CEMA warns against blind copy-paste of automotive requirements on cybersecurity and software updates

 ***

In UNECE (the United Nations Economic Commission for Europe), work is ongoing to develop with high urgency the necessary Regulations for the automotive sector on cybersecurity (CS) in Regulation 155, and software update management systems (SUMS) in Regulation 156. Parallel discussions are also ongoing at EU level, with implementation dates already set for 2024. This approach fits with the increasing electronic control for passive and active safety systems that require regular updates and solid security checks both of the product and within the production process chain.

But the agricultural machinery industry was very surprised to learn that without any assessment agricultural vehicles were also included in scope, despite the sector’s small volume and many SMEs. For the last two years CEMA has worked to convince the contracting parties about the need for a more fit-for-purpose approach, bringing forward both technical and practical argumentations.

These argumentations have been bundled in a position paper shared with the UNECE group in charge, the European Commission and the Member States.

The last UNECE group meeting provided a first positive sign of  break with the fast-track procedure for the automotive sectors and develop by September a roadmap for agricultural vehicles including on application and implementation. As the European Commission clearly stated that the urgency is lacking for the EU, there is time for industry to assess and for a thorough discussion within UNECE.

Without a clear voice from the EU contracting parties that the exercise must be redone for such specific small volume industry, it is expected that many SMEs, producing unique machinery for niche markets will not be able to continue on their path to digitization.