iWave Telematics Solutions Aligned with International & EU Cybersecurity Standards

With the rapid expansion of connected automotive and telematics systems, cybersecurity has become a non-negotiable requirement. Driven by European regulations such as the Cyber Resilience Act (CRA) and the Radio Equipment Directive Delegated Act (RED DA), the expectation is clear: telematics devices must be secure by design.

iWave’s telematics portfolio including TCUs (Figure 1), gateways, and data loggers—has been engineered with cybersecurity as a foundation. Each solution incorporates strong technical and process-oriented controls aligned with global and EU regulations, including ISO/SAE 21434, ISO 24089, UNECE WP.29 (UN R155, UN R156), CRA, RED DA, and the EN 18031 series. Conformance to these frameworks is critical not only for compliance but also for building trust and gaining access to regulated markets.

Figure 1: Typical iWave G26 telematics control unit. (Image source: iWave)

Key Standards Shaping Telematics Security

1. ISO/SAE 21434 (Road Vehicles – Cybersecurity Engineering):
   Establishes a structured, security-by-design development process. It mandates comprehensive Threat Analysis and Risk Assessment (TARA) to identify vulnerabilities in communication protocols, cloud integration, and firmware updates. Validation includes extensive penetration testing and simulation of both remote and physical attack vectors, covering the entire lifecycle of telematics devices.
2. UN R155 (Cybersecurity Management System – CSMS):
   Issued by UNECE WP.29, UN R155 requires vehicles to comply with a Cybersecurity Management System as part of type approval. It references ISO/SAE 21434, ensuring that processes like TARA and penetration testing are embedded in engineering workflows. Demonstrating adherence to ISO/SAE 21434 is the principal method of showing compliance with UN R155.
3. UN R156 (Software Update Management System – SUMS):
   Focuses on secure, traceable software updates. iWave’s devices implement Secure Boot and Encrypted Boot, supported by hardware security elements, ensuring OTA updates meet the integrity and authenticity requirements of UN R156.
4. ISO 24089 (Software Update Engineering):
   Complements UN R156 by detailing processes for safe, reliable software updates across the vehicle lifecycle—covering authenticity, delivery mechanisms, integrity, and traceability.
5. EU Cyber Resilience Act (CRA):
   Applicable to all digital products, including telematics, the CRA requires security across the complete product lifecycle. iWave’s security features align with CRA’s goals of lifecycle transparency and protection against vulnerabilities.
6. EU RED Delegated Act (RED DA) and EN 18031 Standards:
   Effective from August 2025, RED DA mandates cybersecurity protections for internet-connected radio equipment. The EN 18031 series supports this with detailed requirements:
• EN 18031-1 – Network Protection: Prevents devices from harming communication networks. iWave achieves compliance through efficient communication protocols, TLS 1.3-based encryption, and robust error handling.
• EN 18031-2 – User Data & Privacy Protection: Secures personal data with encryption in storage and transmission, protects against unauthorized tracking, and enforces strong authentication and access controls.

How iWave Implements Compliance

Secure Boot: All iWave telematics products integrate secure boot technologies (Figure 2)—High Assurance Boot (HAB), Advanced HAB (AHAB), and cryptographically validated firmware loading—ensuring only trusted code runs at startup.

Figure 2: All of iWave’s telematics products, including the pictured G41 telematics gateways, integrate secure boot technologies. (Image source: iWave)

• Secure Storage: Sensitive data, including encryption keys and critical application information, is safeguarded with hardware-backed encrypted storage, maintaining confidentiality and integrity.
• Threat Analysis & Penetration Testing: Consistent with ISO/SAE 21434, iWave continuously performs TARA and in-depth penetration testing to uncover vulnerabilities and validate resilience against attacks.
• Authentication: Strong user and system authentication mechanisms prevent unauthorized access and reinforce telematics network integrity.
• AppArmor Access Control: By enforcing application-specific security profiles, iWave limits each program’s capabilities, reducing the attack surface and adhering to the principle of least privilege.

Conclusion

By embedding cybersecurity into design and development, and by adhering to international and EU regulations such as ISO/SAE 21434, UN R155, UN R156, ISO 24089, CRA, and RED DA, iWave’s telematics portfolio delivers resilient, regulation-ready solutions. With a combination of secure boot, encrypted storage, authentication, access control, and ongoing penetration testing, iWave ensures that its telematics systems provide the assurance required for connected vehicle applications in the European and global markets.