Type testing—more commonly called type approval—is the make-or-break moment in a vehicle or component’s life. It’s where elegant engineering meets unforgiving regulation, and only the designs that satisfy both survive. For automakers, suppliers, and software developers alike, mastering type testing is the difference between seamless market entry and expensively reworked launches.
What does type testing actually mean?
At its core, type testing is the conformity assessment of a representative sample (“the type”) against a defined set of legal and technical requirements. When the sample passes, authorities issue a type approval certificate that authorizes series production and sale of products built identically to that approved design. Any meaningful deviation triggers re-approval or an extension.
In Europe and many other regions aligned to the UN system, this takes place under the umbrella of the UNECE framework and the EU’s type-approval regulations.
.png)
The regulatory bedrock: UNECE and the EU—plus the U.S. outlier
The global reference point is the UNECE World Forum for Harmonization of Vehicle Regulations (WP.29), which sits on three international agreements—1958, 1997, and 1998—that establish common technical prescriptions and cooperation between approval authorities.
The 1958 Agreement is the workhorse: it sets uniform requirements and mutual recognition of approvals among contracting parties, enabling a truly international supply chain. The 1998 Agreement focuses on Global Technical Regulations (GTRs), broadening participation beyond mutual recognition.
Inside the EU, Regulation (EU) 2018/858 replaced the old Framework Directive and modernized the system—tightening oversight of approval authorities and technical services, strengthening market surveillance, and formalizing the EU’s audit powers after the diesel emissions scandals of the 2010s. Consolidated texts reflect later amendments and corrections; compliance to this regulation is the prerequisite for selling in the Single Market.
The United States is structurally different. Rather than pre-market type approval by a government authority, the U.S. operates manufacturer self-certification to the Federal Motor Vehicle Safety Standards (FMVSS). NHTSA polices compliance ex post through testing, investigations, and recalls. If you design for both regimes, don’t confuse them: pre-market type approval does not equal U.S. self-certification.
Who does what: authorities, technical services, and CoP
In a type-approval system, three institutional pillars matter:
1. Approval authority – the national body that issues the certificate (e.g., KBA in Germany, VCA in the UK).
2. Technical services – accredited labs that execute tests and audits on behalf of the authority.
3. Manufacturer – responsible for Conformity of Production (CoP) to guarantee that every unit rolling off the line matches the approved type.
The UK’s VCA and Germany’s KBA publish accessible guidance that makes the division of roles crystal clear: authorities decide and oversee; technical services test; manufacturers must continually demonstrate CoP robustness.
CoP is not window dressing—it’s the ongoing auditability that keeps approvals alive. Robust CoP systems trace requirements into manufacturing control plans, in-process checks, and release documentation, and they enable swift containment if something drifts. EU practice, industry associations, and authority guidance are emphatic: no CoP, no approval longevity.
The scope: from passive safety to EMC—and now cybersecurity & software
Traditional type testing spans crashworthiness, braking, lighting, visibility, noise and emissions, electromagnetic compatibility (EMC), and much more. Electrification adds high-voltage safety, battery integrity, and charging interoperability. What’s truly new is the formalization of cybersecurity and software update obligations:
• UN R155 requires manufacturers to implement a Cyber Security Management System (CSMS) and demonstrate risk-based controls across the vehicle lifecycle.
• UN R156 mandates a Software Update Management System (SUMS) and process controls around over-the-air (OTA) updates, ensuring updates don’t degrade previously approved functions.
These regulations operationalize the reality that a modern vehicle’s risk surface changes with every line of code deployed. They also create explicit approval hooks for software governance—something quality leaders must internalize alongside functional safety (e.g., ISO 26262) and SOTIF practices.
.png)
The process: from paperwork to plates
While details vary by jurisdiction and product category (complete vehicles, systems, components), the typical path looks like this:
1. Application & documentation. Submit an information package: design descriptions, drawings, materials, software/firmware baselines, and evidence of quality system maturity (often per IATF 16949/ISO 9001). Authorities and technical services use this to scope tests and identify approval-relevant variants.
2. Sample selection & configuration control. The “type” must be controlled, traceable, and replicable in production. Variant definition is crucial; sloppy configuration management creates nasty surprises at CoP audits.
