Over the past few weeks HVIA members from heavy vehicle and trailer manufacturers, and telematics and brake providers, have met to discuss Australia’s future position on vehicle cyber security. Together the group has put together a submission representing the industry’s position on the Department of Infrastructure, Transport, Regional Development, Communications, Sports and the Arts’ proposed Vehicle Cyber Security and Software Update which can be found here.
The Department proposes to adopt UN Regulations UN R155 and UN R156 for cybersecurity and software updates respectively, which would form two new Australian Design Rules (ADRs), along with a Road Vehicle Standards (RVS) rule change to implement the management system requirements contained in both UN regulations.
There is no doubt that the digital and smart vehicle revolution have brought about some challenges for vehicle manufacturers and auxiliary component suppliers. Anything with an electronic control unit is under scrutiny to ensure devices cannot be tampered with or forced into malfunction by “bad actors”. This includes heavy vehicles and bolt-on technologies such as trailer electronic braking systems, tyre pressure monitoring and inflation devices, telematics, refrigeration units and more.
In Europe, regulations UN155 for cyber security and UN156 for software update have already been in force for several years. This is for all new vehicles produced in the European Union since July 2024, and on July 1, 2026 for all new heavy trailer registrations. This creates a level of regulatory security and data protection in Europe, not yet experienced by the heavy vehicle industry in Australia.
Given these regulations were developed by the GRVA (the United Nations Economic Commission for Europe’s Working Party on Automated/Autonomous and Connected Vehicles) which has a German chairperson and vice chairs from China, Japan and the US, these are the most uniform regulations available globally, despite some of these regions carrying their own unique requirements.
As such, HVIA members feel it is logical to harmonise with Europe and follow the traditional protocol of developing ADR’s based on the UN regulations. This has been done many times in recent years with ADR 97 for Lane Departure Warning referencing UN131 as Appendix A, and ADR 105 for Blindspot Devices matching UN151, referenced as Appendix A as a few examples.
In this case, future ADR’s are set to reference UN155 and UN156 with local manufacturers and vehicle importers and second-stage manufacturers ensuring compliance with the new standards. HVIA has called on the Department to release some planning on when the new ADR’s may be released as drafts.
While industry understands the need for increased cyber and software compliance, it is acknowledged all new standards come with additional costs. Given this, HVIA is requesting three-four years’ notice on any new ADR requirement, so manufacturers have time to modify their offerings if required and then complete the internal auditing, assessments and process structures needed to maintain compliance.
Additionally, members raised concerns around providing financial support for those who do not inherit compliance and have sovereign capabilities which may be of strategic value for Australia and increase our cyber resilience against potential overseas “bad actors” in particular. We will prepare an information pack on UN155 and U156 to help members better understand how they made be impacted by these likely future regulations.
HVIA thanks all members who contributed to this consultation and look forward to working through any new requirements together with the relevant federal departments and government agencies.
For any members wishing to contribute further on this topic who have not received communications, please reach out to r.michaud@hvia.asn.au to be added to the mailing list.