Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Document 32025R1535

Commission Delegated Regulation (EU) 2025/1535 of 29 July 2025 supplementing Regulation (EU) 2024/2847 of the European Parliament and of the Council with regard to an exclusion from the application of that Regulation for certain products with digital elements falling within the scope of Regulation (EU) No 168/2013 of the European Parliament and of the Council

C/2025/5059

OJ L, 2025/1535, 29.10.2025, ELI: http://data.europa.eu/eli/reg_del/2025/1535/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

Legal status of the document In force

ELI: http://data.europa.eu/eli/reg_del/2025/1535/oj

European flag

Official Journal
of the European Union

EN

L series

2025/1535

29.10.2025

COMMISSION DELEGATED REGULATION (EU) 2025/1535

of 29 July 2025

supplementing Regulation (EU) 2024/2847 of the European Parliament and of the Council with regard to an exclusion from the application of that Regulation for certain products with digital elements falling within the scope of Regulation (EU) No 168/2013 of the European Parliament and of the Council

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act) (1), and in particular Article 2(5), second subparagraph, thereof,

Whereas:

(1)

Pursuant to Article (2) of Regulation (EU) 2024/2847, the application of that Regulation to products with digital elements covered by other Union rules laying down requirements that address all or some of the risks covered by the essential cybersecurity requirements set out in that Regulation may be limited or excluded where such limitation or exclusion is consistent with the overall regulatory framework applying to those products and where the sectoral rules achieve at least the same level of protection as the one provided for by that Regulation.

(2)

Regulation (EU) No 168/2013 of the European Parliament and of the Council (2) establishes the administrative and technical requirements for the type-approval of two- or three-wheel vehicles and quadricycles as categorised in that Regulation (‘L-category vehicles’). Commission Delegated Regulation (EU) No 44/2014 (3) establishes the detailed technical requirements and test procedures regarding vehicle construction and general requirements for the approval of L-category vehicles and the systems, components and separate technical units intended for such vehicles in accordance with Regulation (EU) No 168/2013 and sets out a list of UNECE regulations and amendments thereto. Pursuant to Article 4(1) of Delegated Regulation (EU) No 44/2014, the UNECE regulations and amendments thereto set out in Annex I to that Delegated Regulation are to apply to type approval of L-category vehicles.

(3)

The scope of UN Regulation No 155 (4) has been extended to include rules on cybersecurity for L-category vehicles. Therefore, Delegated Regulation (EU) No 44/2014 has been amended by Commission Delegated Regulation (EU) 2025/1455 (5) amending Delegated Regulation (EU) No 44/2014 as regards laying down technical requirements and testing procedures regarding the protection of L-category vehicles against cyberattacks to include UN Regulation No 155 in the list of UNECE regulations applying on a compulsory basis set out in Annex I to that Delegated Regulation. L1e category vehicles designed to pedal referred to in Article 3, point (94)(b), of Regulation (EU) No 168/2013 were however excluded from the compulsory application of UN Regulation No 155. Delegated Regulation (EU) 2025/1455 is to apply to new vehicle types from 11 December 2027 and to existing vehicle types from 11 June 2029.

(4)

UN Regulation No 155 introduces certain cybersecurity requirements, including on the operation of a certified cybersecurity management system, on software updates, covering organisations’ policies and processes for cybersecurity risks related to the entire lifecycle of vehicles, equipment and services. It addresses cybersecurity risks in a manner that is comparable to Regulation (EU) 2024/2847 and achieves at least the same level of protection as that Regulation. In addition, UN Regulation No 155 ensures consistency with the overall type-approval framework applying to L-category vehicles. Consequently, Regulation (EU) 2024/2847 should not apply to products with digital elements falling within the scope of Regulation (EU) No 168/2013, with the exception of L1e category vehicles designed to pedal referred to in Article 3, point (94)(b), of Regulation (EU) No 168/2013,

HAS ADOPTED THIS REGULATION:

Article 1

The application of Regulation (EU) 2024/2847 shall be excluded for products with digital elements falling within the scope of Regulation (EU) No 168/2013.

However, that exclusion shall not apply to L1e category vehicles designed to pedal referred to in Article 3, point (94)(b), of Regulation (EU) No 168/2013.

Article 2

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 29 July 2025.

For the Commission

The President

Ursula VON DER LEYEN

(1)   OJ L, 2024/2847, 20.11.2024, ELI: http://data.europa.eu/eli/reg/2024/2847/oj.

(2)  Regulation (EU) No 168/2013 of the European Parliament and of the Council of 15 January 2013 on the approval and market surveillance of two- or three-wheel vehicles and quadricycles (OJ L 60, 2.3.2013, p. 52, ELI: http://data.europa.eu/eli/reg/2013/168/oj).

(3)  Commission Delegated Regulation (EU) No 44/2014 of 21 November 2013 supplementing Regulation (EU) No 168/2013 of the European Parliament and of the Council with regard to the vehicle construction and general requirements for the approval of two- or three-wheel vehicles and quadricycles (OJ L 25, 28.1.2014, p. 1, ELI: http://data.europa.eu/eli/reg_del/2014/44/oj).

(4)  UN Regulation No 155 – Uniform provisions concerning the approval of vehicles with regards to cybersecurity and cybersecurity management system [2025/5] (OJ L, 2025/5, 10.1.2025, ELI: http://data.europa.eu/eli/reg/2025/5/oj).

(5)  Commission Delegated Regulation (EU) 2025/1455 of 23 July 2025 amending Delegated Regulation (EU) No 44/2014 as regards laying down technical requirements and testing procedures regarding the protection of L-category vehicles against cyberattacks (OJ L, 2025/1455, 29.10.2025, ELI: http://data.europa.eu/eli/reg_del/2025/1455/oj).

ELI: http://data.europa.eu/eli/reg_del/2025/1535/oj

ISSN 1977-0677 (electronic edition)

Top