3. Testing & witnessing. Accredited labs execute prescribed protocols—on benches, in chambers, on tracks—covering performance, durability, EMC, environmental and safety requirements per the targeted regulations. For software-regulated items, CSMS/SUMS evidence includes threat analyses, update governance, and post-deployment monitoring.
4. Evaluation & reporting. The technical service compiles the test report; the approval authority performs a conformity check and issues the type approval certificate if requirements are met.
5. Conformity of Production (CoP). Before and after approval, the manufacturer must prove sustained capability to build to spec. Expect audits, control plan reviews, and periodic testing of production samples. Failures can trigger suspensions or withdrawals.
6. Change management & extensions. Any design or process change that can influence compliance calls for a formal evaluation—often an extension of the original approval. In GB/EU practice, authorities provide specific pathways and fee schedules for such modifications.
Why type testing is a QA cornerstone (not just a regulatory hurdle)
Treat type approval as externalized quality assurance: an independent check that your design, manufacturing, and post-market controls are good enough to ship. It forces requirements traceability, objective evidence, and lifecycle governance. For leadership teams, it’s also a competitive edge: a clean approval dossier signals to customers and partners that your house is in order. EU reforms post-2018 raised the bar further by intensifying oversight and harmonizing enforcement across member states.
The U.S. twist: designing for self-certification without tripping over it
If you sell in the United States, the approval ritual becomes an internal discipline: you self-certify compliance to FMVSS, then prove it on demand. That doesn’t make it easier. NHTSA’s rulemaking, investigations, and recall powers—backed by the Office of Vehicle Safety Compliance and periodic OIG oversight—mean your test evidence, documentation, and change-control rigor must stand up to federal scrutiny at any time. Think “type approval without the ceremony, with just as much accountability.”
Electrification & software: where type testing is learning to move as fast as code
Two structural shifts are reshaping the discipline:
• Electrification raises the stakes on battery safety, thermal propagation, high-voltage isolation, and charging. Approvals here must coexist with fast-evolving chemistries and architectures.
• Software-defined vehicles mean a car keeps changing after SOP. UN R156 formalizes OTA update governance, so updates don’t undermine previous approvals; UN R155 forces end-to-end cybersecurity engineering—requirements, supply chain control, vulnerability handling, and incident response. Even service campaigns and feature drops must run through SUMS/CSMS gates. Leading technical services now offer dedicated SUMS/CSMS certification programs to industrialize these practices.
Getting it right: practical levers for leaders
• Design for approval from day one. Decompose regulatory clauses into verifiable engineering requirements; align DV (design validation) and PV (product validation) plans to the target regs.
• Nail configuration management. Your “type” definition and variant matrix must be unambiguous and tied to BOM/software baselines.
• Industrialize CoP. Build living control plans that mirror the approval spec, with periodic capability checks and robust change management.
• Institutionalize CSMS & SUMS. Don’t treat R155/R156 as paperwork—treat them as operating systems for your org, with governance that survives personnel changes and model-year churn.
• Keep your map current. Regulations evolve. Track consolidated legal texts and authority guidance so your test plans don’t drift out of date.
National windows into the global system
Beyond the EU and U.S., national authorities provide practical on-ramps:
• Kraftfahrt-Bundesamt or KBA (Germany) – approvals, information services, lists of issued certificates.
• Vehicle Certification Agency VCA (UK) – guidance on approvals, CoP, GB schemes post-Brexit, and routes for one-offs (IVA/MSVA) via GOV.UK.
These portals are not just bureaucratic storefronts—they’re live references for fees, process steps, and documentation checklists.
Bottom line
Type testing isn’t red tape; it’s disciplined skepticism applied to your product. It demands evidence that your engineering claims are true—not only on a good day in the lab, but on every day of production and throughout a vehicle’s software-defined life. Master it, and you unlock cross-border market access with fewer surprises, fewer delays, and a much lower recall risk. Ignore it, and the market (or a regulator) will teach the lesson the hard way.
Related services offered by TAM CERT:
Explore our certification solutions supporting responsible Automotive Cybersecurity compliance:
