Full Standard Definition of GB 44496-2024
Full official title: General Technical Requirements for Automotive Software Upgrade, a mandatory national standard (not recommended standard). Jointly issued by MIIT and SAC on August 23, 2024, with official enforcement date January 1, 2026.
January 1, 2026 marks the standard’s effective date, not the mandatory CCC enforcement deadline. Vehicle manufacturers may continue production and sales post-effective date, but formal Software Upgrade Management System (SUMS) construction must be fully operational starting this date. The official CCC mandatory inclusion date is July 1, 2027. All vehicles certified under CCC before this deadline maintain valid market access rights. After July 1, 2027, all newly filed, warehoused and imported vehicles must demonstrate GB 44496 compliance recorded within their CCC certificates; missing compliance records result in failure to access official vehicle announcement catalogs. Misalignment of these two critical timelines leads to severe project scheduling disruptions.
2. Applicable Scope of GB 44496-2024 Certification
Full vehicle coverage applies to M-class passenger vehicles, N-class cargo vehicles and O-class trailers, subject to one prerequisite: the vehicle must support software upgrade functionality via over-the-air OTA or local USB diagnostic flashing. Three hardware categories are excluded from standard regulation:
·L-class two-wheeled and three-wheeled motorcycles
·Special-purpose off-road vehicles operating exclusively within factory premises with no public road access
·Vehicles supporting only offline local diagnostic flashing with zero OTA remote upgrade capability
3. Core Standard Clauses of GB 44496-2024
The standard governs the full lifecycle of software upgrades beyond OTA push operations, covering system construction, development testing, release distribution, emergency response and post-upgrade traceability with rigid control requirements for every stage.
3.1 General Mandatory Requirements
Vehicle manufacturers must establish formal SUMS software upgrade management systems. All upgrade-related records must be retained for a minimum of 10 years after corresponding vehicle model discontinuation with full audit traceability. Critical reminder: retention requirements apply not only to full vehicle upgrade logs but also firmware version and hardware change ledgers for TBOX, MCU and other electronic control units. Missing component traceability records trigger non-conformity findings during audits.
3.2 Mandatory Process Requirements
Nine formal documented management procedures must be established: unique software version & hardware identification labeling, secure access & update of software identifiers, precise target vehicle recognition for upgrades, configuration compatibility verification, cross-system impact assessment of upgraded ECUs, type approval impact evaluation for hardware/software changes, functional change risk assessment, safety system interference risk evaluation, multi-channel user notification protocols.
3.3 Document & Record Retention Rules
Complete retention of all upgrade documentation: upgrade purpose, execution timestamp, functional scope, risk impact analysis, formal approval records, implementation methodology, pre-upgrade prerequisite verification and post-upgrade validation evidence.
3.4 Security Protection Mandates
Upgrade package anti-tampering encryption, full lifecycle security encryption protection, functional & code rationality validation, formal emergency incident response contingency framework.
3.5 General Vehicle Hardware Mandates
Upgrade package authenticity & integrity protection, secure management of software identifiers & version numbers, end-to-end anti-tampering safeguards.
3.6 Supplementary Mandates for Online OTA Upgrades
Multi-channel user notification & user confirmation mechanisms, pre-upgrade prerequisite condition verification, vehicle power supply battery capacity safeguards, in-cabin door anti-lock protection, post-upgrade result user notification, automated failure rollback & recovery processing.
Frequently Overlooked Standard Details
·Mandatory annual emergency drills covering three core failure scenarios: OTA upgrade interruption, upgrade package tampering and cross-version software conflict, with complete drill records and closed-loop fault resolution evidence required. Purely documented contingency plans without real drill execution will fail system audits.
·OTA remote upgrades are strictly prohibited during vehicle driving status; upgrades may only initiate under P-park gear with sufficient battery power, with driving-state upgrade blocking serving as a hard pass/fail test item with zero tolerance for failure.
4. Two Mandatory Modules Comprising GB 44496 Compliance
Full certification completion requires parallel execution of SUMS system audit and VTA physical vehicle testing, with both modules mandatory for valid compliance records.
4.1 SUMS System Audit
SUMS = Software Upgrade Management System audit, evaluating enterprise internal organizational processes, documented procedures and traceability mechanisms against all standard clauses. Auditors issue a SUMS compliance audit report upon passing, with no standalone SUMS certification certificate available. The audit report acts as a mandatory precondition for VTA vehicle testing; laboratories reject vehicle test applications without valid SUMS audit documentation.
