To download a DRM-free copy of the PAS, click here
What is PAS 11281:2026 Connected automotive ecosystems – Impact of security on safety – Code of practice about?
The revised PAS 11281:2026 provides recommendations for managing cyber, cyber-physical and physical security risks that could compromise safety in a connected automotive ecosystem.
The PAS applies to small-scale risks affecting individual systems or small groups of systems, as well broader systemic risks that might appear minor in isolation, but become more significant when ecosystem interdependencies are considered, where vulnerabilities in or several few entities may pose more widespread risk.
Who is the PAS for?
The PAS is intended to be used by manufacturers, operators and maintainers of products, systems and services used in a connected automotive ecosystem. This includes manufacturers of vehicle subsystems, vehicle manufacturers, maintenance organizations, infrastructure operators, owners of large vehicle fleets, and digital service providers.
This PAS might also be of interest to regulators and other stakeholders in the connected automotive ecosystem, and to users/operators of vehicles.
What does it cover?
This standard covers the entire connected automotive ecosystem and its constituent systems throughout their lifetimes. This includes manufacturing, supply chain and maintenance activities.
The ecosystem comprises vehicles used on public roads, such as cars, as well as vehicles used for off-road activities such as farming and mining. It also covers road-side and other static infrastructure, communication channels between vehicles and infrastructure, servicing and repair facilities, digital services, data and information, and other services that support the proper operation of road transport.
This aligns with, and complements, the wider suite of Connected and Automated Mobility (CAM) standards that support safe and secure operation of self-driving vehicles.
Why should you use it?
It provides up to date recommendations on managing security risks for a connected automotive ecosystem. Using it helps organizations to:
- Protect safety by identifying and mitigating cyber issues that could lead to real‑world harm.
- Manage isolated vulnerabilities as well as systemic risks impacting interdependent vehicles, infrastructure, digital services and supply chains.
- Achieve consistency and assurance across connected automotive ecosystems through a agreed good practice.
- Strengthen lifecycle security from design and manufacturing through to maintenance and updates.
- Demonstrate responsible practice to regulators, customers and stakeholders by adopting recognized, industry-aligned guidance.
Aligning with this revised code of practice helps in building safer, more resilient connected automotive systems while reducing risk and supporting long‑term operational integrity.
What has changed?
The objective of this revision is to bring PAS 11281 up to date based on security standards analysis and associated mapping. The PAS already sits within the market. This update is designed to align the document with the wider suite of Connected and Automated Mobility (CAM) standards.