
Automotive Cybersecurity Regulations
Overview
By regulatory body
The National Institute of Standards and Technology (NIST), founded in 1901, is tasked with promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. Their authorization has since expanded to include cyber security frameworks, which are compiled of industry standards, guidelines, and practices.
SAE International is a global association of more than 128,000 engineers and related technical experts in the aerospace, automotive and commercial-vehicle industries.
The ISO/SAE 21434 cybersecurity standard requires OEMs maintain cyber resilience throughout the lifecycle of each vehicle.
ISO (International Organization for Standardization) and the IEC (International Electrotechnical Commission), are separate independent, non-governmental, international organizations who bring together experts to share knowledge. Their joint standard on information security systems allows for a more trustworthy internet where data can be shared without threat of leakage or prying eyes.
The United Nations Economic Commission for Europe (UNECE) was established to promote economic cooperation and integration among its 56 member states. Within the UNECE, lies the World Forum for Harmonization of Vehicle Regulations, also known as WP.29.
The National Highway Traffic Safety Administration is responsible for keeping people safe on America’s roadways, including requiring manufacturer recalls if deemed necessary. Their cybersecurity standards include ADAS technologies, and the electronics, sensors, and computer systems that keep drivers safe.
The Automotive Information Sharing and Analysis Center (AUTO-ISAC) is an industry-driven community, sharing and analyzing intelligence about emerging cybersecurity risks to vehicles. Collectively, they enhance vehicle cybersecurity capabilities across the global automotive industry.
The European Union Agency for Cybersecurity (ENISA) is the EU's agency dedicated to achieving a high common level of cybersecurity across Europe. Their efforts identify the best practices to bring all member states, and those they conduct business with, into alignment.