The GB 44495-2024 standard, titled "Cybersecurity Technical Requirements for Whole Vehicles," is a major mandatory national standard in China. It marks one of the first mandatory regulations for Intelligent and Connected Vehicles (ICVs) and applies alongside other important standards like GB 44496-2024 ("General Technical Requirements for Vehicle Software Upgrades") and GB 44497-2024 ("Data Recording System for Automated Driving of Intelligent and Connected Vehicles").
Issued by SAMR and SAC on August 23, 2024, the standard will take effect on January 1, 2026.
The GB 44495 standard focuses on developing a comprehensive cybersecurity protection system for vehicles throughout their entire lifecycle, with emphasis on two main pillars:
Manufacturers must establish a CSMS covering the entire vehicle lifecycle, including development, production, and post-production phases. This system requires key processes in the following areas:
Risk Management: Identifying, assessing, classifying, and addressing cybersecurity risks. It ensures ongoing updates and risk mitigation strategies.
Testing and Verification: Establishing processes for thorough vehicle cybersecurity testing.
Monitoring and Response: Setting up systems to monitor, respond to, and report cyberattacks, threats, and vulnerabilities in real-time.
Supply Chain Management: Managing cybersecurity risks and dependencies with contractors, service providers, and subsidiaries.
GB 44495-2024 sets up technical defenses in four key areas, with specific test items for each. Some core test areas include:
The standard outlines the following critical test items to ensure vehicle cybersecurity:
| Testing Area | Key Test Items | Test Method Example |
|---|---|---|
| External Connection Security | Wireless Interface Security, External Interface Protection | Testing security mechanisms of wireless and external interfaces. |
| Communication Security | Vehicle-to-Cloud Encryption, Vehicle-to-Vehicle Security | Verifying encryption and authentication mechanisms for communication protocols. |
| Software Update Security | OTA Integrity Check, Update Failure Handling | Ensuring the integrity and reliability of the software update process. |
| Data Security | Critical Data Anti-Tampering, Encrypted Data Storage | Verifying access controls and anti-tampering by attempting unauthorized data access (e.g., modifying brake parameters). |
Vehicles in categories M, N, and O with at least one Electronic Control Unit (ECU).
The certification process is split into two main categories:
System Certification: Auditing the manufacturer’s CSMS for lifecycle coverage and effective operation.
Vehicle Type Certification: Testing the vehicle itself against cybersecurity technical requirements to validate the implemented security measures.
GB 44495 provides criteria for "same type" determination to avoid unnecessary re-testing:
Direct Acceptance: If the E/E architecture, security measures, and core components are identical, the same certification can be applied to new vehicle models.
Acceptance After Supplementary Testing: If some vehicle parameters change but core architecture/security measures stay the same, only supplementary testing will be required for the altered parts.
The GB 44495 standard follows a clear timeline for implementation:
From January 1, 2026: Newly applying vehicle types must meet the cybersecurity requirements of GB 44495.
From January 1, 2028: Existing vehicle types with approval before this date must comply with the standard.
The GB 44495-2024 standard was developed in alignment with international cybersecurity regulations, such as UN R155. This coordination ensures that meeting GB 44495 certification requirements also lays a foundation for compliance with global cybersecurity standards.
Ensures Compliance: GB 44495 provides a national baseline for vehicle cybersecurity, enabling manufacturers to ensure their vehicles are protected against growing cybersecurity threats.
Improves Security: By adhering to the technical requirements outlined in the standard, manufacturers can build more secure vehicles with advanced cybersecurity measures.
Facilitates Global Compliance: The alignment with international regulations ensures that manufacturers’ products meet both national and international standards, opening up global markets.
Blueasia Technology offers expert consulting services to guide you through the GB 44495 certification process and ensure your vehicles meet all cybersecurity requirements. Our services include:
Pre-certification guidance
CSMS establishment support
Vehicle testing and verification
Compliance audits and document preparation
Contact Blueasia Technology:
Phone: +86 135 3422 5140
Email: king.guo@cblueasia.com
Q: What is the GB 44495 standard?
A: GB 44495-2024 is a Chinese national standard for cybersecurity in intelligent and connected vehicles (ICVs). It mandates that vehicles meet specific cybersecurity measures throughout their lifecycle.
Q: What does the certification process for GB 44495 entail?
A: The process involves verifying the manufacturer’s Cybersecurity Management System (CSMS) and ensuring the vehicle meets the technical requirements for cybersecurity, including external connection security, communication security, software update security, and data security.
Q: When will GB 44495 take effect?
A: The standard will be effective from January 1, 2026, for newly applying vehicle types, and from January 1, 2028 for existing vehicle types.
Q: How does GB 44495 align with international standards?
A: GB 44495-2024 was developed in coordination with international standards such as UN R155, ensuring that it supports global cybersecurity compliance for vehicle manufacturers.
Related News
