Stronger cybersecurity secures overseas market access
Deloitte China assisted a large state-owned automaker to enter the European market by improving technology, strengthening cybersecurity management and protection. This not only met regulatory requirements for automotive exports but also enhanced the client’s brand image, strengthen cybersecurity capabilities and systems, and increased consumer trust in its products.
The situation
The client is a large state-owned automaker with three major product lines covering passenger vehicles, commercial vehicles, and new energy vehicles. It has a long-standing presence in the domestic market. As its capabilities grew and matured, the automaker sought new business growth opportunities by setting its sights on the European market, aiming to enhance its competitive advantages through globalization. Against the backdrop of increasingly stringent European regulations, the automaker aimed to expand its export scale and seek breakthroughs in market access to fully engage in global automotive competition.
The intelligent connected vehicles manufactured by the automaker incorporate cutting-edge information and communication technologies, enabling intelligent information exchange and sharing between cars, roads, people, and the cloud. In recent years, European transport authorities have implemented stricter entry criteria for automakers selling vehicles in Europe. The UNECE R155 Vehicle Cybersecurity Regulation and UNECE R156 Software Update Regulation are two key regulations, both released by the WP.29 working group under the Sustainable Transport Systems division of the United Nations Economic Commission for Europe (UNECE). The regulations mandate that automakers prioritize vehicle cybersecurity and develop robust cybersecurity capabilities. Failure to comply with these requirements and to pass the certification for these two regulations result in being denied market access permissions. The automakers top priority was to effectively establish its own cybersecurity capabilities to meet the requirements of European transportation authorities and pass regulatory certification while meeting the timelines and objectives of its business strategy.
To support the automaker's cyber security compliance, Deloitte offers specialized services centered on a "Three-step Strategy" to enhance its cyber security capabilities and achieve market access.
The solution
Step 1: Top-level planning at Group level
Deloitte China developed a unified security framework integrating multiple regulatory requirements, including UNECE R155 and UNECE R156. By building a system compliant with all cybersecurity regulations, Deloitte ensures rapid and effective application across the automaker’s three major product lines, reducing costs and improving efficiency.
Step 2: Implementation across passenger vehicles, commercial vehicles, and new energy vehicles
To comply with the Group's unified cybersecurity regulatory framework, Deloitte China helped to establish an organizational structure applicable to passenger vehicles, commercial vehicles, and new energy vehicles, further refining cybersecurity workflows. After completing the system design, Deloitte provided mentorship and guidance to assist each product line's cybersecurity engineering, enhancing overall cybersecurity capabilities.
Step 3: Cybersecurity inspection
Deloitte China, based on the WP.29 UNECE R155 and UNECE R156 regulations and the corresponding ISO 21434 and ISO 24089 standards – and informed by the automaker’s cybersecurity requirements and systems of various product lines – collaborated on cybersecurity inspections. This helped the automaker's departments and teams deeply understand the key points of and how to comply with the regulations, ensuring each product line could undergo audits by the Ministry of Transport and obtain R155 and R156 regulation certifications.
With the assistance of Deloitte China, the large state-owned automaker continuously improved its technology, strengthened cybersecurity management, and enhanced protective measures. As a result, it not only met the overseas automotive export regulations but also bolstered its brand image, reinforced its corporate cybersecurity capabilities and systems, and gained greater consumer trust. Consequently, the automaker achieved outstanding performance in overseas markets. In 2023, its exports contributed to making China the world's largest automotive exporter, laying a solid foundation for further advances in national industrialization.
The impact
Clients' recognition of Deloitte China has four key aspects. First, Deloitte China consistently adheres to a client-centric approach, gaining deep insights into each client’s need and providing customized cybersecurity solutions for its specific requirements. This fosters trust and loyalty. Second, Deloitte China boasts highly skilled professionals who have accumulated extensive experience in automotive cybersecurity, coupled with advanced technical expertise, earning widespread acknowledgment from clients. Third, Deloitte China emphasizes teamwork, assembling efficient and collaborative cybersecurity teams to tackle automotive cybersecurity challenges with a strong sense of responsibility and mission, garnering respect from clients. Fourth, Deloitte China continually innovates in cybersecurity, addressing challenges and delivering cutting-edge, effective solutions that earn accolades from clients. Building on these strengths, we have achieved remarkable accomplishments in cybersecurity, securing extensive praise and recognition from clients worldwide.
