Subscriber OnlyMotors

Popular Porsche and Renault models among those being discontinued in 2024 due to new regulations

What are GSR2 and WP29, the regulations that have put some carmakers in a bind?

New vehicle safety and security regulations are coming into force in 2024 which will see at least two key models taken off the market.

The Renault Zoe and the combustion-engined Porsche Macan are two of the highest-profile victims of the new regulations. While Porsche will keep the petrol-powered Macan on sale as a more affordable alternative to its incoming new all-electric version in many global markets, it won’t be able to do so in the EU because of the application of the new WP29 regulations.

WP29 is a piece of legislation suggested and put forward by the United Nations which essentially governs a car’s ability to withstand cyberattacks. While it has been implemented in a general rollout for two years now, from June of 2024, every car on sale has to be able to comply with it or it can’t be type-approved for sale by the European Union. The Macan’s internal electronics systems don’t comply, and Porsche says that it’s too expensive to upgrade them, although of course the new all-electric Macan meets the regulations entirely.

WP29 says that all vehicles on sale must comply to a common standard for cybersecurity, and that carmakers must: “Proactively monitor their fleets of vehicles to look for new emerging threats and to be able to remediate these, through software updates, as soon as possible. It will not be possible to maintain compliance if known issues are not addressed in a timely manner.”


The regulations are necessary thanks to the enormous, and ever-increasing, computing and sensor power of cars. Cars now know where they are at any given time thanks to GPS and surround-view cameras, and the inevitable corollary is that they know where we – the humans inside them – are too. There have been fears that connected cars, those that have an always-on internet connection both sending and receiving a constant stream of data, will also be vulnerable to someone remotely taking control and causing a crash.

Electronic safety campaigner Dan O’Dowd, the head of Green Hills Software, based in California, is a long-time critic of what he sees as cavalier attitudes to cybersecurity in the car industry. “Millions of people could die, literally millions of people that because we did the dumbest thing imaginable. We put a self-driving car on the internet, that could be hacked. How can you allow that?” he asks. “You can create software that can’t be hacked, and we do it all the time. Take, for example, systems that control nuclear weapons. Those people take security seriously, but very few other people do. I mean, they all say that they do, but they really just download crap off the internet. They don’t even look at it, they don’t even check the software. Google works like this, so too does Bank of America. It’s just lip-service for security.”

O’Dowd points to the comparisons made between autonomous car systems and aircraft autopilots. Many autonomous car experts point to the tremendous safety levels that autopilot systems have brought to flying, but O’Dowd says there’s a huge gap between how aircraft systems are created, and how the software for cars is being built.

“For aeroplanes, they do it 100 per cent a different way. Elon Musk despises it as as barbarian and ancient and whatever. But what we do is we write down what the software is supposed to do. We put it down on paper, we say it’s supposed to do this. And here are the conditions that might go wrong. This might fail, then what? What’s our backup system, and what if that might fail? What about this condition? What about that condition, on and on and on and on. And you have to go through and think through all these scenarios, and you write them all down. And then you write the software. And you have to say and show how your software implements those things.

“It is slow, for sure. We even bring in representatives from rival companies to check the code. So, for example, Boeing will bring in a team from Lockheed to try and break their software; that doesn’t happen in the car industry. We pay people, we train people to go over it with a fine-tooth comb, in detail, to find the problems and make sure that everything is done right.”

Will the new WP29 regulations actually force carmakers to look at cyber safety from a more technocratic, and less economic, point of view? Perhaps 2024 will tell us.

Safety in other forms means that other cars will be taken off sale, including one of the best-selling electric cars – the Renault Zoe. It’s not a victim of anti-hacking standards, but of the full implementation of GSR2, or Global Safety Regulations 2, a package of rules that says cars must be equipped with likes of automated emergency braking and road-sign-reading intelligent speed assistants.

Many cars already come fully GSR2 compliant, in no small part because such systems have been effectively required to get a good score on the independent Euro NCAP crash test. However, a number of cars – the Zoe being one, and Toyota’s brilliant GR86 sports car being another – can’t be economically upgraded to meet GSR2, and so in 2024 we’ll have to wave bye-bye.

In part, these regulations have been steadily and stealthily responsible for the culling of many models in recent years, not least the likes of the Ford Fiesta, which Ford reckoned would be impossible to make profitably if it had to comply with GSR2 as well as meeting what were expected to be much more stringent emissions laws under the EU’s Euro VII regulations. Since then, the Euro VII regulations have been considerably watered down, but it was too late for the Fiesta, costing buyers access to a small, affordable, economical car at a time when production of massive, heavy, wasteful SUVs continues unabated.

Those bigger cars have the sort of profit margin to be able to absorb the engineering work needed to meet GSR2 or WP29 – smaller models don’t. Another high-profile casualty is the electric Volkswagen e-Up, one of the smallest and most efficient electric cars you can buy.

Or can’t buy anymore – it’s being taken off the price lists precisely because of these new regulations, which is about the best example of the law of unintended consequences that you might be able to imagine – and that at a time when many in the industry are expressing doubts over the efficacy of such things as automated speed limit systems. Such systems rely on speed limit signs being properly and repeatedly posted, or on highly accurate mapping information, neither of which can be taken as a given. The systems themselves are also often highly inaccurate. This correspondent recently experienced one such system claiming that the local speed limit was 80km/h, when we were driving on an incredibly narrow street in a small village, which actually had a 30km/h limit.

While the Zoe will be replaced with the, fingers crossed, more affordable new Renault 5 EV, there’s no replacement for the likes of the Fiesta, and the e-Up’s replacement will only come to fruition if Volkswagen can successfully close a deal with Renault to jointly build it and the incoming new super-affordable Twingo EV. Good regulations are important and useful, but if they’re denying us access to the very cars most needed right now – both affordable and minimally environmentally intrusive – then perhaps the regulations need better consideration.

  • Sign up for push alerts and have the best news, analysis and comment delivered directly to your phone
  • Find The Irish Times on WhatsApp and stay up to date
  • Our In The News podcast is now published daily – Find the latest episode here
Neil Briscoe

Neil Briscoe

Neil Briscoe, a contributor to The Irish Times, specialises in motoring