Navigating compliance costs: OEMs' dilemma in making legacy vehicles compliant with cybersecurity
Implementing R155 requires huge investments in cybersecurity infrastructure and Software Update Management Systems (SUMS). This includes financial commitments and the deployment of specialized expertise. The directive also demands extensive documentation and traceability, adding administrative burdens and necessitating deep IT security and compliance knowledge.
The implementation of the United Nations Economic Commission for Europe (UNECE) R155 cybersecurity regulation has ramifications for the automotive industry that are more immediate than one would ordinarily expect in the vehicle planning process. It has led to some shuffling of vehicle portfolios among original equipment manufacturers due to inputting cost-benefit scenarios into the vehicle planning process. Porsche's decision to discontinue sales of the internal combustion engine (ICE)-powered Macan in the EU, reportedly because of the costly updates required for compliance, highlights the challenges that OEMs face in navigating these regulations.
Thank you for visiting S&P Global AutoTechInsight.
*A subscription to News & Analysis includes four S&P Global-selected sector-specific analytical pieces per month. Access to all analytic pieces across all domains comes with a subscription to All Domains. Please click here to subscribe.
To get access to the AutoTechInsight full suite of services, please contact a sales representative by clicking here.
Already a subscriber? Please log in here
