation and Deployment in Autonomous Driving
As commercial interest in Level 3+ autonomy grows, regulatory developments have played a pivotal role in shaping a more stable legal environment for innovation. Both globally and regionally, recent updates have provided clearer guidelines for deployment, liability, and compliance. Among the most impactful are the ongoing amendment series to UNECE Regulation No. 157 on Automated Lane Keeping Systems (ALKS) and the introduction of UNECE Regulation No. 171 on Driver Control Assistance Systems (DCAS).
Global Regulatory Progress in Autonomous Driving
The UNECE Regulation No.157 on Automated Lane Keeping Systems (ALKS)was first adopted by the World Forum for Harmonization of Vehicle Regulations (WP.29) in January 2021 to govern SAE Level 3 conditional automation. Since enforcement began in January 2023, successive amendments introduced from 2022 onward have significantly clarified the operational behavior, system safety, and failsafe protocols required for real-world applications.
In parallel with ALKS, UNECE Regulation No.171 on Driver Control Assistance Systems (DCAS) established safety requirements for SAE Level 2 driver assistance features, including lane keeping and traffic jam assist. The regulation emphasizes stricter standards for driver engagement, monitoring systems and interface transparency. Together, these two frameworks — covering foundational technologies like ALKS and DCAS — have strengthened the regulatory pathway towards higher levels of autonomy by mandating provisions for cybersecurity, performance validation and over-the-air (OTA) updates.
Regional Regulatory Advances around Autonomous Vehicles
At the regional level, China and Germany have taken leading roles in building regulatory frameworks forautonomous vehicles, while the United States and South Korea have also made notable progress in deployment and certification efforts.
China introduced a clear commercialization pathway for OEMs targeting Level 2-4 autonomy through its national pilot program, announced in November 2023. By focusing on seamless integration between vehicles, infrastructure and cloud platforms — leveraging technologies such as Cellular Vehicle-to-Everything (C‑V2X), edge computing, and signal systems — the initiative has ensured pilot zone vehicles are equipped for safe and standardized evaluation.
Through this initiative, Chinese OEMs have made significant progress, launching their own branded ADAS platforms — DiPilot (BYD) and G-Pilot (Zeekr) — in early 2025. BYD became the first Chinese automaker to obtain a conditional Level 3 testing license in July 2023 and has since introduced Level 4 autonomous parking capabilities through its DiPilot ADAS platform. By June 2025, nine manufacturers, including Nio, Changan Automobile, and GAC, had completed preparations for public road testing of Level 3-capable vehicles.
Germany has also emerged as a regulatory leader, particularly through the Autonomous Vehicles Approval and Operation Ordinance (AFGBV) which governs the approval, registration and operation of SAE Level 4 autonomous vehicles. While the ordinance was adopted in May 2022 and came into effect in July 2022, detailed implementation guidelines published in 2024 clarified practical procedures for public transportation authorities. These documents have provided essential guidance to municipalities, transit operators and OEMs, helping shape a consistent framework for the long-term deployment of autonomous fleets.
Guideline for Operational Area Approval: Framework for municipalities and OEMs to define, assess, authorize public road areas for autonomous vehicle operation
These regulatory advances have enabled OEMs such as BMW and Mercedes-Benz to integrate automation software into their vehicle portfolios. In June 2024, BMW introduced both Level 2 (‘BMW Highway Assistant’) and Level 3 (‘BMW Personal Pilot’) systems in its 7 Series lineup, offering highway automation and conditional driver delegation capabilities. In December 2024, Mercedes-Benz received approval to increase the operating speed of its DRIVE PILOT system to 95km/h and became the first automaker in Germany authorized to use special marker lights indicating automated driving mode.
These national and international efforts collectively signal a growing global alignment in regulatory strategy and commercial deployment readiness. Structured permit systems and clearly defined liability frameworks have provided OEMs with the flexibility to develop, certify, and scale Level 3+ autonomous vehicles — a momentum that is likely to accelerate further in the coming years.
Open-Source SDV: Software-Driven Collaboration
As the path to commercial autonomy becomes clearer, attention is increasingly turning to the software foundations that enable it to scale — particularly open-source software defined vehicle (SDV) projects. This shift is being shaped by the growing convergence of autonomous vehicles (AVs) and SDVs, where AVs increasingly rely on SDV architecture for modularity, real-time updates, and system integration. Open-source platforms are emerging as critical enablers of this transition by supporting scalable and collaborative development.
SDV platforms provide the technical backbone for scalable autonomy by enabling modular design, continuous over-the-air (OTA) updates, and real-time system integration. These capabilities, when delivered through accessible and interoperable open-source solutions, help overcome the fragmentation and integration challenges that often hinder large-scale AV deployment.