4.2 VTA Physical Vehicle Type Approval Testing
Fourteen total technical verification test items split into two categories:
·Eight universal local upgrade test items mandatory for all vehicles supporting either OTA or USB offline flashing
·Six exclusive online OTA supplementary test items: multi-channel user notification consistency verification, pre-upgrade condition inspection, in-cabin door unlock protection during upgrade, automated failure rollback, full vehicle functional self-inspection post-recovery and result notification push to users.Vehicles limited to offline USB flashing with zero OTA functionality qualify for exemption from the six online supplementary test items, eliminating unnecessary testing budget waste.
5. Core Differences Between GB 44496 and UN R156
The domestic standard draws heavily on UN R156 framework structure with matching nine core management processes, while introducing three exclusive mandatory Chinese domestic compliance clauses absent from R156:
·Mandatory mechanical interior door unlock capability during all upgrade stages (unique China requirement)
·Multi-channel consistent user notification mandates covering infotainment screen, mobile APP and SMS with identical text content across all channels (no equivalent R156 rule)
·Full vehicle functional self-inspection and automated result push to end users after upgrade failure rollback (unique domestic standard clause)Enterprises holding valid UN R156 compliance reports cannot directly transfer documentation for GB 44496 certification, requiring supplementary verification for the three exclusive Chinese standard test items.
6. Correlation Between GB 44496, GB 44495 and GB 44497
GB 44495 (Vehicle Cybersecurity), GB 44496 (Software Upgrade) and GB 44497 (Automotive Event Data Recorder) share overlapping system documentation and management processes, enabling consolidated audit planning to reduce overall compliance costs. However, physical vehicle testing items remain fully independent across all three standards; a single unified management system cannot substitute separate laboratory testing for each national standard.
7. Key Upcoming Policy Revisions to Monitor
·MIIT is drafting Amendment No.1 to GB 44496, with a draft consultation round released September last year. New test items include enhanced firmware security verification and cross-ECU synchronized upgrade linkage testing, with stricter judgment criteria for safe system status after rollback. Enterprises with ongoing certification projects must track official release timelines, as mid-project standard revisions force supplementary differential testing extending lead time and raising costs.
·Consolidated joint filing mechanisms for GB 44495 and GB 44496 have been formally implemented for new vehicle announcements, permitting simultaneous document submission and combined audit reviews with shared SUMS/CSMS system frameworks. Physical vehicle testing remains fully independent with no cross-standard exemption available.
Cross-Border Compliance Guidance
Valid UN R156 compliance status cannot be directly converted to domestic GB 44496 approval, requiring supplementary testing for the three exclusive Chinese mandatory clauses: interior door unlock protection, multi-channel uniform notification text and full post-rollback vehicle self-inspection. Reusable shared documentation includes software version control, upgrade package encryption and compatibility risk assessment frameworks. Overseas OEMs with established UN R156 systems may apply for equivalent assessment with domestic certification bodies to avoid full system reconstruction, while imported vehicles are not required to build compliance systems from scratch. Export to the EU requires additional independent GDPR data privacy and RED RF compliance testing, with zero coverage via domestic GB 44496 certification.
Post-Certificate Continuous Compliance Obligations
CCC certificate issuance marks the start of long-term maintenance requirements, not full compliance completion. Annual SUMS system operational supervision must be maintained with complete upgrade ledgers and formal emergency drill records retained on file. Certification authorities conduct annual on-site surveillance audits; missing traceability records or incomplete drill documentation
trigger major non-conformity findings with certificate suspension or revocation risks.
All upgrade records shall be archived for 10 years after vehicle model discontinuation, including firmware version change logs of TBOX, MCU and other ECUs. Any replacement of core component suppliers or major software architecture overhauls requires formal change filing and supplementary differential testing; unreported hardware modifications will result in non-conformities during audits.
BlueAsia provides one-stop services covering SUMS system construction and VTA physical vehicle testing for GB 44496-2024 certification. Laboratory test benches are in tight supply at present; locking test slots early ensures on-time vehicle launch schedules. For inquiries, contact BlueAsia Compliance Consultant: +86 13534225140 (Benson)
相关新闻