ESCAR USA 2026: Euro 7 signals a new era for cyber security and vehicle compliance

At 2026’s ESCAR USA, a leading automotive cyber security conference, NCC Group’s Automotive Principal Consultant Rami Riashy, delivered a thought-provoking presentation on how Euro 7 is reshaping the role of cyber security within vehicle compliance and homologation.

Our session explored how Euro 7 is introducing a broader requirement for auto manufacturers to be aware of as it’ll have lasting implications for trust and their brand reputation. Alongside emissions performance, there is now a much stronger focus on software integrity, anti-tampering protections, on-board monitoring, and the ability to demonstrate compliance throughout a vehicle’s operational life.

This marks a shift away from a point-in-time measurement model toward one that reflects real-world conditions covering; durability, sensor reliability, update governance, and the traceability of software-controlled functions over time.

The direction of travel has been developing for some time. Our research paper “Euro 7 Anti-Tampering and the Expanding Cybersecurity Landscape” written by Dr. Liz James (NCC Group’s OT & Transport Managing Security Consultant) explored how increasing software complexity, connectivity, and updateability are introducing new challenges for vehicle assurance. These themes are now central to how Euro 7 is being shaped and interpreted across the industry.

Rami challenged attendees to see Euro 7 not just as an emissions regulation, but as part of a wider move toward continuous assurance. 

He highlighted how cyber security capabilities developed under frameworks such as UNECE R155, UNECE R156, ISO/SAE 21434, and ISO 24089 are increasingly supporting expectations around evidence, traceability, and operational trust.

Examples included protecting Electronic Control Units (ECUs) software and calibration integrity, safeguarding in-vehicle communications, governing over-the-air updates, and detecting unauthorized software modifications.

A key theme was that compliance is no longer something proven once and then assumed. It's becoming something that needs to be shown over time.

As software-defined vehicles evolve, manufacturers may need to provide ongoing evidence that controls remain effective throughout the vehicle lifecycle. This includes logs, telemetry, software update records, and fleet-level monitoring data that demonstrate ongoing compliance and tamper resistance.

The topic sparked strong engagement from attendees, with discussion continuing well beyond the session. Representatives from Original Equipment Manufacturers (OEMs), suppliers, and standards bodies all pointed to the growing importance of proving assurance in real world operation. Increasingly, it’s not enough to state that controls exist. Controls need to be shown they work in practice.

The conference also reflected several wider industry trends. Artificial intelligence was a major focus, particularly in areas such as AI-assisted fuzzing, automated analysis, and AI enabled vulnerability discovery. While the capabilities were impressive, discussion often centred on explainability, validation, and false positives. The overall message was clear: AI is enhancing cyber security expertise, not replacing it.

Another major theme was convergence among cyber security, safety, software governance, and operational assurance are increasingly overlapping. Across autonomous systems and software integrity, the message was consistent: organizations are being asked to prove that controls are effective, and not only achieve compliance.

As the industry continues its shift toward software-defined vehicles, a clear consensus is emerging. Cyber security is no longer sitting at the edges of compliance. It’s becoming central to how compliance itself is demonstrated.

That shift is being driven by a growing expectation of continuous, evidence-based assurance across the vehicle lifecycle, where trust is not assumed but actively demonstrated.