A key example of this trend is the S-CORE Project, announced in June 2025. Backed by key industry players like Bosch, QNX and Mercedes-Benz, the initiative aims to build the first open-source core stack for SDVs. The core stack is designed to standardize the middleware layer between the operating system and higher-level vehicle applications, with an emphasis on functional safety. Aligned with global regulatory standards such as ISO 26262 (functional safety), ISO/SAE 21434 (cybersecurity), and UN Regulation No. 156 (OTA Updates), the framework is OEM-agnostic and modular by design — supporting deployment across a wide range of vehicle platforms.
While it builds on a growing legacy of open-source automotive projects such as Autoware — of which AUTOCRYPT is a participating member focused on addressing security risks in real-world vehicle software — the S-CORE Project represents a meaningful shift. It moves focus from application-specific tools (e.g., AV stacks, ADAS platforms) toward foundational, certifiable infrastructure designed to support mass production of SDVs. Positioned as a “core runtime environment” for software-defined vehicles, S-CORE aims to bridge the gap between low-level system layers and OEM-specific applications, creating more room for OEMs and Tier 1 suppliers to collaborate on shared infrastructure.
Further open-source projects around software-defined vehicles are expected to emerge in the future due to economic and strategic industry alignment. With the complexity of software-defined vehicles (SDVs) increasing, it has become less viable for individual OEMs and/or suppliers to build and maintain fully proprietary software stacks. Open-source core frameworks like the S-CORE project aim to address this challenge by providing a standardized, resuable foundation which could allow companies to redirect resources toward value-added differentiation (UX, apps, mobility features).
Alignment with global regulatory standards has further elevated the role of open-source software. Standards such as UNECE R156 and R157, ISO 24089, ISO/SAE 21434 emphasize the need for secure, traceable, updateable vehicle software, better done transparently through building on open-source environments. In short, open-source projects offer a flexible and accountable framework, helping stakeholders align with evolving requirements more efficiently.
Future Implications
Regulatory and commercial developments across Levels 2 to 4 autonomy continue to mature, creating new opportunities for OEMs and Tier 1 suppliers, while steadily enhancing the autonomous driving experience for end users. This transformation is no longer confined to national borders, as open-source initiatives gain traction, driven by economic and regulatory imperatives.
As autonomous driving environments expand, so do the associated attack surfaces — from internal vehicle systems to connected external infrastructure. This underscores the growing need for continuous cybersecurity validation, including threat modeling, real-time risk monitoring and regulatory gap analysis. Positioned at the intersection of software-defined vehicle (SDV) innovation and autonomous vehicle (AV) safety,Autocrypt remains committed to supporting OEMs and Tier 1 suppliers in scaling innovation without compromising cybersecurity.
To learn more about the Autocrypt’sproducts and offerings, click here. Read our blog or subscribe to AUTOCRYPT’s newslettersfor more technology insights.
As autonomous, connected vehicles evolve, so do risks associated with cybersecurity and software update management. Maintaining public safety being a top regulatory priority, certain regions like the European Union have introduced stringent compliance requirements for vehicle manufacturers and suppliers. Most notably, the UNECE Regulation No. 155and UNECE Regulation No. 156now mandate that automotive stakeholders demonstrate their ability to manage cyber risks and ensure secure software update processes.
To meet these legally binding requirements, industry players increasingly turn to internationally recognized standards such as ISO/SAE 21434 and ISO 24089 that delineate technical implementation measures. This blog post explores how ISO standards help translate UNECE requirements into actionable steps – focusing on the relationship between UN R155, UN R156 and technicalstandards, ISO/SAE 21434 and ISO 24089.
UN R155, UN R156 Regulation
As the name denotes, the UN R155, UN R156 “regulations” are legally binding requirements developed by UNECE WP.29, defining what must be done for vehicle type approval for passenger cars (M category), commercial vehicles (N category) and certain trailers (O category).
The foundational requirements for UN R155 and UN R156 differ based on their primary objectives. Under UN R155, vehicles with networked electronic components are required to establish a Cybersecurity Management System (CSMS), an organizational-level risk-management framework designed to maintain vehicle cybersecurity throughout the lifecycle. In contrast, UN R156 mandates the implementation of Software Update Management System (SUMS) for vehicles capable of receiving software updates, ensuring updates are secure, traceable and properly managed.
While these regulations give guidance on what to do, how to execute the guidelines is not provided, which is where technical standards like ISO/SAE 21434 and ISO 24089 come into play as implementation blueprints.
