Deloitte – Evaluation of the WP.29 impact on automotive cyber security

Description of the company

Deloitte has more than 286,000 professionals at member firms delivering services in audit & assurance, tax, consulting, financial advisory, risk advisory and related services in more than 150 countries and territories. Revenues for fiscal year 2017 were US$38.8 billion. In our global business environment, the risk of cyber-attacks is increasing. Therefore, Deloitte Cyber Risk helps organizations to address these threats, minimizing risk while optimizing new business opportunities.


With new trends like autonomous driving and connected cars, todays cars get more and more complex. With this increasing complexity, the risks for cyber security incidents and attacks rise as well. As those cyber risks can also have an impact on car safety, it is crucial to comply with existing and future regulations in this field.

Vehicles, that are sold today, have to meet country specific regulations and to register a car both the vehicle and the components have to be approved for the specific country. The different regulations and approval procedures often require additional testing and design modifications to get the approval. To simplify this process and to reduce international trade barriers, the United Nations Economic Commission for Europe (UNECE) established the “World Forum for Harmonization of Vehicle Regulations (WP.29), with the objective to initiate and pursue actions for the worldwide harmonization of technical regulations for vehicles.  The WP.29 contains several subgroups, which assist in researching analyzing and developing requirements for technical regulations in the areas of their individual expertise. The WP.29 working party on Automated/Autonomous and Connected Vehicles has established a UN Task Force for Cyber security and over the air issues. This task force has released a draft, which is currently being evaluated before its regulations are translated to national law and come into force.



  • Automotive manufacturers need to prepare themselves even though the standard is still in evaluation
  • Besides a few concrete points, the wording of the requirements is held so general that it cannot be used as a direct course of action for implementation
  • Cars are very complex products and the manufacturers depend on a wide range of suppliers. Those supplier relationships and processes also have to be assessed and modified according to the regulation where necessary
  • The UNECE regulation affects the cars entire lifecycle from development till scrapping
  • If automotive manufactures do not comply with the requirements until the end of a transitional period, their new cars will not be able to get the obligatory type approval and therefore not be allowed to be sold

Aims of the project

In this project, the impact of the WP.29 on the automotive industry and cyber security in cars should be analyzed.


  • How can automotive manufacturers prepare themselves even though the Standard is still in evaluation?
  • How can companies collaborate with suppliers on the upcoming changes?
  • How can the WP.29 requirements be integrated in the entire product lifecycle?
  • Propose a cyber-security strategy for the automotive industry to comply with the WP.29 regulations

Target group (students)

All Bachelor and Master students with strong interest in cyber security.


Please reserve these dates: Fishing for Experience Termine