Shin Li, Staff Threat Researcher, Automotive
For decades, emissions compliance focused on chemistry, not code. But as modern vehicles evolved into software-defined machines, so did the methods for manipulating them. Euro 7, the European Union’s upcoming regulation for emissions and durability, makes this explicit by directly linking environmental integrity to cybersecurity.
Introduction
According to the EU-funded research from the DIAS project, an estimated four to six million Euro 6/VI vehicles potentially faced tampering issues in 2022. Meanwhile, VicOne’s own threat intelligence scans registered almost 200 online discussions per day in 2024 involving after-treatment system (ATS) manipulation. These ranged from unauthorized engine control unit (ECU) reflashing to the use of CAN bus emulators — attacks that effectively erase years of progress toward cleaner air.
Euro 7 acknowledges this tampering reality and represents a significant policy pivot. Beyond introducing stricter limit values and longer durability mileage, it embeds mandatory anti-tampering and cybersecurity layers.
In Article 16 of Euro 7's official implementing regulation, manufacturers must ensure that vehicles meet the emission type-approval obligations defined in Annex XIV. This annex aligns Euro 7 with United Nations Economic Commission for Europe (UNECE) Regulation No. 155 (UN R155), adapting its Cybersecurity Management System (CSMS) and its Threat Analysis and Risk Assessment (TARA) framework specifically to enable rapid detection of manipulation and maintain environmental conformity.
Euro 7 and UN R155
While UN R155 was designed to ensure cybersecurity across vehicle systems, Euro 7 adapts its principles to focus on environmental objectives. To meet this new regulation, manufacturers must:
1. Minimize vulnerabilities through a tailored TARA aligned with UN R155 Annex 5.
2. Harden emission-critical ECUs, such as on-board monitors (OBM), on-board diagnostics (OBD), on-board fuel and energy consumption monitoring devices (OBFCM), dosing systems, and battery-management systems, that report state of health (SOH).;
3. Maintain continuous detection and response mechanisms capable of identifying cyberthreats in real time, and,
4. Record residual risks within the CSMS portfolio submitted for type approval.
Under R155, risk acceptability is determined before type approval using an OEM-defined matrix that weighs likelihood and impact across eight generic categories. Euro 7 replaces this with an authority-driven, post-approval decision, based on environmental impact and diagnostic system response to test attacks. Data integrity breaches to emission-relevant assets are a binary condition for market acceptance, not just one of several impact categories.
| Dimension | UNECE R155 | Euro 7 Annex XIV |
|---|---|---|
| Impact axis | Eight generic categories (safety, data breach, performance, etc.) | Binary, environment-centric judgement: insignificant vs significant impact on Euro 7 aims (real-world emissions, battery durability) |
| Pass/fail logic | Car manufacturers (OEMs) determine acceptability through their internal risk matrix before type approval. | Authorities decide after controlled test attacks, based on OBM/OBD reaction (malfunction indicator lamp and tampering) |
| Data integrity focus | Data integrity breach is one of several impact examples. | Data systems in Art 4 (7) (OBM, OBFCM, odometer, battery SOH) are explicit assets; any unflagged modification triggers follow-up or fail. |
Table 1. Methodological differences between UN R155 and Euro 7 Annex XIV
These methodological differences are reinforced in Euro 7’s, official implementing regulation. It reframes UN R155’s TARA as an outcome-based gatekeeper for environmental compliance, adding boundary conditions that guide how manufacturers must design their mitigation strategies.
