#UNR156 Archives - AUTOCRYPT

As we enter an era increasingly populated by highly autonomous vehicles, there is a vast range of dynamic driving scenarios that Automated Driving Systems (ADS) may encounter. From hazardous environmental conditions to internal system failures and external cybersecurity risks, ensuring ADS safety across diverse operating situations is essential for enabling safe autonomous driving experiences.

The recent release of “ISO 34505: 2025” underscores this need by providing a structured framework for generating, evaluating and managing test scenarios that reflect real world driving conditions. By standardizing how test scenarios should be defined and tested, the initiative aims to enable consistent, repeatable validation practices across the industry and thereby support development of robust ADS provision.

As autonomous systems grow more complex, the need for robust, scalable validation practices become increasingly critical. In response, an integrated approach — combining regulatory audits, system-level testing and adversarial simulations — provides OEMs and Tier 1 suppliers a structured path for both vehicle safety and regulatory compliance. Focusing on cybersecurity, this blog outlines the key components and methodologies of ADS Validation, and demonstrates how an integrated approach can be effectively executed.

Automated Driving System (ADS) Validation: Approach & Methodology

According to “SAE J3016: 2021”, Autonomous Driving System (ADS) refer to the collective technology stack responsible for performing dynamic driving tasks (DDT) at SAE Level 3 and above. With the system taking full responsibility for autonomous decision-making and vehicle control, validating ADS safety calls for identifying diverse validation targets and a multidisciplinary process for executing them.

I. Approach

The UNECE WP.29 Working Group emphasizes ADS Validation should be approached from multiple angles, including audit and assessment, simulation and virtual testing, real-world testing and more. Drawing on key industry whitepapers (e.g. The Autonomous Working Group, Association for Standardization of Automation and Measuring Systems, Mercedes-Benz), validation efforts can be broadly categorized into three core pillars: functional performance, internal system reliability and external cybersecurity resilience.

The first pillar, Functional Performance, focuses on ensuring the embedded vehicle system behaves as expected across a full range of driving conditions — particularly under abnormal scenarios such as complex environments or sensor limitations. In alignment with the “ISO 34505: 2025” standard, which outlines scenario-based ADS testing, this pillar evaluates system capabilities in perception, decision making and control execution under realistic conditions.

The second pillar, Internal System Reliability, addresses resilience against system-level faults. This includes the inspection of fault detection mechanisms, hardware failure mitigation strategies, and adherence with Automotive Safety Integrity Level (ASIL) grades. Relevant to the “ISO 26262: 2018” standard defining the framework around electrical/electronic (E/E) system failures, this pillar assesses the system’s ability to maintain safety in the presence of internal malfunctions.

The third factor, External Cybersecurity Resilience, evaluates the system’s tolerance against external cybersecurity threats. Verification over secure communication and data integrity under potential attacks such as vehicle hacking, spoofing and denial-of-service (DoS)) is a key objective of this pillar. Associated with the “ISO/SAE 21434: 2021” standard illustrating cybersecurity risk management for vehicle E/E systems across the lifecycle, this phase assesses the system’s ability to proactively mitigate attack vectors targeting sensors, ECUs and OTA updates.

II. Techniques

While various techniques exist to evaluate functional performance, system reliability and external attack resilience, this blog focuses on three core cybersecurity validation methods — Compliance Auditing, Software-in-the-Loop (SiL) Module Testing, Hardware-in-the-Loop (HiL) Penetration Testing — to better illustrate the differences across diverse validation approaches.

The first technique, Compliance Auditing, focuses on verifying whether development practices and system architectures align with established safety and cybersecurity regulations (e.g. ISO/SAE 21434, UN R155). This method is widely used by OEMs and Tier 1 suppliers to conduct gap analyses during early-development stages or in preparation for CSMS Certification audits, to check whether internal processes conform to regulatory requirements.

AutoCrypt CSTP Compliance serves as a representative tool to accommodate these needs by validating vehicle vulnerabilities on a unified platform. It supports multiple testing domains including Security Validation, Functional Testing, Penetration Testing, Fuzz Testing and Vulnerability Testing and consolidates results into a comprehensive report suitable for regulatory submission. By combining testing execution and documentation, it reduces redundant tasks and streamlines the compliance process.

