Safety & Regulation

What is UN R155 cybersecurity regulation and do Chinese EVs comply?

Updated 2026-05-186 min read
What is UN R155 cybersecurity regulation and do Chinese EVs comply? — ChinaEV.Autos guide

UN R155 (adopted July 2024 for all new registrations) is the world's first mandatory automotive cybersecurity regulation. It applies to any EV sold under EU type-approval.

01

What R155 requires

Certified CSMS (Cyber Security Management System) covering design, production, in-service, and decommissioning.

Risk assessments per vehicle type, monitoring and detection of new threats, and update processes.

02

Chinese brand compliance

BYD, MG, Xpeng, NIO, Zeekr, Ora, Leapmotor — all have CSMS certificates via TÜV, DEKRA or Applus IDIADA.

Some China-market-only models did NOT achieve R155 in time — these were quietly withdrawn from EU sale in July 2024.

03

What it means for owners

Guaranteed OTA security patch process for the vehicle lifetime.

Right to compensation if a vulnerability is exploited and not patched.

Key takeaways
  • 01R155 = mandatory since July 2024 for new EU type approvals.
  • 02All officially-sold Chinese EVs comply.
  • 03Grey imports may not comply — verify before importing.

Sourcing parts or vehicles related to this?

ChinaEV.Autos connects buyers with 2,300+ verified Chinese suppliers. Get matched in minutes.

Related answers

Keep reading