- Latest available (Revised)
- Original (As adopted by EU)
Council Regulation (EEC) No 3821/85Show full title
Council Regulation (EEC) No 3821/85 of 20 December 1985 on recording equipment in road transport
You are here:
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
Revised version PDFs
- Revised 02/03/20160.44 MB
- Revised 22/02/20163.94 MB
- Revised 01/11/20147.80 MB
- Revised 01/07/20137.79 MB
- Revised 01/10/20127.79 MB
- Revised 01/10/20118.05 MB
- Revised 11/01/20104.46 MB
- Revised 24/07/20094.44 MB
- Revised 11/04/20074.62 MB
- Revised 01/05/20067.66 MB
- Revised 01/05/20045.75 MB
- Revised 13/03/20045.74 MB
- Revised 20/11/20031.64 MB
- Revised 25/08/20022.79 MB
- Revised 10/10/19980.27 MB
- Revised 01/01/19960.19 MB
- Revised 01/01/19950.12 MB
- Revised 22/12/19920.19 MB
- Revised 17/12/19900.19 MB
- Revised 20/11/19900.19 MB
This is a Regulation originating from the EU
This is a legislation item that originated from the EU
After exit day there will be three versions of this legislation to consult for different purposes. The legislation.gov.uk version is the version that applies in the UK. The EU Version currently on EUR-lex is the version that currently applies in the EU i.e you may need this if you operate a business in the EU.
The web archive version is the official version of this legislation item as it stood on exit day before being published to legislation.gov.uk and any subsequent UK changes and effects applied. The web archive also captured associated case law and other language formats from EUR-Lex.
Changes over time for: Division 3.
Changes to legislation:
There are currently no known outstanding effects for the Council Regulation (EEC) No 3821/85, Division
3.
.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
[F1 [F23. Product rationale U.K.
3.1. Vehicle unit description and method of use U.K.
The VU is intended to be installed in road transport vehicles. Its purpose is to record, store, display, print and output data related to driver activities.
It is connected to a motion sensor with which it exchanges vehicle's motion data.
Users identify themselves to the VU using tachograph cards.
The VU records and stores user activities data in its data memory, it also records user activities data in tachograph cards.
The VU outputs data to display, printer and external devices.
The vehicle unit's operational environment while installed in a vehicle is described in the following figure:
The VU general characteristics, functions and mode of operations are described in Chapter II of Annex I B.
The VU functional requirements are specified in Chapter III of Annex I B.
The typical VU is described in the following figure:
It must be noted that although the printer mechanism is part of the TOE, the paper document once produced is not.
3.2. Vehicle unit life cycle U.K.
The typical life cycle of the VU is described in the following figure:
3.3. Threats U.K.
This paragraph describes the threats the VU may face.
3.3.1. Threats to identification and access control policies U.K.
T.Access
Users could try to access functions not allowed to them (e.g. drivers gaining access to calibration function)
T.Identification
Users could try to use several identifications or no identification.
3.3.2. Design related threats U.K.
T.Faults
Faults in hardware, software, communication procedures could place the VU in unforeseen conditions compromising its security
T.Tests
The use of non invalidated test modes or of existing back doors could compromise the VU security
T.Design
Users could try to gain illicit knowledge of design either from manufacturer's material (through theft, bribery, …) or from reverse engineering
3.3.3. Operation oriented threats U.K.
T.Calibration_Parameters
Users could try to use mis-calibrated equipment (through calibration data modification, or through organisational weaknesses)
T.Card_Data_Exchange
Users could try to modify data while exchanged between VU and tachograph cards (addition, modification, deletion, replay of signal)
T.Clock
Users could try to modify internal clock
T.Environment
Users could compromise the VU security through environmental attacks (thermal, electromagnetic, optical, chemical, mechanical, …)
T.Fake_Devices
Users could try to connect fake devices (motion sensor, smart cards) to the VU
T.Hardware
Users could try to modify VU hardware
T.Motion_Data
Users could try to modify the vehicle's motion data (addition, modification, deletion, replay of signal)
T.Non_Activated
Users could use non activated equipment
T.Output_Data
Users could try to modify data output (print, display or download)
T.Power_Supply
Users could try to defeat the VU security objectives by modifying (cutting, reducing, increasing) its power supply
T.Security_Data
Users could try to gain illicit knowledge of security data during security data generation or transport or storage in the equipment
T.Software
Users could try to modify VU software
T.Stored_Data
Users could try to modify stored data (security or user data).
