- Latest available (Revised)
- Original (As adopted by EU)
Council Regulation (EEC) No 3821/85 of 20 December 1985 on recording equipment in road transport
After exit day there will be three versions of this legislation to consult for different purposes. The legislation.gov.uk version is the version that applies in the UK. The EU Version currently on EUR-lex is the version that currently applies in the EU i.e you may need this if you operate a business in the EU.
The web archive version is the official version of this legislation item as it stood on exit day before being published to legislation.gov.uk and any subsequent UK changes and effects applied. The web archive also captured associated case law and other language formats from EUR-Lex.
There are currently no known outstanding effects for the Council Regulation (EEC) No 3821/85, Division 3. .
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
The VU is intended to be installed in road transport vehicles. Its purpose is to record, store, display, print and output data related to driver activities.
It is connected to a motion sensor with which it exchanges vehicle's motion data.
Users identify themselves to the VU using tachograph cards.
The VU records and stores user activities data in its data memory, it also records user activities data in tachograph cards.
The VU outputs data to display, printer and external devices.
The vehicle unit's operational environment while installed in a vehicle is described in the following figure:
The VU general characteristics, functions and mode of operations are described in Chapter II of Annex I B.
The VU functional requirements are specified in Chapter III of Annex I B.
The typical VU is described in the following figure:
It must be noted that although the printer mechanism is part of the TOE, the paper document once produced is not.
The typical life cycle of the VU is described in the following figure:
This paragraph describes the threats the VU may face.
Users could try to access functions not allowed to them (e.g. drivers gaining access to calibration function)
Users could try to use several identifications or no identification.
Faults in hardware, software, communication procedures could place the VU in unforeseen conditions compromising its security
The use of non invalidated test modes or of existing back doors could compromise the VU security
Users could try to gain illicit knowledge of design either from manufacturer's material (through theft, bribery, …) or from reverse engineering
Users could try to use mis-calibrated equipment (through calibration data modification, or through organisational weaknesses)
Users could try to modify data while exchanged between VU and tachograph cards (addition, modification, deletion, replay of signal)
Users could try to modify internal clock
Users could compromise the VU security through environmental attacks (thermal, electromagnetic, optical, chemical, mechanical, …)
Users could try to connect fake devices (motion sensor, smart cards) to the VU
Users could try to modify VU hardware
Users could try to modify the vehicle's motion data (addition, modification, deletion, replay of signal)
Users could use non activated equipment
Users could try to modify data output (print, display or download)
Users could try to defeat the VU security objectives by modifying (cutting, reducing, increasing) its power supply
Users could try to gain illicit knowledge of security data during security data generation or transport or storage in the equipment
Users could try to modify VU software
Users could try to modify stored data (security or user data).
The main security objective of the digital tachograph system is the following:
The data to be checked by control authorities must be available and reflect fully and accurately the activities of controlled drivers and vehicles in terms of driving, work, availability and rest periods and in terms of vehicle speed
Therefore the security objectives of the VU, contributing to the global security objective, are the following:
The data to be measured and recorded and then to be checked by control authorities must be available and reflect accurately the activities of controlled drivers and vehicles in terms of driving, work, availability and rest periods and in terms of vehicle speed
The VU must be able to export data to external storage media in such a way as to allow for verification of their integrity and authenticity.
The specific IT security objectives of the VU contributing to its main security objectives, are the following:
The VU must control user access to functions and data
The VU must collect accurate accountability data
The VU must audit attempts to undermine system security and should trace them to associated users
The VU should authenticate users and connected entities (when a trusted path needs to be established between entities)
The VU must maintain stored data integrity
The VU must ensure that data output reflects accurately data measured or stored
The VU must ensure that processing of inputs to derive user data is accurate
The VU must provide a reliable service
The VU must secure data exchanges with the motion sensor and with tachograph cards.
This paragraph describes physical, personnel or procedural requirements that contribute to the security of the VU.
VU developers must ensure that the assignment of responsibilities during development is done in a manner which maintains IT security
VU manufacturers must ensure that the assignment of responsibilities during manufacturing is done in a manner which maintains IT security, and that during the manufacturing process the VU is protected from physical attacks which might compromise IT security.
VU manufacturers, vehicle manufacturers and fitters or workshops must ensure that handling of non activated VUs is done in a manner which maintains VU security
Vehicle manufacturers and fitters or workshops must activate the VU after its installation before the vehicle leaves the premises where installation took place.
Security data generation algorithms must be accessible to authorised and trusted persons only
Security data must be generated, transported, and inserted into the VU, in such a way to preserve its appropriate confidentiality and integrity.
Tachograph cards must be available and delivered to authorised persons only
Drivers must possess, at one time, one valid driver card only
Card delivery must be traceable (white lists, black lists), and black lists must be used during security audits.
Installation, calibration and repair of recording equipment must be carried by trusted and approved fitters or workshops
Recording equipment must be periodically inspected and calibrated
Approved fitters and workshops must enter proper vehicle parameters in recording equipment during calibration.
Drivers must play by the rules and act responsibly (e.g. use their driver cards, properly select their activity for those that are manually selected, …).
Law enforcement controls must be performed regularly and randomly, and must include security audits.
Software revisions must be granted security certification before they can be implemented in a VU.] ]
The Whole Regulation you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
Click 'View More' or select 'More Resources' tab for additional information including: