GB 44495-2024, titled "Cybersecurity Technical Requirements for Whole Vehicles," is a mandatory national standard in China that applies to Intelligent and Connected Vehicles (ICVs). This standard, developed by the Ministry of Industry and Information Technology (MIIT) and issued by the State Administration for Market Regulation (SAMR) and the Standardization Administration of China (SAC), will take effect on January 1, 2026.
This regulation establishes clear requirements for ensuring that vehicles are cyber-secure throughout their lifecycle, from development to post-production.
The GB 44495 standard aims to create a robust cybersecurity framework for vehicles. It focuses on both management systems and technical safeguards to ensure comprehensive protection against cyber threats.
Definition: Automakers must implement a CSMS that covers the entire lifecycle of the vehicle, from development through production and post-production.
Alignment: This is in line with UN R155 (Cybersecurity), which promotes a similar approach for vehicle manufacturers.
Automakers are required to implement the following technical safeguards:
External Connection Security
Secure wireless communication interfaces (e.g., Wi-Fi, Bluetooth) and data ports (e.g., USB, OBD-II) to prevent unauthorized access.
Communication Security
Authentication and encryption protocols for data exchanges between vehicles and external platforms (e.g., cloud services, other vehicles).
Software Update Security
Tamper-resistant Over-the-Air (SOTA) updates, including the integration of an Intrusion Detection and Prevention System (IDPS) to monitor and prevent unauthorized updates.
Data Security
Protection of critical vehicle data, with mechanisms in place to prevent unauthorized modification or tampering of key data (e.g., braking parameters) via OBD-II or other diagnostic tools.
GB 44495-2024 was designed with international standards in mind, particularly UN R155 and UN R156 (Software Updates). However, it incorporates specific Chinese requirements, such as:
Difference from UN R155: While UN R155 employs a CSMS type-approval approach, GB 44495 mandates both audits and 27 specific cybersecurity tests for each vehicle type, including stricter extension criteria for vehicle types.
The GB 44495 certification process is focused on verifying compliance with the outlined cybersecurity requirements. It involves the following stages:
The certification process places significant emphasis on testing to ensure compliance:
Data Security Testing: For example, tests might simulate an attempt to connect an unauthorized tool to the OBD-II port, trying to read and modify critical data like braking parameters to ensure access control and anti-tampering mechanisms are effective.
CSMS Establishment: Companies must first establish a Cybersecurity Management System (CSMS) and perform internal testing.
Testing: Submit vehicle samples for testing at an accredited institution.
Factory Inspections: Undergo factory inspections and audits as required.
Certification Approval: Once the testing and auditing process is complete, companies receive their GB 44495 certification.
The introduction of GB 44495-2024 will have a profound impact on the automotive sector:
From January 1, 2026, vehicles that fail to comply with GB 44495 will not be granted type approval and thus cannot be sold in the Chinese market.
Cybersecurity will transition from being an add-on feature to a core requirement integrated into the design and development of vehicles from the outset.
Compliance with GB 44495 not only enhances competitiveness in China but also aligns with international regulations, increasing the likelihood of successful export opportunities.
Adhering to GB 44495 certification provides several advantages:
Market Access: Compliance is essential for selling vehicles in China starting in 2026.
Improved Security: Ensures that vehicles are protected against cyber threats, protecting both consumers and manufacturers.
Global Competitiveness: Helps manufacturers align with international cybersecurity standards, making it easier to compete globally.
If you're looking to navigate the complexities of GB 44495 certification, BLUEASIA Technology offers expert certification consulting services. Our team can guide you through the process, ensuring that you meet all technical and compliance requirements.
Contact BLUEASIA Technology
Phone: +86 135 3422 5140
Email: king.guo@cblueasia.com
CMS Slug:
/news/what-is-gb44495-certification
Meta Title (≤60 characters):
Meta Description (≤160 characters):
Primary Keywords:
Secondary Keywords:
GB 44495 certification requirements, cybersecurity management system, vehicle data security, vehicle software update security, GB 44495 audit, automotive cybersecurity China
A1:
GB 44495-2024 is a mandatory national standard for vehicle cybersecurity in China, focusing on the development of a Cybersecurity Management System (CSMS) and the implementation of technical safeguards to protect vehicles against cyber threats.
A2:
Vehicles must comply with GB 44495 by January 1, 2026 to receive type approval and access the Chinese market.
A3:
The four key safeguards include:
External Connection Security
Communication Security
Software Update Security
Data Security
A4:
Start by establishing a Cybersecurity Management System (CSMS), conducting internal testing, and submitting your vehicle for third-party testing. Then, undergo the certification process with an accredited certification body.
A5:
It ensures that your vehicle meets cybersecurity standards, allowing you to sell your vehicles in China and enhancing your product's security and global competitiveness.
Related News
