1. Required Document Checklist

·Whole Vehicle Cybersecurity Design Documents: Network topology, ECU/Gateway/T-BOX design, external interface security description, in-vehicle communication encryption specification.

·OTA Special Compliance Documents: Upgrade process, signature anti-tampering mechanism, power-off rollback strategy and version record management rules.

·Cybersecurity Risk Assessment Materials: Assessment system, risk identification records and key asset vulnerability ledgers.

·Vulnerability Management Documents: Vulnerability disposal process, 6-month high-risk vulnerability remediation mechanism and version traceability records.

·Supply Chain Security Control Materials: Cybersecurity requirements for suppliers and parts compliance management procedures.

·Enterprise & Basic Vehicle Documents: Business license, production qualification, vehicle configuration list and sample version description.

·Data Security Compliance Documents: Personal information collection rules, in-vehicle prompt mechanism and cross-border data approval process.

  2. Test Report Validity Rules

·No fixed 3/5-year validity period for GB 44495 reports.

·No major vehicle changes: Test results remain permanently valid.

·Major architecture changes: Replacement of T-BOX/gateway, OTA mechanism adjustment and new remote interfaces require re-evaluation or full retest.

·Minor OTA version upgrade: Only internal filing is needed without retesting.

·Existing in-production models can use original qualified test reports until the 2028 transition deadline without annual retest.

  3. Practical Tips

Prepare practical operation records instead of empty system documents; clarify on-site inspection and filing documents with laboratories; focus on supply chain management clauses rather than redundant supplier reports.

For GB 44495 document guidance and testing, contact Blueasia Testing & Certification Consultant: 13534225140