In the market, most articles explaining GB 44496 test items follow the same pattern: they list chapter titles from the standard, present a three-part checklist of “management requirements + technical requirements + test methods,” and then state “the standard requires XX” item by item. After reading such content, you only know the general chapters of the standard but have no idea what inspectors will actually test on your vehicle.
This article explains from a practical testing perspective, translating every requirement in the standard into “what testing engineers will verify on-site.”
·Full Standard Name: GB 44496-2024 General Technical Requirements for Automotive Software Upgrade
·Standard Nature: Mandatory National Standard
·Issuance Date: August 23, 2024
·Implementation Date: The mandatory enforcement start date marked in the official standard text is January 1, 2026, applicable to new models applying for type approval. For models already in production and sale with existing type approval, GB 44496 and its first amendment do not specify a unified mandatory deadline. The industry widely mentions a “transition period until January 1, 2028,” but this is not explicitly stated in official documents. The first amendment was officially released in October 2025 (following a public comment period in September 2024 and approval preparation in December 2024), adjusting identical type judgment conditions and optimizing partial expressions. Enterprises are advised to plan their compliance schedule based on the latest MIIT announcements and implementation rules, not just unofficial sources.
·Managing Authority: National Technical Committee of Standardization on Automobiles (TC114). Issued by the Standardization Administration of China; supervised and enforced by the Ministry of Industry and Information Technology (MIIT).
·Scope: M-category (passenger vehicles) and N-category (commercial vehicles) equipped with software upgrade functions. O-category trailers and semi-trailers are excluded.
A key qualifier is “equipped with software upgrade functions.” Vehicles without any software upgrade channels (no OTA or local flashing interfaces) are theoretically exempt. However, nearly all new vehicles in 2026 support upgrade functions, so this exemption has little practical meaning for most automakers.
Another critical clarification: this standard governs the entire process of software upgrades, not just OTA function testing. Many enterprises initially treat it as an additional in-vehicle function test, only to later discover that inspection bodies also review management system documents, upgrade process records, and supplier control evidence—revealing a far broader scope than expected.
II. Structure of GB 44496-2024
The 15-page standard is structured into two major verification directions.
1.Software Upgrade Management System (Chapter 4)This verifies whether the enterprise has a systematic management mechanism for the full lifecycle of software upgrades. Inspectors review institutional documents, processes, organizational structures, risk records, and actual operation traces. This is an enterprise-level capability verification, independent of specific vehicle models.
2.Vehicle Requirements (Chapter 5)This targets specific vehicle models, verifying that in-vehicle software upgrade functions meet technical requirements, including user notification and confirmation, power assurance, upgrade package security, failure handling and rollback, software identification numbers, and door anti-lock protection. This is a model-level technical verification.
·Chapter 6: Test Methods. A major difference from UN R156—GB 44496 provides operable test guidelines, while UN R156 only defines requirements without verification methods. Inspection bodies design test plans per Chapter 6.
·Chapter 7: Identical Type Judgment Rules. Determines whether derivative models on the same platform can reuse existing certification results.
·Chapters 8–9: Requirements for vehicle instruction manuals and appendices.
III. On-Site Verification Items (Practical Testing Sequence)
1. Software Upgrade Management System Audit (Chapter 4)
This involves document review and personnel interviews, not in-vehicle functional testing.
Inspectors will:
·Verify document integrity: Written management systems covering the full software upgrade lifecycle (demand review, version control, security testing, pre-release risk assessment, user notification, post-release monitoring, emergency response).
·Check organizational structure: Clear responsibilities for decision-making, execution, and verification assigned to specific departments/positions.
·Review risk records: Pre-release risk assessments covering impacts on certified parameters (emissions, braking, airbags, etc.).
·Confirm user notification rules: Prohibition of default consent or timeout auto-confirmation; mandatory active user confirmation.
·Assess supplier management: Control over supplier software components and upgrade security.
·Verify record retention: Upgrade records stored for at least 10 years after model discontinuation.