| Regulatory Shift | Euro 7 Implementation and Implication |
|---|---|
| Outcome-based enforcement | Risk acceptability is decided after authority-run attack tests, replacing the OEM’s pre-type-approval matrix and tying compliance to real-world emissions behavior. |
| Explicit asset definition | Article 4(7) lists emission-critical data systems (OBM, OBFCM, odometer, battery SOH); tampering with any of them triggers immediate compliance action. |
| Binary impact metric | UN R155’s eight-class impact scale is reduced to a significant/insignificant dichotomy based on measured emission deltas, aligning cybersecurity impacts with environmental intent. |
| Prescriptive market surveillance | Annex XIV provides boundary-test protocols and a Pass/Follow-up/Fail decision tree, harmonizing post-market controls across all Member States. |
Table 2. Table 2. Regulatory boundary conditions defined by Euro 7's implementing regulation
A practical path to compliance
Our analysis of Euro 7’s implementation regulation shows that its requirements can be met through minimal, strategic updates to existing UN R155 frameworks rather than full replacement. To support this, we propose a Three-Tier Trust-Boundary model, a practical way of grouping ATS assets according to the level of protection they require, while preserving the core UN R155 process.
| Tier | Example Components | Mechanisms | Euro 7 Value |
|---|---|---|---|
| T1 – HSM Zone | OBM, OBFCM, OBD, secure gateway | Secure boot, signed over-the-air (OTA) updates, TLS 1.3/DTLS | Meets Annex XIV Table 4.3 “system integrity” and enables kilometer-level tamper detection |
| T2 – Auth+ Plausibility | High-impact ATS ECUs (engine, dosing, EGR) | 8-byte Slim-MAC, rolling counters, firmware-hash check | Fulfills Table 4.1 message-authentication requirements at a fraction of full-HSM cost |
| T3 – Behavior Detection | Passive sensors, exhaust back-pressure, lambda (λ), NOx | OBM-embedded ML/heuristics correlating 26 signals | Flags anomalies within Euro 7’s <10 km threshold for ΔEmis > 2.5× |
Table 3. Proposed Three-Tier Trust-Boundary Model
This proposed differentiated TARA introduces two refinements required by Euro 7:
- Impact mapping. Likelihood continues to follow the ISO 21434 matrix, but the impact axis is translated into Euro 7’s binary environmental scale (significant vs. insignificant) before determining residual risk.
- Proportionate controls. A mitigation is accepted when the resulting scenario is classified as “Pass” or “Follow-up” under Annex XIV § 3.3.3. This rule supports cost-effective staged deployment across short- and medium-term horizons.
To validate this model, we applied it to a widely sold Euro VI heavy-duty truck using open-source architectural information while keeping the original ATS intact. The initial assessment produced the following results:
| Evaluation Metric | Result |
|---|---|
| Threat-mitigation sufficiency | All 45 high-impact attack scenarios in UN R155 Annex 5 were downgraded to Accept or Follow-up; none exceeded the ceiling in Euro 7 Annex XIV § 3.3.3 ceiling. |
| Implementation footprint | Tier-1 cryptography is limited to the existing secure gateway and OBM. Slim-MAC and firmware-hash checks at Tier 2 keep the incremental BOM below ≈ approximately €20 per vehicle (assuming component reuse). |
| Traceability | Every control is mapped to a specific CSMS clause, maintaining full audit continuity for future Euro VII upgrades. |
Table 4. Evaluation results for the Euro VI reference truck
These preliminary findings demonstrate that our proposed differentiated TARA can be executed on a legacy Euro VI platform while fully satisfying the outcome-based criteria — all without wholesale hardware replacement.
Conclusion
Euro 7 turns emissions compliance into a cybersecurity challenge by making the integrity of after-treatment systems a regulatory gatekeeper for market access. Our study shows that manufacturers do not need radical hardware overhauls to meet this regulation. By reframing UN R155’s TARA around Euro 7’s outcome-based, environment-centric criteria and applying our proposed Three-Tier Trust-Boundary, we demonstrated that all high-impact threats on a legacy Euro VI heavy-duty truck can be reduced to “Pass” or “Follow-up” status with an incremental bill of materials of approximately €20 per vehicle.
This differentiated TARA offers a practical path to compliance, proving that Euro 7’s stringent cybersecurity mandates can be satisfied efficiently and economically by strategically extending existing UN R155 frameworks. With the right architecture, environmental integrity and cost-effectiveness need not be mutually exclusive — they reinforce each other.