ISO/SAE 21434, ISO 24089 Standard
Unlike “regulations,” ISO/SAE 21434 and ISO 24089 are voluntary “standards” developed by ISO and SAE working groups. While not legally binding, they are widely adopted as technical frameworks to demonstrate compliance with UNECE requirements.
ISO/SAE 21434 focuses on managing cybersecurity risks across the vehicle lifecycle, detailing methods for identifying, evaluating and mitigating threats. Aligned with UN R155 which mandates the establishment of a Cybersecurity Management System (CSMS), the standard outlines core system capabilities, including governance, resource management and organizational responsibility. While the UN R155 regulation defines what must be established for vehicle cybersecurity, the ISO/SAE 21434 standard provides the framework for how to implement it.
Similarly, the ISO 24089 standard centers on the secure management of software updates, ensuring both functional performance and cybersecurity integrity are maintained. Following the mandate of UN R156 to establish a Software Update Management System (SUMS), the standard illustrates methods for software configuration tracking, secure update delivery, and validated installation procedures. Parallel to the relationship between UN R155 and ISO 21434, the UN R156 regulation defines what components are required for secure software updates, while the ISO 24089 standard outlines how to structure it.
Mapping ISO Standards to Cybersecurity and Software Update Requirements
Although ISO/SAE 21434 and ISO 24089 were not legally derived from UN R155 and UN R156, they share a common foundation. Both the standards and regulations emerged from the same regulatory push to mitigate cybersecurity threats associated with increasingly software-driven vehicles, which explains their current alignment. However, due to natural overlaps betweencybersecurityand software update management, it would be an oversimplification to claim thatISO/SAE 21434 solely supports UN R155, orvice-versa.
ISO/SAE 21434 Support forUN R156
While ISO/SAE 21434 is not specifically a software update standard, it addresses cybersecurity considerations that arise in software update processes, particularly where secure deployment and threat mitigation intersect. This can be observed in ‘Clause 13. Operations and maintenance’ which covers cybersecurity activities during vehicle operation, including incident response, vulnerability monitoring, and post-production software updates. In this way, ISO/SAE 21434 partially supports components of a Software Update Management System (SUMS) relevant to UN R156, while primarily serving the requirements of UN R155.
ISO 24089 Support for UN R155
Similarly, ISO 24089, though not a cybersecurity standard, acknowledges the critical role of cybersecurity in software update workflows. For example, ‘Clause 5. Project level’ outlines roles, responsibilities, and planning processes that overlap with Cybersecurity Management System (CSMS) framework principles. As such, ISO 24089 partially supports operational requirements of the Cybersecurity Management System (CSMS) aligned with UN R155, and cannot be viewed in isolation from cybersecurity needs.
Taken together, while ISO/SAE 21434 is closely aligned with UN R155 for cybersecurity control and ISO 24089 with UN R156 for software updates, the distinction between the two is not clear-cut. Given the interconnected nature of both domains, areas of overlap exist where the two standards work in tandem to support shared regulatory objectives.
Streamlining Automotive Compliance
While the range of standards and regulations in automotive cybersecurity may seem complex, understanding how they interconnect allows stakeholders to navigate compliance with greater clarity and control.
AUTOCRYPT’s suite of in-vehicle cybersecurity solutions covering testing and consulting services is designed to align with the requirements of UN R155 and UN R156 and technical guidelines set by ISO/SAE 21434 and ISO 24089 standards. Supporting secure software update processes and cybersecurity control across the vehicle’s lifecycle, our services are positioned to help simplify compliance and improve informed decision-making.
Visit ourUNECE WP.29 Consulting page to learn more about how OEMs and Tier suppliers can control cybersecurity measures for vehicle type approval.
To contact our team about how your company can get started, contact global@autocrypt.io.
As consumer attitudes shift in favor of intelligent, software-powered vehicles,there has been a rapid global commercialization of mobility transportation services developed by mobility platform operators. Several autonomous mobility services have emerged, each with their distinct technological, regulatory, and economic profiles.
Among these services, robotaxi commercialization is proceedingfaster than that of other autonomous mobility servicesdue to a convergence of regulatory flexibility, scalable profitability models, and accelerated technological innovation. This momentum is further fueled by growing public expectations that robotaxis will emerge as a mainstream urban mobility solution, offering a cost-effective alternative to both traditional taxis and privately owned vehicles.
At the same time, cybersecurity concerns have surfaced around autonomous robotaxi fleets, as a single vulnerability could potentially impact multiple vehicles and pose serious risks to public safety.This article aims to showcase the current status surrounding robotaxi commercialization and emphasize theimportance of maintainingsafe cybersecurity measures as robotaxis permeate more into everyday life.