Another key validation technique is Software-in-the-Loop (SiL) Module Testing, which assesses robustness of embedded security components in virtualized test environments before hardware integration. Commonly applied to TEE (Trusted Execution Environment) based key management testing and V2X certificate handling simulation, this technique enables rapid iteration and early validation of security logic in controlled conditions, before advancing to high-cost hardware testing.

In accordance with these needs, the AutoCrypt CSTP Functional Tester validates hardware-dependent security functions using virtual ECU models in a Software-in-the-Loop (SiL) environment. By integrating communication interfaces, debugging tools, ECU source code and test code, this solution facilitates early detection of design flaws and integration issues well before mass production.

Another core testing approach is Hardware-in-the-Loop (HiL) Penetration Testing, which evaluates cybersecurity resilience of physical ECUs by simulating real-world attack vectors in controlled HiL testing environments. Often applied for in-vehicle network fuzz testing and Telematics Control Units (TCUs) penetration testing, this technique identifies system vulnerabilities under actual runtime configurations, moving beyond theoretical scenarios.

Serving this purpose, the AutoCrypt CSTP Fuzzer solution actively injects malformed, unexpected inputs into in-vehicle networks to test ECU-level resistance to cyber intrusions. Covering a broad spectrum of communication layers including the Network Layer (e.g. CAN, CAN-FD, Automotive Ethernet), Application Layer (e.g. UDSonCAN, UDSonCAN-FD) and Transport/Data Layer (e.g. VehicleCAN, VehicleCAN-FD), the tool enables precise testing of vehicle systems under a wide range of adversarial conditions.

Effective ADS Validation through an Integrated Approach

With a wide range of checkpoints to address and multiple techniques available, establishing a cohesive and effective strategy for ADS validation is essential. To meet this need, a structured progression — from Compliance Auditing to Software-in-the loop Testing and finally to Penetration Testing — offers a practical pathway for comprehensive and efficient ADS validation.

At the first stage, Compliance Auditing defines the baseline and sets the strategic direction through regulatory compliance and process control.
Next, software design implementation and testing activities are supported through Software-in-the-Loop (SiL) Module Testing, which enables validation before hardware integration.
Lastly, Hardware-in-the-Loop (HiL) Penetration Testing technique can be utilized to observe real-world cybersecurity readiness under adversarial conditions.

This layered approach demonstrates how each phase builds upon and reinforces the next, enabling a robust and scalable validation framework.

With AUTOCRYPT being an authorized Vehicle Type Approval (VTA) Technical Service (TS) Provider , the firm is uniquely positioned to integrate diverse testing techniques and facilitate comprehensive ADS validation through the AutoCrypt CSTP Platform. From the AutoCrypt CSTP Compliance, which ensures design-level safety, to the AutoCrypt CTSP Functional Tester, which verifies correct functional behavior and the AutoCrypt CSTP Fuzzer able to test attack resilience, the platform enables a unified security analysis by consolidating all validation layers into a single, integrated platform.

Supporting a streamlined process for Vehicle Type Approval from ADS validation to export of results into compliance documents (e.g. TARA Report, Cybersecurity Test Report), the whole approval process can be effectively managed.

To learn more about the Autocrypt CSTP platform, check this page. For more information about our comprehensive suite of our automotive products & offerings, check this page.

As autonomous, connected vehicles evolve, so do risks associated with cybersecurity and software update management. Maintaining public safety being a top regulatory priority, certain regions like the European Union have introduced stringent compliance requirements for vehicle manufacturers and suppliers. Most notably, the UNECE Regulation No. 155 and UNECE Regulation No. 156 now mandate that automotive stakeholders demonstrate their ability to manage cyber risks and ensure secure software update processes.

To meet these legally binding requirements, industry players increasingly turn to internationally recognized standards such as ISO/SAE 21434 and ISO 24089 that delineate technical implementation measures. This blog post explores how ISO standards help translate UNECE requirements into actionable steps – focusing on the relationship between UN R155, UN R156 and technical standards, ISO/SAE 21434 and ISO 24089.

UN R155, UN R156 Regulation

As the name denotes, the UN R155, UN R156 “regulations” are legally binding requirements developed by UNECE WP.29, defining what must be done for vehicle type approval for passenger cars (M category), commercial vehicles (N category) and certain trailers (O category).

