Blog

During the 21st Expert Meeting on Automated, Autonomous and Connected Vehicles (GRVA), held at the Palais des Nations in Geneva from 20 to 24 January 2025, the need to establish a new Informal Working Group (IWG) dealing with Safe and Secure Access to Vehicle Data and Functions (SAVDF) was discussed. During the discussion, GRVA recommended the establishment of such a subgroup within WP.29 (Working party WP.29 – World Forum for Harmonization of Vehicle Regulations, operating within UNECE – United Nations Economic Commission for Europe).

During the development of automated and autonomous vehicles, great importance is attached to the cybersecurity of the vehicle, including the requirements for the vehicle’s resistance to external attacks, and to the security of the software implemented in the vehicle. Increasingly, international bodies, in their discussions, raise the issue of protecting data collected by vehicles.

The activities of the new group are therefore to focus on developing security requirements for all physical and virtual (remote) interfaces and for related vehicle communication channels, enabling access to data and on-board vehicle functions.

Ultimately, such requirements are to cover all vehicle categories within the scope of WP.29. The developed requirements are to include activities based on best practices in relation to on-board authentication and authorization systems used at national and regional levels, while ensuring compliance between the vehicle and the cybersecurity requirements in terms of access to vehicle data, functions and resources.

The aim of the activities undertaken is to verify the implementation process of UN Regulations No. 155 and 156, in the context of authentication and authorization control in vehicles. In addition, during the meeting, attention was paid to defining the needs, rights and obligations of various parties in the field of preventing excessive access to data. The activities of the working group are to focus on identifying the main problems and legal obstacles in the potential application of the provisions of the above-mentioned UN regulations.

The Chairman of the SAVDF presented the informal document GRVA-21-40, which contains the scope of requirements and obligations for the new SAVDF group. Many States, members of the 1958 and 1998 Agreements, supported the need to create such a group. Representatives of China pointed out that such a group is needed to determine what data should be treated as private and how to protect it, e.g. require blurring of faces or license plates.

Representatives of Italy, the Netherlands, France, Great Britain and the USA also support the need for such work. It should be emphasized that OICA (fr. Organisation Internationale des Constructeurs d’Automobiles), as a representative of the industry, also believes that the topic of privacy should be regulated by law.

GRVA supported the establishment of the group without opposition and such a recommendation will be presented to WP.29 at the session in March 2025.

Source:
Informal document GRVA-21-40, Draft Terms of Reference and Rules of Procedures Informal Working Group on Safe and Secure Access to Vehicle Data and Functions (IWG on SAVDF), 6th Meeting of the Group on Vehicle On-Board Authorization Concept, 21st GRVA (20-24. Jan. 2025) Agenda item 5(b) https://unece.org/sites/default/files/2025-01/GRVA-21-40e_0.pdf

———————————————————-

* the meeting was attended by the expert of the Connected and Autonomous Vehicles Competence Centre of the Motor Transport Institute, Artur Gołowicz, PhD, Eng.