What is UN R155 cybersecurity regulation and do Chinese EVs comply?

UN R155 (adopted July 2024 for all new registrations) is the world's first mandatory automotive cybersecurity regulation. It applies to any EV sold under EU type-approval.
What R155 requires
Certified CSMS (Cyber Security Management System) covering design, production, in-service, and decommissioning.
Risk assessments per vehicle type, monitoring and detection of new threats, and update processes.
Chinese brand compliance
BYD, MG, Xpeng, NIO, Zeekr, Ora, Leapmotor — all have CSMS certificates via TÜV, DEKRA or Applus IDIADA.
Some China-market-only models did NOT achieve R155 in time — these were quietly withdrawn from EU sale in July 2024.
What it means for owners
Guaranteed OTA security patch process for the vehicle lifetime.
Right to compensation if a vulnerability is exploited and not patched.
- 01R155 = mandatory since July 2024 for new EU type approvals.
- 02All officially-sold Chinese EVs comply.
- 03Grey imports may not comply — verify before importing.
Sourcing parts or vehicles related to this?
ChinaEV.Autos connects buyers with 2,300+ verified Chinese suppliers. Get matched in minutes.