Ministry of Industry and Information Technology: Strengthening the management of intelligent networked automobile manufacturing enterprises and product access

　　Chinanews.com, August 12, according to the official WeChat "WeChat WeChat" news of the Ministry of Industry and Information Technology, the Ministry of Industry and Information Technology recently issued the "Opinions on Strengthening the Management of Intelligent Networked Automobile Manufacturers and Product Access" (below Referred to as the "Opinions"), it is required to strengthen the management of automobile data security, network security, software upgrades, functional safety and expected functional safety.

It clearly states that personal information and important data collected and generated during operations within the territory of the People's Republic of China should be stored in the territory in accordance with relevant laws and regulations.

If data needs to be provided abroad, it shall pass the data exit security assessment.

The "Opinions" propose to strengthen data and network security management, and to strengthen data security management capabilities.

Enterprises should establish and improve automobile data security management systems, perform data security protection obligations in accordance with the law, and clarify responsible departments and persons in charge.

Establish a data asset management ledger, implement data classification and hierarchical management, and strengthen the protection of personal information and important data.

Establish data security protection technical measures to ensure that data continues to be in a state of effective protection and legal use, and implement data security risk assessment and data security incident reporting requirements in accordance with laws and regulations.

Personal information and important data collected and generated during operations within the territory of the People's Republic of China shall be stored in the territory in accordance with relevant laws and regulations.

If data needs to be provided abroad, it shall pass the data exit security assessment.

　　At the same time, it is necessary to strengthen network security assurance capabilities.

Enterprises should establish an automobile network security management system, implement the network security level protection system and the management requirements for real-name registration of car networking cards in accordance with the law, and clarify the responsible department and person in charge of the network security.

Possess technical measures to protect automotive electronic and electrical systems, components and functions from cyber threats, and have technical conditions for the detection and disposal of automotive cybersecurity risk monitoring, cybersecurity defects and vulnerabilities, to ensure that the vehicle and its functions are in a protected state, and to protect the vehicle safe operation.

Implement network security incident reporting and handling requirements in accordance with laws and regulations.

　　The "Opinions" require that online software upgrades be regulated, and corporate management capabilities must be strengthened. If companies produce automotive products with online upgrade (also known as OTA upgrade) functions, they should establish management capabilities that are compatible with automotive products and upgrade activities, and have online upgrade security. Impact assessment, test verification, implementation process assurance, information recording and other capabilities to ensure that the vehicle is in a safe state during online upgrades, and inform vehicle users of the purpose, content, required duration, precautions, upgrade results and other information of the online upgrade.

　　At the same time, ensure the consistency of product production.

Before implementing online upgrade activities, enterprises should ensure that their automobile products comply with relevant national laws and regulations, technical standards and technical specifications and file with the Ministry of Industry and Information Technology. Those involving changes in technical parameters such as safety, energy saving, environmental protection, and anti-theft should be reported to the industry in advance. Declared with the Ministry of Information Technology to ensure the consistency of automotive product production.

Without approval, it is not allowed to add or update auto-driving functions of vehicles through online software upgrades.

　　The "Opinions" propose to strengthen product management, including strictly fulfilling the obligation of notification.

If an enterprise produces automobile products with driving assistance and automatic driving functions, it shall clearly inform the vehicle function and performance restrictions, driver's responsibilities, human-computer interaction equipment instructions, function activation and exit methods and conditions and other information.

　　It is necessary to strengthen the safety management of products with combined driving assistance functions.

Enterprises that produce automotive products with combined driving assistance functions should take technical measures such as hands-off detection to ensure that drivers are always performing corresponding dynamic driving tasks.

The combined driving assistance function means that the driving automation system continuously executes the lateral and longitudinal motion control of the vehicle under its designed operating conditions, and has the corresponding target and event detection and response capabilities.

　　It is necessary to strengthen the safety management of autonomous driving function products.

If an enterprise produces auto products with autonomous driving functions, it should ensure that the auto products meet at least the following requirements:

　　1. It should be able to automatically identify the failure of the autopilot system and whether it continues to meet the design operating conditions, and take risk mitigation measures to achieve the minimum risk state.

　　2. It shall have the function of human-computer interaction and display the operating status of the automatic driving system.

If the driver is required to perform dynamic driving tasks under certain conditions, it shall have the function of recognizing the ability of the driver to perform dynamic driving tasks.

Vehicles should be able to interact with other road users by reasonably using light signals, sounds, and other methods in accordance with laws and regulations.

　　3. It shall have an event data recording system and an automatic driving data recording system to meet relevant functional, performance and safety requirements for accident reconstruction, responsibility determination and cause analysis, etc.

Among them, the data recorded by the automatic driving data recording system should include basic vehicle and system information, vehicle status and dynamic information, automatic driving system operation information, driving environment information, driver and passenger operation and status information, fault information, etc.

　　4. It shall meet the process assurance requirements of functional safety, expected functional safety, network security, etc., as well as the test requirements of simulation, closed site, actual road, network security, software upgrade, data recording, etc., to avoid the foreseeable occurrence of vehicles in the design operating conditions And preventable safety accidents.

　　At the same time, it is necessary to ensure reliable spatio-temporal information services.

Enterprises should ensure that automotive products have safe and reliable satellite positioning and timing functions, can effectively provide information such as location, speed, and time, and should meet relevant requirements, and encourage support for receiving Beidou satellite navigation system signals.

　　In terms of safeguard measures, the "Opinions" proposed to establish a self-inspection mechanism.

Enterprises should strengthen self-examination and find that there are serious problems in data security, network security, online upgrade safety, driving assistance and autonomous driving safety in the production and sales of automotive products, they should immediately stop the production and sales of related products in accordance with laws and regulations, and take measures Carry out rectification and timely report to the Ministry of Industry and Information Technology and the local industry, information technology, and telecommunications authorities.

　　Strengthen supervision and implementation.

The Ministry of Industry and Information Technology guides relevant agencies to do a good job in the technical review of intelligent networked automobile manufacturers and product access.

The competent departments of industry, information technology, and telecommunications in various regions shall coordinate with relevant departments to supervise and inspect the implementation of this opinion in accordance with the relevant requirements of the "Measures for the Administration of Road Motor Vehicle Manufacturers and Product Access".

　　Consolidate basic capabilities.

The Ministry of Industry and Information Technology, together with relevant departments and enterprises in various regions, further improves the construction of the intelligent networked vehicle standard system, and accelerates the development and revision of standards and specifications for vehicle data security, network security, online upgrades, driver assistance, and autonomous driving.

Encourage third-party service organizations and enterprises to strengthen related testing and verification and inspection and testing capabilities, and continuously improve the technology and network security and data security of intelligent networked vehicles.