New ISO/TS 5083 Safety Standard Highlights Linkage between Cybersecurity and Functional Safety

Home Blog New ISO/TS 5083 Safety Standard Highlights Linkage between Cybersecurity and Functional Safety

New ISO/TS 5083 Safety Standard Highlights Linkage between Cybersecurity and Functional Safety

Dikla Fiengertz, Quality Engineering Team Leader, PlaxidityX 
Elad Zinger, Product Director, PlaxidityX

Table of contents

TL;DR

ISO/TS 5083:2025 provides comprehensive guidance for OEMs in ensuring the safety of Automated Driving Systems (ADS) integrated into road vehicles. Emphasizing the critical interdependence between safety and cybersecurity in connected vehicles, this “state-of-the-art” standard mandates that cybersecurity risk assessment, monitoring, and vulnerability management be integrated into the ADS safety processes. PlaxidityX supports OEMs with a unified cybersecurity architecture that integrates risk assessment, vehicle detection and response, and continuous vulnerability management to help ensure safety compliance across the ADS lifecycle.

The automotive industry has historically treated Functional Safety (FuSa) and Cybersecurity as separate domains. Safety engineers focused on accidental failures, while security teams focused on malicious attacks. ISO/TS 5083: “Road vehicles – Safety for automated driving systems” shatters this siloed approach.

 This new Technical Specification establishes a definitive “state of the art” for Automated Driving Systems (ADS), explicitly codifying a new reality: there is no vehicle safety without cybersecurity.

This blogpost analyzes the profound implications of ISO/TS 5083 on the automotive industry, specifically its mandate that cybersecurity risks must be integrated into safety Risk Acceptance Criteria (RAC). In addition, it outlines how PlaxidityX’s intelligent and unified cybersecurity products provide OEMs with the technological foundation they need to comply with these converged requirements.

What is ISO/TS 5083?

As autonomous mobility reaches Level 3 and Level 4, cybersecurity has become a safety imperative. ISO/TS 5083:2025 is a new technical specification that provides comprehensive guidance for OEMs in ensuring the safety of Automated Driving Systems (ADS) integrated into road vehicles, specifically focusing on Level 3 and Level 4 automation features.

Furthermore, ISO/TS 5083 emphasizes the critical linkage between safety and security, outlining cybersecurity considerations that must be integrated into the safety processes, such as cybersecurity risk assessment, cybersecurity monitoring, vulnerability management during the operational phase, and safeguarding information stored by ADS. Unlike previous standards that treated security as a supporting process, ISO/TS 5083 elevates cybersecurity to a normative safety requirement.

The Core Mandate: “Safe State” Depends on Security

The standard assertsthat an automated vehicle cannot maintain a “Minimal Risk Condition” (MRC) – e.g., pulling over safely during a failure – if it is compromised by a cyberattack. To ensure this, ISO/TS 5083 outlines specific cybersecurity requirements that must be met to validate safety:

  1. Defining Risk Acceptance Criteria: Manufacturers must define specific criteria for what constitutes an “acceptable risk,” and results from cybersecurity risk assessments (TARA) must be included in this definition.
  2. Secure Operation: Ensuring the secure operation of the ADS-equipped vehicle to prevent unauthorized interference that could compromise safety.
  3. Safety Principles: he ADS must employ strategies to protect against threats, ensuring that cybersecurity risks are not “unreasonable”.
  4. Application of Other Standards: Mandates the application of ISO/SAE 21434 as the essential framework for ensuring that the technical capabilities of the vehicle are protected from malicious interference.

The collective upshot of these requirements is that cyber risks are no longer considered to be only a data privacy issue. They are now  a safety violation that can nullifythe vehicle’s roadworthiness.

Business Implications of Non-Compliance: Penalties and Liability

While ISO/TS 5083 is a technical specification, its role as the benchmark for “state of the art” engineering creates immediate legal and commercial exposure for OEMs:

  • Denial of Market Access: Regulatory bodies (e.g., for UNR 157 type approval) typically require adherence to state-of-the-art standards. Failure to demonstrate the safety-security integration mandated by ISO/TS 5083 could lead to rejection of type approval.
  • Product Liability & Negligence: If an ADS is involved in a crash caused by a cyberattack and the manufacturer ignored the “positive risk balance” principles of ISO/TS 5083, the manufacturer now faces multi-million Euro liability claims for designing a “defective” product.
  • Forced Recalls: Authorities can order the immediate removal of vehicles from the road if they are found to be non-compliant with the safety principles established by the standard.
  • Audit Failures & Commercial Impact: Failing an audit for ISO/TS 5083 can lead to the withdrawal of related quality or safety certifications. This often triggers “default” clauses in B2B contracts with Tier 1 suppliers or OEMs, leading to contract termination.
  • Reputation Damage: For ADS, public trust is critical. A safety incident linked to a failure to follow the “state of the art” standard can permanently damage a brand’s market position.

How PlaxidityX Can Help OEMs Comply with ISO/TS 5083 Requirements

Meeting ISO/TS 5083 requires more than a checklist; it demands a unified architecture where security data informs safety decisions in real-time. PlaxidityX’s cybersecurity products and unified architectureare designed to bridge this gap.

