UNECE R155/R156 Training
This training explains how to interpret and apply UNECE R155 and R156 requirements for vehicle cybersecurity and software updates, helping OEMs and suppliers prepare for type approval.
... > Training Courses > UNECE R155/R156 Training
UNECE R155/R156 Training
UNECE R155 and R156 are mandatory cybersecurity and software update requirements for vehicle type approval in UNECE member countries. Bureau Veritas Cybersecurity offers dedicated training to help you understand these regulations and how to apply them in practice.
Understanding the regulations
Formally adopted in June 2020 and enforced since January 2021, these regulations require vehicle manufacturers (OEMs) to implement a Cyber Security Management System (CSMS) and a Software Updates Management System (SUMS). They apply in all countries under the UNECE 1958 agreement, providing global alignment on vehicle cybersecurity standards.
The rollout of R155 and R156 has raised questions among OEMs, approval authorities, and technical services on implementation. To support consistent application and ensure a level playing field in the type approval process, this training provides detailed guidance from both OEM and supplier perspectives.
Why should you attend?
- Understand the general landscape of automotive homologation under UNECE regulations
- Deep dive into the requirements of UNECE R155 and R156 regulations
- Explore relevant industry standards such as ISO/SAE 21434
- Explore lessons learned from several case studies
- Understand the next steps, and expected implementation effort and roadblocks

Intended Audience
The training is designed to be addressing both vehicle manufacturers as well as vehicle suppliers. The expected audience consists of:
- Homologation specialists/managers from vehicle manufacturers of vehicle components/services suppliers
- Cybersecurity design and testing specialist involved with the requirements of R155
- Cybersecurity Management System (CSMS) managers
- Software Updates Management System (SUMS) managers
- Anyone with an interest in the UNECE Regulations in Cybersecurity (R155) and Software Updates (R156) or a general interest in Automotive Cybersecurity
Required Skills and Expertise
The training is designed to explain and deep dive into the contents of the R155 and R156 regulations. No previous knowledge of R155 or R156 regulations is necessary. Basic knowledge of cybersecurity concepts is preferred in order to follow easier the presented case studies.

What to expect
The training will cover the following topics.
1. UNECE and vehicle regulations background
2. Cybersecurity regulation (R155) – deep dive
- Overview of regulation requirements (meaning of each requirement, required evidence, audit/testing approach, examples of sufficient/insufficient documentation)
- Regulation scope and certification validity
- Cyber Security Management System (CSMS) necessary processes review
- Risk Management processes
- Dealing with the supply chain
- Vehicle type assessment requirements review
3. Software updates regulation (R156) – deep dive
- Overview of regulation requirements (meaning of each requirement, required evidence, audit/testing approach, examples of sufficient/insufficient documentation)
- Regulation scope and certification validity
- Software Updates Management System (SUMS) necessary processes review
- Security of software updates (link with R155)
- Vehicle type assessment requirements review
4. Impact, timeline and next steps
- Lessons learned from conducted projects
- What to expect next?
- How will the type approval process look like?
- Expected effort for type approval and relation with Approval Authorities and Technical Services
5. QandA session
ABOUT THE TRAINERS
This training is delivered by specialists with deep expertise in automotive cybersecurity and extensive involvement in the development and implementation of UNECE R155 and R156. They have supported OEMs and suppliers across the industry, contributed to official interpretation guidance, and bring hands-on experience in audits, assessments, and regulatory compliance.
More Information
Are you interested in hosting this interactive and tailored training at your company? Please fill out the form below and we will contact you within one business day.

Why choose Bureau Veritas Cybersecurity
Bureau Veritas Cybersecurity is your expert partner in cybersecurity. We help organizations identify risks, strengthen defenses and comply with cybersecurity standards and regulations. Our services cover people, processes and technology, ranging from awareness training and social engineering to security advice, compliance and penetration testing.
We operate across IT, OT and IoT environments, supporting both digital systems and connected products. With over 300 cybersecurity professionals worldwide, we combine deep technical expertise with a global presence. Bureau Veritas Cybersecurity is part of the Bureau Veritas Group, a global leader in testing, inspection and certification.