GB 44495-2024 is a critical mandatory national standard for cybersecurity technical requirements for whole vehicles. Together with GB 44496-2024 ("General Technical Requirements for Vehicle Software Upgrades"), this certification ensures the security of Intelligent and Connected Vehicles (ICVs). Below, we outline the step-by-step process for applying for GB 44495 certification and the key details you need to know.
The GB 44495 certification process typically takes 6 to 12 months and involves four main stages:
Conduct Gap Analysis: Identify gaps between your current cybersecurity measures and the requirements of GB 44495.
Develop CSMS: Establish a Cybersecurity Management System (CSMS) covering the entire vehicle lifecycle.
Risk Assessment and Mitigation Plans: Complete a Threat Analysis and Risk Assessment (TARA) and implement risk mitigation strategies.
External Connection Security Testing: Ensure that external interfaces like USB, Bluetooth, and Wi-Fi are securely protected.
Communication Security Testing: Test the security of vehicle-to-vehicle (V2V) and vehicle-to-cloud (V2C) communication systems.
Software Update Security Testing: Verify that software updates (OTA) are secure and fail-safes are in place.
Data Security Testing: Test for vulnerabilities in data storage, transmission, and tampering protection, including sensitive personal information.
Submit Application: Prepare the necessary documentation and submit your application to an accredited certification body.
Undergo Audit: Certification bodies will review your documentation and test results, conducting audits to verify compliance.
Receive Certification: Upon successful approval, receive your GB 44495 certification.
Annual Surveillance Audits: After certification, your company must undergo annual audits to ensure continued compliance with the standard.
Production Consistency Inspections: Regular inspections ensure that your vehicle's security features remain effective throughout the production lifecycle.
Establish a CSMS that covers all stages of the vehicle's lifecycle, from design to production and post-production.
Complete the TARA report, identifying and addressing potential cybersecurity risks.
Ensure that the company is legally compliant with all regulations and has a valid credit record, avoiding listing as “seriously dishonest.”
Vehicles are tested for external connection security, communication security, software update security, and data security.
Focus on ensuring compliance with data protection regulations, including restrictions on transferring data overseas and safeguarding personal information.
Submit all required application materials, including technical documentation (assembly drawings, wiring diagrams, risk assessments, etc.).
After successful certification, prepare for annual surveillance audits to maintain your certification status.
GB 44495-2024 becomes mandatory on January 1, 2026 for newly applying vehicle types.
By January 1, 2027, all vehicle types with existing approval must comply with GB 44495 certification.
The central requirement is establishing a CSMS covering the full vehicle lifecycle.
Certification also requires compliance with related standards such as GB 44496-2024, which governs vehicle software upgrades.
Required documents include:
Company Proof: Business License or legal entity documents.
Technical Drawings: General assembly, electrical schematics, and wiring diagrams.
CSMS Documentation: A comprehensive Cybersecurity Management System Manual and supporting procedure files.
Risk Assessment Report: Threat and risk analysis reports (TARA).
Test Reports: Verification of data security, external connection security, and other technical tests.
Consult your chosen certification body for any additional document requirements specific to your vehicle type.
The preparation stage, especially building the CSMS and completing the TARA, can take significant time. Begin preparations at least 18 months in advance to ensure timely certification.
GB 44495 should be used in conjunction with related standards such as GB 44496-2024 for software upgrades, and GB 44497-2024 for data recording systems in automated driving vehicles.
Certification bodies designated by the CNCA (China National Certification and Accreditation Administration) will manage the process. Make sure you choose an accredited body that suits your vehicle category.
If you're looking for expert guidance through the GB 44495 certification process, Blueasia Technology provides professional consulting services to streamline your journey:
Pre-certification advice to help you understand requirements.
System preparation support, including CSMS development and risk assessment.
Testing coordination and documentation assistance for a smooth application.
Ongoing support through surveillance audits and compliance checks.
Contact Blueasia Technology:
Phone: +86 135 3422 5140
Email: king.guo@cblueasia.com
A1:
GB 44495-2024 is a mandatory cybersecurity standard for vehicles in China. It focuses on ensuring the security of intelligent and connected vehicles (ICVs) throughout their lifecycle, including data security, software updates, and external connection security.
A2:
All vehicle manufacturers who produce vehicles in China, including M, N, and O category vehicles with at least one Electronic Control Unit (ECU), must comply with the GB 44495 certification requirements.
A3:
Key documents include:
Company Qualification Documents: Business License, legal proof.
Technical Documents: Assembly drawings, schematics, wiring diagrams.
CSMS Documentation: Detailed management manual and process files.
Risk Assessment Report (TARA).
Test Reports: From accredited labs, covering data security and other tests.
A4:
The certification becomes mandatory on January 1, 2026 for newly applying vehicle types. By January 1, 2027, existing vehicle types must comply.
A5:
The entire certification process typically takes 6-12 months, depending on the complexity of the vehicle and the preparation time for documents and systems.
A6:
Blueasia Technology offers end-to-end support for GB 44495 certification, including:
Pre-certification advice and planning.
CSMS setup and risk assessment.
Testing coordination and documentation preparation.
Ongoing surveillance audits and compliance checks.
Related News