The foundational requirements for UN R155 and UN R156 differ based on their primary objectives. Under UN R155, vehicles with networked electronic components are required to establish a Cybersecurity Management System (CSMS), an organizational-level risk-management framework designed to maintain vehicle cybersecurity throughout the lifecycle. In contrast, UN R156 mandates the implementation of Software Update Management System (SUMS) for vehicles capable of receiving software updates, ensuring updates are secure, traceable and properly managed.

While these regulations give guidance on what to do, how to execute the guidelines is not provided, which is where technical standards like ISO/SAE 21434 and ISO 24089 come into play as implementation blueprints.

ISO/SAE 21434, ISO 24089 Standard

Unlike “regulations,” ISO/SAE 21434 and ISO 24089 are voluntary “standards” developed by ISO and SAE working groups. While not legally binding, they are widely adopted as technical frameworks to demonstrate compliance with UNECE requirements.

ISO/SAE 21434 focuses on managing cybersecurity risks across the vehicle lifecycle, detailing methods for identifying, evaluating and mitigating threats. Aligned with UN R155 which mandates the establishment of a Cybersecurity Management System (CSMS), the standard outlines core system capabilities, including governance, resource management and organizational responsibility. While the UN R155 regulation defines what must be established for vehicle cybersecurity, the ISO/SAE 21434 standard provides the framework for how to implement it.

Similarly, the ISO 24089 standard centers on the secure management of software updates, ensuring both functional performance and cybersecurity integrity are maintained. Following the mandate of UN R156 to establish a Software Update Management System (SUMS), the standard illustrates methods for software configuration tracking, secure update delivery, and validated installation procedures. Parallel to the relationship between UN R155 and ISO 21434, the UN R156 regulation defines what components are required for secure software updates, while the ISO 24089 standard outlines how to structure it.

Mapping ISO Standards to Cybersecurity and Software Update Requirements

Although ISO/SAE 21434 and ISO 24089 were not legally derived from UN R155 and UN R156, they share a common foundation. Both the standards and regulations emerged from the same regulatory push to mitigate cybersecurity threats associated with increasingly software-driven vehicles, which explains their current alignment. However, due to natural overlaps between cybersecurity and software update management, it would be an oversimplification to claim that ISO/SAE 21434 solely supports UN R155, or vice-versa.

ISO/SAE 21434 Support for UN R156

While ISO/SAE 21434 is not specifically a software update standard, it addresses cybersecurity considerations that arise in software update processes, particularly where secure deployment and threat mitigation intersect. This can be observed in ‘Clause 13. Operations and maintenance’ which covers cybersecurity activities during vehicle operation, including incident response, vulnerability monitoring, and post-production software updates. In this way, ISO/SAE 21434 partially supports components of a Software Update Management System (SUMS) relevant to UN R156, while primarily serving the requirements of UN R155.

ISO 24089 Support for UN R155

Similarly, ISO 24089, though not a cybersecurity standard, acknowledges the critical role of cybersecurity in software update workflows. For example, ‘Clause  5. Project level’ outlines roles, responsibilities, and planning processes that overlap with Cybersecurity Management System (CSMS) framework principles. As such, ISO 24089 partially supports operational requirements of the Cybersecurity Management System (CSMS) aligned with UN R155, and cannot be viewed in isolation from cybersecurity needs.

Taken together, while ISO/SAE 21434 is closely aligned with UN R155 for cybersecurity control and ISO 24089 with UN R156 for software updates, the distinction between the two is not clear-cut. Given the interconnected nature of both domains, areas of overlap exist where the two standards work in tandem to support shared regulatory objectives.

Streamlining Automotive Compliance

While the range of standards and regulations in automotive cybersecurity may seem complex, understanding how they interconnect allows stakeholders to navigate compliance with greater clarity and control.

AUTOCRYPT’s suite of in-vehicle cybersecurity solutions covering testing and consulting services is designed to align with the requirements of UN R155 and UN R156 and technical guidelines set by ISO/SAE 21434 and ISO 24089 standards. Supporting secure software update processes and cybersecurity control across the vehicle’s lifecycle, our services are positioned to help simplify compliance and improve informed decision-making.

Visit our UNECE WP.29 Consulting page to learn more about how OEMs and Tier suppliers can control cybersecurity measures for vehicle type approval.

To contact our team about how your company can get started, contact global@autocrypt.io.

Tag: #UNR156

An Integrated Approach to Automated Driving System (ADS) Validation