Robotaxi Service Development by Region
Across the robotaxi ecosystem, service development among mobility providers spans multiplestages ranging from trials and pilots to commercial operationsand mass deployment.Regional regulatory environments have been playing a critical role in shaping business strategies, with service providers typically expanding globally following proven success in their domestic markets.
Among the more regulatory-open regions areChina, Dubai, Abu Dhabi and the United States, where governments have actively introduceddedicated frameworks and launched national initiatives to support the commercialization of autonomous robotaxis. Companies such as Baidu, Pony.ai and WeRide have expanded their presence in these markets through strategic partnerships with local taxi operators and public agencies.
Meanwhile, countries such as Japan and South Korea have adopted a more measured approach to autonomous driving regulation, with services providers such as Avride, TIER IV and Motional conducting pilot programsin designated areas as they work toward full-scale commercialization.
Global Robotaxi Commercialization Trends
Observing the activities of global robotaxi service providers across key cities, several emerging patterns in commercialization efforts can be derived.
First, major operators are actively expanding into the United Arab Emirates (UAE), signaling the region’s growing openness to autonomous mobility. WeRide and Uber launched their first international robotaxi service in Abu Dhabi in December 2024, and extended their partnership to Dubai in April 2025, with the goal of integrating robotaxis into the city’s transportation network. Baidu has also partnered with UAE-based Autogo, targeting the start of commercial operations in Abu Dhabi by 2026, with pilot trials expected in Dubai within 2025.
Second, the global autonomous vehicle industry is increasingly defined by a two-track development model – China emerging as a leading hub for commercial deployment, and the United States serving as a focal point for research and development. AutoX, headquartered in San Jose, California, launched its Level 4 driverless robotaxi service to the public in Shenzhen, China in 2021. Similarly, Pony.ai operates dual headquarters in the US and China, with large-scale robotaxi fleets running in cities like Beijing and Guangzhou, whilepilot programs continue in California cities such as Fremont and Irvine.
Third, US-based companies aresteadily expanding robotaxi operations across state lines, navigating a fragmented regulatory landscape in the absence of a unified regulatory framework. As of May 2025, Waymo provides over 250,000 paid driverless rides per week across cities including San Francisco, Los Angeles, Austin, Phoenix and Austin, with plans to enter new markets such as Atlanta, Miami and Washington, D.C. by 2026. Meanwhile, Tesla is preparing to launch its robotaxi service in Austin in June 2025, with expectations that the serviceexpand to additional cities once operational stability is achieved.
Cybersecurity Concerns around Robotaxis
While autonomous robotaxis hold significant promise for improving urban mobility through enhanced convenience and accessibility, cybersecurity risks remain a critical concern. Although no confirmed cases of malicious hacking specifically targeting autonomous robotaxis have been reported to date, incidents involving software malfunctions have nonetheless heightened public unease around the reliability of these systems.
This growing apprehension is reflected in the ‘Electric Vehicle Intelligence Report (EVIR) 2025 May Edition’ where 71% of respondents showed reluctance to riding a robotaxi. Among the key concerns regarding robotaxi rides, 28% of respondents cited safety issues related to robotaxi use, while 18% expressed worry about over-reliance on sensors.
Unlike privately owned autonomous vehicles, cyberthreats to robotaxis carry heavy significance as a vulnerability in one model or system could potentially affect the city-wide transportation systems connected with internal and external data streams. As these services scale, it becomes vital to implement robust, end-to-end cybersecurity measures to ensure the safety of the vehicles, passengers and ultimately the entire mobility ecosystem.
Autocrypt’s Technical Expertise
Through a multi-layered approach that integrates advanced technologies, regulatory compliance, and industry collaboration, Autocrypt is well positioned to address the cybersecurity challenges associated with public mobility services.
With solutions spanning the entire autonomous ecosystem – from securing V2X communication security with AutoCrypt V2X, to safe-guarding in-vehicle security systems through AutoCrypt IVS, and overseeing operational data from AutoCrypt FMS – potential risks around mobility services can be prevented beforehand, enhancing the overall safety of connected mobility environments.
As the rapid advancement of robotaxi services marks a pivotal step toward the integration of autonomous vehicles into mainstream mobility networks, it is critical to raise cybersecurity awareness and implement preventive safeguards. Doing so will be essential to ensuring public trust and unlocking the full potential of autonomous mobility.
To learn more about the latest news on mobility tech and software-defined vehicles, read ourblog for more technology insights or subscribe to AUTOCRYPT’s monthly newsletter.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
