CarThreat
Sign In
  • Home
  • News
  • Features
  • Spotlight
  • Events
  • About
    • Our Mission
    • Services
    • Contact
Notification
Cybersecurity

Infineon Opens €5 Billion Smart Power Fab in Dresden, Boosting Chip Supply for Software Defined Vehicles

Cybersecurity

Mercedes Benz Telemetry Data Replaces Manual Road Surveys for Infrastructure Safety

Cybersecurity

BYD Xuanji A3 Chip Targets First Vehicle Deployment by 2027

Cybersecurity

Automotive Cyber Vulnerabilities Double Year Over Year as Attacks Get Easier

Font ResizerAa
CarThreatCarThreat
  • Reviews
  • Voices & Reviews
  • Physical Security
  • Car News
  • Electric Vehicles
  • Electric Vehicles
  • Buyer’s Guide
  • Buyer’s Guide
  • Auto Shows
  • Cybersecurity
  • Concepts
  • Policy & Compliance
Search
  • Home
  • News
  • Features
  • Spotlight
  • Events
  • About
    • Our Mission
    • Services
    • Contact
Sign In Sign In
Follow US
Made by ThemeRuby using the Foxiz theme. Powered by WordPress
Policy & Compliance

How the EU Cyber Resilience Act Reshapes Compliance for Software Defined Vehicles

ctadmin
Last updated: June 19, 2026 2:54 am
By
ctadmin
2 Min Read
SHARE

CRA Scope and Automotive Overlap

The EU Cyber Resilience Act (CRA), effective December 2024 with main obligations starting December 2027, introduces horizontal cybersecurity requirements for any hardware or software with digital elements sold in the EU. For the automotive sector, this regulation targets components that fall outside existing vehicle specific frameworks like UN R155 and ISO/SAE 21434. Key areas of impact include telematics units, infotainment systems, aftermarket diagnostic dongles, cloud connected APIs, V2X components, and EV charging infrastructure. Products already covered by equivalent sector specific EU rules may be excluded, but the burden rests on manufacturers to prove that equivalence.

Contents
CRA Scope and Automotive OverlapWhat OEMs and Suppliers Must AddressClosing the SBOM and OTA Gaps

What OEMs and Suppliers Must Address

The CRA shifts cybersecurity from a vehicle approval issue to a broader product compliance matter. OEMs and suppliers must now demonstrate risk assessment, vulnerability handling, software update capability, and technical documentation for each digital component. This creates a significant supplier management challenge because many connected vehicle risks originate outside the core vehicle platform. The regulation requires manufacturers to exercise due diligence over third party components and to maintain support periods for products with digital elements, with clear end dates communicated at purchase.

Closing the SBOM and OTA Gaps

A Software Bill of Materials (SBOM) becomes critical under the CRA, because connected vehicles contain a complex mix of proprietary code, open source libraries, supplier firmware, and cloud services. Without accurate software composition data, OEMs cannot quickly answer which vehicles contain a vulnerable component or whether a patch can be deployed OTA. Secure over the air updates move from a UN R156 best practice to compliance evidence, as the CRA expects manufacturers to identify vulnerabilities, map affected components, and deploy patches rapidly. Automotive businesses should map CRA scope across their connected vehicle ecosystem, build SBOM maturity, align vulnerability management with CRA reporting timelines, and connect evidence across UN R155, R156, and ISO/SAE 21434 to create a single cybersecurity assurance model.

Source: Automotive IQ

Join Our Newsletter
Subscribe to our newsletter to get our newest articles instantly!
TAGGED:Connected VehiclesEU Cyber Resilience ActOTA UpdatesSBOMsoftware defined vehiclessupplier complianceUN R155
Share This Article
Facebook Email Copy Link

Follow US

Find US on Social Medias
FacebookLike
XFollow
YoutubeSubscribe
TelegramFollow
- Advertisement -
Ad image

You Might Also Like

Policy & Compliance

Automakers Face Scrutiny as Connected Car Data Collection Outpaces Privacy Laws

By
ctadmin
June 19, 2026
Cybersecurity

Generative AI Tools Heighten Vehicle Vulnerability Risks, South Korean Experts Warn

By
ctadmin
June 19, 2026
CybersecurityElectric VehiclesPolicy & Compliance

BYD OTA Update Sparks ‘Battery Lock’ Controversy as Israel Weighs New Connected Vehicle Rules

By
ctadmin
May 29, 2026
CybersecurityElectric VehiclesPolicy & Compliance

Fort Robotics Acquisition Adds Remote Human Oversight to Autonomous Vehicle Safety

By
ctadmin
May 29, 2026
Policy & Compliance

Gipuzkoa’s Automotive Sector Gears Up for Cyber Resilience Act Compliance

By
ctadmin
June 19, 2026
Cybersecurity

India Mandates AIS-189 Cybersecurity Norms for Connected Vehicles by 2029

By
ctadmin
June 30, 2026

Carthreat

Intelligence for the EV and automotive security market
  • News
  • Features
  • Spotlight
  • Events
  • About Carthreat
  • Our Mission
  • Services
  • Contact Us
  • Member Programs
  • Member Programs
  • Customer
  • Customer
  • For Media
  • For Media
  • Contact Us
  • Contact Us
  • Buyer’s Guide
  • Buyer’s Guide
  • Cybersecurity
  • Auto Shows
  • Physical Security
  • Car News
  • Reviews
  • Voices & Reviews

© 2026 Carthreat.com. All right reserved.  Privacy Policy | Legal

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?