China: New regulations for vehicle cyber security and data storage systems
The Chinese State Administration for Market Regulation (SAMR) has issued two new draft regulations for vehicle cyber security and data storage systems.
The standards will be universally applied to all newly designed smart and connected vehicles, introducing a set of mandatory requirements.
The “Standard on Data Storage Systems for Automated Driving in Intelligent and Connected Vehicles” will mandate that automated driving systems (ADS) rated at level 3 or higher must incorporate specific autopilot data recording systems and data storage mechanisms for automated driving. The criteria for triggering events, such as collisions and data recording, are outlined in standards explicitly mentioned in the regulation. In terms of vehicle ethernet communication parameters and data processing requirements, this standard references ISO standards. Additionally, it stipulates that crash tests must conform to GB standards.
The second standard, “Technical Requirements for Vehicle Cybersecurity,” outlines the requirements for managing cybersecurity systems, encompassing both general and technical aspects, along with procedures for security audits, evaluations, and testing verification methods. To address potential information security threats, organizations must conduct a risk assessment and establish protocols. Any remote control systems and vehicle communications must include specialized control mechanisms, and the standard includes a comprehensive list of test methods in its annex.
Both of these standards are applicable to vehicles falling under categories M and N that are equipped with the relevant technological components. Furthermore, the “Vehicle Cybersecurity” standard extends its applicability to category O vehicles. The Chinese authorities are introducing these new standards with the aim of ensuring human safety and security concerning intelligent and automated vehicles.
Currently, the draft versions of these standards are open for public comments and will become effective 12 months after their adoption. You can access the draft standard text for data storage systems HERE and the one for vehicle cybersecurity HERE, but please note that they are available in Chinese only.
To find out more about vehicle regulations in China, please contact the Institute for Global Automotive Regulatory Research directly.