Consultation outcome

GB type approval scheme: cyber-security and software update requirements

From:
Department for Transport
Published
26 February 2025
Last updated
16 September 2025 — See all updates
This consultation has concluded

Read the full outcome

GB type approval scheme: cyber-security and software update requirements – government response

HTML

Detail of outcome

Following review of the feedback to this consultation, the department will continue with mandating the UN regulations on cyber-security and software updates within the GB type approval scheme. We have decided to incorporate revisions to the implementation dates to allow more time for the automotive industry to comply, while maintaining an accelerated implementation for GB to mandate these important requirements.

The department’s revised proposal also provides additional time for multi-stage manufacturers to comply to ease the impact on GB manufacturers.

The revised proposal is detailed in the consultation outcome, which includes a summary of responses and next steps the government intends to take.

The amended dates for compliance with UN Regulation No. 155 on cyber-security (R.155) and UN Regulation No. 156 on software updates (R.156) are given below.

Registration type Revised date of effect for R.155 Revised date of effect for R.156
New GB vehicle types (excluding completed vehicles) 1 June 2026 1 June 2026
Complete and incomplete vehicles 1 June 2027 1 June 2027
Completed vehicles 1 June 2028 7 July 2029
Special purpose vehicles 7 July 2029 7 July 2029

Original consultation

Summary

Seeks views on proposals to mandate approval of vehicles to 2 internationally recognised technical regulations under the GB type approval scheme.

This consultation ran from
to

Consultation description

This consultation seeks views on our proposal to mandate approval to 2 internationally recognised technical regulations under the GB type approval scheme. They are:

  • UN Regulation No. 155 on cyber-security and cyber security management systems
  • UN Regulation No. 156 on software updates and software update management systems

Under these proposals, we intend to:

  • make the approval mandatory for specific vehicle categories produced in unlimited and medium series under the GB type approval framework
  • outline the transitional arrangements for new vehicle types and registrations – this will ensure manufacturers have time to adapt processes to comply
  • introduce exemptions that reduce the administrative burden on manufacturers

The proposal will ensure robust processes are in place for manufacturers to manage cyber-security threats and safely deploy software updates for new vehicles that enter the GB market.

We are also seeking views on extending the application of the technical requirements to other vehicle categories and introducing additional enforcement measures for vehicles in service.

Documents

GB type approval scheme: cyber-security and software update requirements

HTML

Updates to this page

Published 26 February 2025
Last updated 16 September 2025 show all updates

  1. The department will continue with mandating the UN regulations on cyber-security and software updates within the GB type approval scheme, as outlined in the consultation outcome.

  2. First published.

Sign up for emails or print this page