Transform-R Rückblick (Transform-R) Cluster Mobility & Logistics Rückblick (Cluster Mobility & Logistics)

From Development to the Aftermarket: Why Automotive Security Is Becoming an Ongoing Challenge

07/16/2026

Review: Automotive & Mobility Security Forum 2026

How can software-defined vehicles not only be developed and certified safely, but also operated and updated safely over many years, and responsibly repurposed at the end of their lifecycle? The Automotive & Mobility Security Forum, hosted by the Cluster Mobility & Logistics’ project transform.r at TechBase Regensburg on July 15, 2026, addressed this question. Following opening remarks by Anne Häner, project manager at the Cluster Mobility & Logistics, André Koos, CEO of KooSys GmbH, provided a technical introduction to the topic with his keynote presentation titled “From Prototype to Approval: What Automotive Security Means in Reality.” In the subsequent workshop, participants identified the issues currently on their minds. 
 

A key insight from the forum was that cybersecurity is no longer an isolated IT issue. It is increasingly becoming a prerequisite for market access, regulatory compliance, customer trust, and the long-term economic viability of modern mobility solutions. Given the requirements of UN R155, UN R156, and the Cyber Resilience Act, security aspects must be taken into account early in the development phases and verifiably maintained throughout a vehicle’s entire service life.

There was particularly intense discussion on how security can be ensured throughout a vehicle’s entire lifecycle. While cybersecurity in the past often focused on development and certification, today the emphasis is shifting to lifetime monitoring, over-the-air updates, and the continuous management of new vulnerabilities. Participants agreed that security responsibility does not end with the sale of the vehicle. Rather, the ability to identify and address risks even years after the vehicle is put into service is becoming a critical success factor.

Another key topic was the Software Bill of Materials (SBOM). It provides transparency regarding the software and open-source components used and forms the basis for effective vulnerability management. New security vulnerabilities can only be quickly assessed and remedied if it is known exactly which software has actually been installed in a vehicle. Against this backdrop, SBOMs were highlighted as a key building block for the future of software-defined vehicles and connected mobility systems.

Furthermore, the discussion clearly demonstrated that cybersecurity can only be implemented collaboratively across the entire supply and value chain. OEMs, suppliers, software providers, cloud operators, and other partners are increasingly dependent on one another. Clear responsibilities, common standards, transparent documentation, and an open exchange of information regarding risks and vulnerabilities were identified as key prerequisites for greater resilience. Responsibility for security does not end at corporate boundaries but extends across the entire ecosystem.

Special attention was also given to the end-of-life phase of vehicles and components. What was previously often viewed as a secondary task is increasingly becoming a strategic issue. The secure deletion of keys, certificates, and user data is not only relevant from a regulatory standpoint but also influences the reusability of components in the aftermarket. Cybersecurity thus becomes both a cost factor and an enabler for the circular economy, sustainability, and new business models centered on remanufacturing and reuse.

The greatest challenges identified were the increasing complexity of networked systems, a lack of standardization, the high costs associated with continuous monitoring, and the growing dynamism of new threats. At the same time, the use of artificial intelligence opens up new possibilities for analyzing large volumes of data, detecting attack patterns, and automating security-related processes. However, it remains crucial to embed technological innovations within clear processes and lines of responsibility. 

It was striking that the fundamental necessity of cybersecurity was hardly up for debate anymore. Rather, there was consensus that security requirements are now an integral part of modern vehicle and mobility development. The greater concern centered on how companies can maintain their innovative strength and competitiveness under current macroeconomic and geopolitical conditions, given growing regulatory requirements, global competitive dynamics, and technological upheavals.

During the workshop, participants identified specific areas of action for the coming years. These include the systematic inventory and assessment of assets, the establishment of SBOM-based security processes, the introduction of effective monitoring concepts, and closer collaboration between industry, research, and security providers. In addition, preparing for post-quantum cryptography and expanding common exchange and information formats were identified as important next steps.

The Automotive & Mobility Security Forum 2026 made it clear: Cybersecurity today is far more than just a technical security issue. For software-defined vehicles, it is increasingly becoming a decisive factor for certification, market access, long-term operation, and the economic reusability of vehicle components. 



NOTE

The event was part of the German federal government’s Transformation Networks (funded by the Federal Ministry for Economic Affairs and Energy, BMWE). The Regensburg-based project transform.r supports companies in navigating structural change in the automotive industry.

Back