Press Release
DEKRA Taiwan Becomes the First MOTC Recognized Testing Laboratory for VSTD 96/97 and Supports Industry Readiness for Taiwan’s 2028 Vehicle Cybersecurity Requirements
Mar 03, 2026In response to growing cybersecurity risks driven by vehicle connectivity and over the air (OTA) software updates, Taiwan’s Ministry of Transportation and Communications (MOTC) has introduced new requirements under the Vehicle Safety Testing Directions (VSTD) Items 96 and 97. The requirements establish compliance expectations for vehicle cybersecurity and software update management.
DEKRA Taiwan announced that it has been officially recognized by the MOTC and announced by the Vehicle Safety Certification Center (VSCC) as the first testing laboratory in Taiwan authorized to conduct VSTD Item 96 and 97 assessments and testing. This milestone strengthens local testing capacity for OEMs and the automotive supply chain, helping reduce cybersecurity risks while streamlining compliance preparation for new vehicle launches.
According to the MOTC implementation plan, VSTD 96/97 will be rolled out in phases starting in 2028, applying first to new vehicle types and expanding to all vehicle models from 2030. For manufacturers, this is more than a regulatory update. It signals a shift toward lifecycle governance. From design and development through deployment and maintenance, companies will need robust cybersecurity and software update management processes, supported by auditable evidence and documentation, to meet regulatory expectations and protect launch timelines.
VSTD 96/97 are aligned with UN Regulation No. 155 and No. 156 and address two core areas. VSTD 96 focuses on vehicle cybersecurity and the Cybersecurity Management System (CSMS), emphasizing risk identification, governance, and continuous improvement. VSTD 97 focuses on software updates and the Software Update Management System (SUMS), covering the management of software updates, including OTA, and requiring controls such as authentication, integrity protection, anti-tampering measures, and version management. Together, these requirements help manufacturers strengthen vehicle protection, reduce exposure to unauthorized changes, and mitigate supply chain threats.
“UN R155 and UN R156 have become a common language for vehicle cybersecurity and software update governance worldwide,” said Elio Sun, General Manager of Product Testing for DEKRA Taiwan. “To meet both European requirements and Taiwan’s local framework, we recommend building CSMS and SUMS capabilities based on international standards such as ISO/SAE 21434 and ISO 24089, then mapping them to the core structure of UN R155/R156 while incorporating the local VSTD 96/97 review and verification requirements. This helps reduce rework and accelerate type approval and production ramp up.”
With the 2028 compliance timeline approaching, DEKRA encourages OEMs and suppliers to begin planning early and to move cybersecurity and software update governance upstream into system architecture decisions and supply chain collaboration.
As a global leader in testing, inspection and certification (TIC), DEKRA provides comprehensive support across international standards including ISO/SAE 21434, ISO 24089, ISO 26262, ISO 21448, and ISO 8800. DEKRA also supports compliance and verification for UN R155/R156 and VSTD 96/97 and extends services to Automotive SPICE, TISAX, and ISO 27001. DEKRA combines local execution with global expertise to help industry partners advance toward smart mobility and a world class automotive supply chain.