3.4. Security objectives U.K.
The main security objective of the digital tachograph system is the following:
O.Main
The data to be checked by control authorities must be available and reflect fully and accurately the activities of controlled drivers and vehicles in terms of driving, work, availability and rest periods and in terms of vehicle speed
Therefore the security objectives of the VU, contributing to the global security objective, are the following:
O.VU_Main
The data to be measured and recorded and then to be checked by control authorities must be available and reflect accurately the activities of controlled drivers and vehicles in terms of driving, work, availability and rest periods and in terms of vehicle speed
O.VU_Export
The VU must be able to export data to external storage media in such a way as to allow for verification of their integrity and authenticity.
3.5. Information technology security objectives U.K.
The specific IT security objectives of the VU contributing to its main security objectives, are the following:
O.Access
The VU must control user access to functions and data
O.Accountability
The VU must collect accurate accountability data
O.Audit
The VU must audit attempts to undermine system security and should trace them to associated users
O.Authentication
The VU should authenticate users and connected entities (when a trusted path needs to be established between entities)
O.Integrity
The VU must maintain stored data integrity
O.Output
The VU must ensure that data output reflects accurately data measured or stored
O.Processing
The VU must ensure that processing of inputs to derive user data is accurate
O.Reliability
The VU must provide a reliable service
O.Secured_Data_Exchange
The VU must secure data exchanges with the motion sensor and with tachograph cards.
3.6. Physical, personnel or procedural means U.K.
This paragraph describes physical, personnel or procedural requirements that contribute to the security of the VU.
3.6.1. Equipment design U.K.
M.Development
VU developers must ensure that the assignment of responsibilities during development is done in a manner which maintains IT security
M.Manufacturing
VU manufacturers must ensure that the assignment of responsibilities during manufacturing is done in a manner which maintains IT security, and that during the manufacturing process the VU is protected from physical attacks which might compromise IT security.
3.6.2. Equipment delivery and activation U.K.
M.Delivery
VU manufacturers, vehicle manufacturers and fitters or workshops must ensure that handling of non activated VUs is done in a manner which maintains VU security
M.Activation
Vehicle manufacturers and fitters or workshops must activate the VU after its installation before the vehicle leaves the premises where installation took place.
3.6.3. Security data generation and delivery U.K.
M.Sec_Data_Generation
Security data generation algorithms must be accessible to authorised and trusted persons only
M.Sec_Data_Transport
Security data must be generated, transported, and inserted into the VU, in such a way to preserve its appropriate confidentiality and integrity.
3.6.4. Cards delivery U.K.
M.Card_Availability
Tachograph cards must be available and delivered to authorised persons only
M.Driver_Card_Uniqueness
Drivers must possess, at one time, one valid driver card only
M.Card_Traceability
Card delivery must be traceable (white lists, black lists), and black lists must be used during security audits.
3.6.5. Recording equipment installation, calibration, and inspection U.K.
M.Approved_Workshops
Installation, calibration and repair of recording equipment must be carried by trusted and approved fitters or workshops
M.Regular_Inpections
Recording equipment must be periodically inspected and calibrated
M.Faithful_Calibration
Approved fitters and workshops must enter proper vehicle parameters in recording equipment during calibration.
3.6.6. Equipment operation U.K.
M.Faithful_Drivers
Drivers must play by the rules and act responsibly (e.g. use their driver cards, properly select their activity for those that are manually selected, …).
3.6.7. Law enforcement control U.K.
M.Controls
Law enforcement controls must be performed regularly and randomly, and must include security audits.
3.6.8. Software upgrades U.K.
M.Software_Upgrade
Software revisions must be granted security certification before they can be implemented in a VU.] ]
Options/Help
Print Options
PrintThe Whole Regulation
PrintThe Whole Annex
PrintThe Whole Division
PrintThis Division only
You have chosen to open the Whole Regulation
The Whole Regulation you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
You have chosen to open Schedules only
The Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.