All framework guides
Help Center · Framework guide
UN Regulation No. 155
UN R155 · Manufacturing · Global · v2025/5
AutomotiveUNECECSMSManufacturingType Approval
Overview
UN Regulation No. 155 addresses cybersecurity management systems for vehicles and related type-approval requirements.
31 controls available in ComplAI for this framework.
Who it's for
- Automotive OEMs and suppliers
- Manufacturers seeking type approval in UNECE markets
- Vehicle cybersecurity and product security teams
Why it matters
Cybersecurity is now a type-approval gate. Mapping CSMS requirements to controls supports audit and regulatory readiness.
Cybersecurity management systemRisk assessment for vehiclesMonitoring and incident responseSupply-chain cybersecurity
How ComplAI helps
- Activate UN R155 in the Framework Library to load its control catalog
- Assign owners, track compliance status, and attach evidence per control
- Use risk register and issues workflows when controls fail or deviate
- Export readiness views for leadership and auditors
Sample controls
- governance
§6
CSMS certificate of compliance
- governance
§7.2.1
CSMS establishment and verification
- governance
§7.2.2.1(a)
Organizational cyber security processes
- risk management
§7.2.2.1(b)
Vehicle type risk identification
- risk management
§7.2.2.1(c)
Risk assessment, categorization and treatment
- risk management
§7.2.2.1(d)
Risk management verification
Getting started
- Open Framework Library and activate UN R155
- Review the control list and prioritize high-impact domains
- Attach policies, procedures, and technical evidence
- Mark controls audit-ready and monitor residual gaps
