Commercial AV Deployment Has Started. Independent Security Assurance Cannot Wait

Commercial Autonomous Vehicles pilots in spring 2026. UN R155 mandatory for new vehicle types: January 2026. SecurLab is available now before the queue forms.

“The vendors who act now go into the mandate with a current assurance output — not a queue position”

Commercial self-driving vehicle pilots begin on England's roads in Spring 2026. UN R155 cybersecurity compliance is mandatory for new vehicle types from January 2026. The technology vendors supplying these vehicles need independent assurance of their security posture.

A cyber attack on a robotics system is not a data breach, it's a physical event.

In Autonomous Vehicles, a cybersecurity failure is also a safety failure.

A compromised OTA update, a manipulated sensor feed, an attack on a fleet management platform these are not IT incidents. They affect passengers, pedestrians, and public safety. Regulators, insurers, and fleet operators are requiring independent evidence of cybersecurity posture. Vendor self-assessment is not sufficient.

What your clients are asking

Before we deploy your technology in our vehicles, we need independent evidence of its cybersecurity posture. What can you provide?

Fleet operators, enterprise mobility buyers, and government transport authorities are asking this question as commercial deployment begins. Independent CRTF assessment provides the structured, credible output they are looking for.

What Our Product Assessment Covers

Vehicle Control Security

Software stack integrity

Control system assurance

OTA Update Mechanism

Update pathway security

Version integrity controls

Sensor & Data Integrity

Input validation

Data manipulation resistance

Fleet Management Platform

Backend security

API controls

Access management

V2X and Connectivity

Communication security

Infrastructure interface risk

Supply Chain Assurance

Component provenance

Third-party software risk

The Timeline You Need to Know

Jan 2026

UN R155 mandatory for all new vehicle types in GB type approval.

Spring 2026

Commercial AV pilots begin on England's roads without safety drivers.

2026–27

Secondary legislation under the Automated Vehicles Act finalises supply chain security obligations.

Jan 2028

UN R155 effective for all vehicles. Full cybersecurity management system required.

WHY SECURLAB?

FULL ACCREDITATION STACK

ISO 17020 (Pending) | ISO 27001 | ISO 9001 | CE+

The most comprehensive assurance credential set available from an independent specialist.

INDEPENDENT

We do not consult for the clients we assess.

Our output is credible because our independence is structural, not claimed.

NCSC-LISTED CRTF

One of the only independent specialist CRTFs in the UK.

Listed on the NCSC website — the credential procurement teams recognise.

FASTER AND CLEARER

Workflow platform reduces delivery time without reducing quality.

You know what we are assessing, what evidence we need, and what the output will look like.

FAQs

  • UN R155 requires manufacturers to implement and maintain a Cybersecurity Management System and demonstrate cybersecurity compliance across the vehicle lifecycle. Independent CRTF assessment provides structured, evidence-based verification of your system's security posture directly supporting UN R155 demonstration obligations.

  • Yes. UN R155 and UK secondary legislation under the Automated Vehicles Act apply to the entire AV supply chain, including software stack developers, sensor manufacturers, fleet management platform providers, and V2X system operators. Your software is part of the vehicle's attack surface.

  • Yes. UN R155 applies to all new vehicle types seeking GB type approval regardless of manufacturer nationality. If your technology is deployed in vehicles on UK roads, your UK responsible person must demonstrate compliance with applicable cybersecurity requirements.

  • ISO/SAE 21434 defines the automotive cybersecurity engineering framework. CRTF assessment provides independent assurance that your product's security posture meets the outcomes that framework is designed to achieve. We can map our assessment findings to ISO/SAE 21434 controls on request.

  • Yes. Our methodology is principles-based, we assess security outcomes, not specific technologies. Whether you develop AI-based perception systems, fleet management platforms, OTA update mechanisms, or V2X communication infrastructure, our assessment framework applies.