·Check internal operation evidence: Feasibility of system design supported by trial runs or simulation records.
2. Software Identification Number (SWIN) Verification (Chapter 5)
SWIN (Software Identification Number) must be identifiable, readable, and traceable. Global uniqueness is not required.
Inspectors will:
·Read SWIN via standard diagnostic interfaces to verify readability and format compliance.
·Compare declared SWIN in technical documents with actual vehicle readings; discrepancies result in non-compliance.
·Verify SWIN updates before and after OTA upgrades.
3. User Notification & Confirmation (Chapter 5)
Unlike UN R156, GB 44496 strictly prohibits silent upgrades; active user confirmation is mandatory.
Verification includes:
·Complete notification content: Upgrade details, affected functions, duration, risks, and failure handling.
·Compliant confirmation mechanism: No auto-start on countdown; no bypassable confirmation.
·Operational verification: Full HMI interaction process or video recording.
·Cancellation mechanism: User permission to cancel before upgrade initiation.
4. Power Assurance (Chapter 5)
Upgrades must not start with insufficient power, or must safely abort if power drops mid-upgrade.
Testing includes:
·Threshold verification: Vehicle rejects upgrades below the declared power threshold.
·Low-power interruption simulation: Safe suspension or abort under low power.
·Post-interruption recovery: Safe and usable vehicle state after power restoration.
No unified threshold is specified; enterprises define reasonable values based on vehicle characteristics with documented justification.
5. Upgrade Package Security (Chapter 5)
Verifies resistance to tampering.
Inspectors will:
·Test authenticity with tampered signature packages; vehicles must reject invalid packages.
·Verify integrity via hash checks for modified package content.
·Validate handling of abnormal/incomplete packages.
Supporting documents: Signature algorithm, key management, and verification process.
6. Failure Handling & Rollback (Chapter 5)
The most critical and failure-prone test item. GB 44496 mandates rollback to the previous version upon failure, ensuring safe drivability—unlike UN R156’s framework-only requirements.
Fault injection simulations include:
·Power interruption during flashing.
·Communication link disconnection (CAN/Ethernet).
·ECU node unresponsiveness.
·Insufficient storage space.
·Verification failure (invalid signature/version conflict).
Rollback rigor increases for safety-critical domains (powertrain, chassis, ADAS). Documented rollback behavior must match actual vehicle performance.
7. Door Anti-Lock Protection (Chapter 5)
Unique to China’s standard; not required in UN R156.
Requirement: The system must not automatically lock doors during upgrades to prevent entrapment.
Testing: Inspectors operate doors during upgrades; automatic locking that blocks internal opening is non-compliant. Manual locking by users is permitted.
8. Additional OTA Requirements (Chapter 5)
·Pre-upgrade condition checks: Parked status, zero speed, no active ADAS intervention.
·Upgrade result notification: HMI displays success/failure and guidance.
·Wireless interruption recovery: No unusable state due to network drop; breakpoint resume or re-initiation allowed.
9. Identical Type Judgment (Chapter 7)
Derivative models may reuse results if key software upgrade features are consistent:
·Same manufacturer and management system.
·Identical user confirmation, power threshold, rollback logic, ECU scope, and trigger mechanism.
Software coding rules, ECU coverage, and domain controller configurations may disqualify reuse.
IV. Test Scope by Vehicle Configuration
1.Basic Configuration: Local diagnostic flashing only (no OTA)Full management audit; simplified vehicle testing (SWIN, upgrade package security). OTA-specific items (notification, power, door lock) are exempt.
2.Mid Configuration: OTA for partial powertrain/chassis ECUsFull management audit + complete vehicle testing; depth depends on ECU count and domains.
3.High Complexity: Full-vehicle OTA, multi-domain controllers, advanced ADASFull testing with increased depth for rollback, HMI interaction, and power assurance.
BLUEASIA has years of expertise in automotive cybersecurity and software upgrade compliance, providing full-process GB 44496 services with transparent pricing. For consultation, contact BLUEASIA certification advisor: +86 13534225140.
Related News
