With the rapid development of connected cars and remote information processing systems, network security has become an indispensable requirement. Driven by European regulations such as the Cyber Resilience Act (CRA) and the Radio Equipment Directive Authorization Act (RED DA), people's expectations are very clear: remote information processing devices must be designed to be secure.
The remote information processing product portfolio of iWave, including TCU (Figure 1), gateway, and data logger, is designed based on network security. Each solution utilizes powerful technologies and process oriented control measures that comply with global and EU regulations, including ISO/SAE 21434, ISO 24089, UN R155, UN R156, CRA, RED DA, and EN 18031 series. Adhering to these frameworks is not only crucial for compliance, but also for building trust and entering regulated markets.
Figure 1: A typical iWave G26 remote information processing control device. (Image source: iWave)
Key standards for shaping remote information processing security
ISO/SAE 21434 (Road Vehicles - Cybersecurity Engineering):
Establish a structured security design and development process. It requires a comprehensive threat analysis and risk assessment (TARA) to identify vulnerabilities in communication protocols, cloud integration, and firmware updates. Validation includes extensive penetration testing and simulation of remote and physical attack vectors, covering the entire lifecycle of remote information processing devices.
UN R155 (Network Security Management System - CSMS):
UN R155 was published by UN ECE WP.29 as part of type approval, requiring vehicles to comply with network security management system standards. It references the ISO/SAE 21434 standard to ensure that processes such as TARA and penetration testing are embedded into the engineering workflow. The demonstration of compliance with ISO/SAE 21434 standard is the primary method for demonstrating compliance with UN R155 standard.
UN R156 (Software Update Management System - SUMS):
Focus on secure and traceable software updates. IWave devices have implemented secure boot and encrypted boot with the support of hardware security components, ensuring that OTA updates comply with the integrity and authenticity requirements of UN R156.
ISO 24089 (Software Update Engineering):
Complementing UN R156, it provides a detailed introduction to the safe and reliable software update process throughout the entire vehicle lifecycle, including authenticity recognition, delivery mechanism, integrity, and traceability.
EU Cyber Resilience Act (CRA):
This bill applies to all digital products, including remote information processing systems, and requires security to be ensured throughout the entire product lifecycle. The security features of iWave are consistent with CRA's lifecycle transparency and vulnerability protection goals.
The EU RED Authorization Act (RED DA) and EN 18031 standard:
Since August 2025, RED DA has mandated the implementation of network security protection for radio equipment connected to the Internet. The EN 18031 series has detailed requirements for this:
EN 18031-1- Network Protection: Preventing devices from damaging communication networks. IWave achieves compliance through efficient communication protocols, TLS 1.3 based encryption measures, and powerful error handling capabilities.
EN 18031-2- User Data and Privacy Protection: Encrypt and protect personal data during storage and transmission to prevent unauthorized tracking, and implement strict identity verification and access control.

