GB 44495-2024, "Cybersecurity Technical Requirements for Whole Vehicles," is a mandatory national standard in China for intelligent and connected vehicles (ICVs). Developed by the Ministry of Industry and Information Technology (MIIT) and issued by the State Administration for Market Regulation (SAMR) and the Standardization Administration of China (SAC), this standard will take effect on January 1, 2026.
The core requirements of GB 44495-2024 focus on establishing both a management system and technical safeguards.
1.Establish a Cybersecurity Management System (CSMS): Automakers must implement a CSMS covering the vehicle's entire lifecycle, from development and production to post-production. This aligns with the principles of the UN R155 regulation.
2.Implement Four Technical Safeguards:
·External Connection Security: Strict controls for wireless communication interfaces (e.g., Wi-Fi, Bluetooth) and data ports (e.g., USB, OBD) to prevent unauthorized access.
·Communication Security: Secure authentication and encryption protocols for data exchange between the vehicle and external entities (e.g., cloud platforms, other vehicles).
·Software Update Security: A tamper-resistant process for software-over-the-air (SOTA) updates, including an Intrusion Detection and Prevention System (IDPS).
·Data Security: Protection for critical vehicle data. For example, the vehicle must have mechanisms to prevent unauthorized modification of key data (like braking parameters) via the OBD-II port or other means.
Relationship with International Standards:
GB 44495-2024 was developed with reference to international regulations like UN R155 (Cybersecurity) and UN R156 (Software Update). However, China's compliance path has unique characteristics:
·Difference from UN R155: While UN R155 uses a CSMS type-approval approach, GB 44495-2024 requires automakers to undergo audits and complete 27 specific cybersecurity tests. Vehicle type extension criteria are also more stringent.
GB 44495 Certification Process and Testing:
The certification process focuses on verifying compliance with the standard's requirements.
1.Testing is Central: The core of certification involves completing the tests specified in the standard. For example, data security tests might simulate connecting to the OBD-II port with an unauthorized tool to read and modify critical data, verifying access controls and anti-tampering mechanisms.
2.Process Overview: Companies must establish their CSMS, conduct internal testing, submit test reports and technical documentation to an accredited testing institution, undergo factory inspections, and finally receive certification after audit.
Impact of GB 44495-2024:
The implementation of this standard will profoundly impact the automotive industry:
1.Mandatory Market Access: Starting January 1, 2026, vehicles that do not comply cannot receive type approval and cannot be sold in the Chinese market.
2.Redesigned Product Development: Cybersecurity will shift from a late-stage add-on to a core consideration integrated from the initial stages of vehicle design and development.
3.Enhanced Competitiveness and Export Potential: Compliance is essential for competing in the domestic market. As the standard aligns with international regulations, it also helps improve product acceptance in global markets.
GB 44495-2024 is more than a technical standard; it is a mandatory driver pushing the entire automotive industry to transform cybersecurity from an "add-on" into a "fundamental" component. For automakers, integrating its requirements into their R&D and quality management systems early is key to gaining a competitive advantage.
We hope this information helps you understand GB 44495 certification. BLUEASIA Technology: 13534225140, provides professional certification consulting services!
Related News