1. The “Cyber-Safety” Monitor: Vehicle Detection & Response (VDR) Platform

ISO/TS 5083, Clause 9.2.3, mandates cybersecurity monitoring as a continuous lifecycle activity that must be coordinated with field monitoring (Clause 9.3.1). The PlaxidityX VDR platform acts as this unified monitor both on the edge and in the cloud:

  • Intrusion Detection and Prevention (IDPX): An edge agent on the vehicle provides deep execution-layer visibility and active threat prevention across any E/E architecture (Host, Ethernet, CAN). It blocks malicious traffic (e.g., unauthorized CAN commands) instantly, without the latency of a cloud round-trip.
  • Edge Intelligence (IDRX): The extended introduction detection reporter sits within the ADS to detect “abnormal operations” (Clause 9.3.1). By filtering noise at the edge, IDRX ensures that only safety-relevant security anomalies, such as manipulation of sensor data or unauthorized commands to the steering ECU, are flagged.
  • Cloud Context (VPCC): The Vehicle Protection Cloud Core (VPCC) correlates these security alerts with fleet-wide safety data. This allows the OEM to distinguish between a random sensor glitch and a targeted cyberattack that threatens the fleet’s ability to maintain a safe state.

2. Safe by Design: AutoDesigner

The standard requires that safety arguments be backed by rigorous Threat Analysis and Risk Assessment (TARA).

  • Automated Risk Integration: Our AutoDesigner product automates the TARA process (ISO 21434, Clause 15). It ensures that every potential attack path is identified during the design phase and mapped directly to the Risk Acceptance Criteria (RAC) required by ISO/TS 5083. This ensures that the ADS is designed with the necessary countermeasures to remain within its Operational Design Domain (ODD) even under attack.

3. Lifecycle Safety Validity: Supply Chain Security (SSCS)

An ADS that is safe today could be unsafe tomorrow if a new vulnerability is discovered in a 3rd-party library.

  • Dynamic Vulnerability Management: ISO/TS 5083 mandates continuous vulnerability analysis (Clause 9.2.3). Our SSCS product continuously checks your ADS software against public (CVE) and private automotive vulnerability databases. This ensures that when a new CVE is published, its impact on the ADS’s safety functions is instantly calculated. This allows for a “Dynamic Change Management” process (Clause 9.3.2) where updates are deployed before safety is compromised.

Bridge the Gap between Cybersecurity and Safety

As autonomous mobility reaches Level 3 and Level 4, cybersecurity has become a safety imperative. ISO/TS 5083 highlights this interdependence and compels OEMs to integrate cybersecurity considerations into their ADS safety processes. PlaxidityX offers a suite of intelligent cybersecurity products that are designed to secure connected and autonomous vehicles. Aligned with ISO/TS 5083, these products can help OEMs  move beyond fragmented compliance to build ADS fleets that are resilient, compliant and demonstrably safe.

Published: March 9th, 2026

Ready to See Plaxidityx in Action?

“We see cybersecurity as a differentiator of our market offering and believe our partnership with PlaxidityX complements our “Digital Shield” cybersecurity service offering, helping us to achieve our goal of becoming a leader in secure software and electronics.”

Oliver Huppenbauer
Global Cybersecurity Manager at Marquardt

“The partnership with PlaxidityX enables our OEM and Tier 1 customers to benefit from our new, high-performance Ajunic®️ platform without the security worries. By leveraging PlaxidityX’s automotive cyber security expertise and innovative IDPS product line, we will be able to deliver market-leading in-vehicle protection capabilities as an integral part of our software development stack.”

Georg Schwab
Managing Director of AVL Software and Functions

“We chose PlaxidityX based on its proven experience, knowledge, methodology, and expertise..PlaxidityX’s ability to complete and submit in an extremely short time with top quality results, was critical for meeting our business goals”

PlaxidityX (Formerly Argus) Automotive Cyber Security
Emrah Duman
Ford Trucks Leader

“PlaxidityXs’ comprehensive suite of cyber security solutions and its outstanding array of strategic technological partnerships have contributed to the company’s leadership position”

PlaxidityX (Formerly Argus) Automotive Cyber Security
Dorothy Amy
Industry Analyst, Business Strategy & Innovation, Mobility
Frost & Sullivan

“The partnership with PlaxidityX enables our customers to perform cybersecurity testing on our established test platforms ..We are excited to partner with a strong and experienced cybersecurity service provider such as PlaxidityX”

Dr. Herbert Schütte
Executive Vice President Real-Time Test & Development Solutions
dSPACE

“By combining PlaxidityX’s expertise in securing connected vehicles with Microsoft’s Azure AI capabilities, we have a unique opportunity to accelerate ‘shift left’ security innovations across the entire automotive sector..”

PlaxidityX (Formerly Argus) Automotive Cyber Security
Dominik Wee
Corporate Vice President for Manufacturing and Mobility
Microsoft

“PlaxidityX is a key pillar of Continental’s SDV strategy, enabling Continental to implement a security-by-design approach. As automotive cyber security moves to the cloud, PlaxidityX’ cutting-edge technologies and proven VSOC capabilities position us advantageously to meet our customers’ future needs”

Gilles Mabire
Chief Technology Officer
Continental

Updates and insights

Blog

PlaxidityX Discovers Critical Vulnerability in Implementation of EV Charging Communication Protocol

Report

H2 2025 Automotive Cybersecurity Regulations and Privacy Updates

Blog

How Your EV Charging Port Can Be Used to Steal Your Car: 3 Critical Flaws 

Learn how we bring peace of mind for millions of drivers