Porsche is discontinuing its best-selling **Macan ICE (Internal Combustion Engine) SUV in Europe from mid-2024** due to **non-compliance with the UNECE WP.29 cybersecurity regulations (UN Regulation No. 155)**, which mandate stricter cybersecurity standards for new vehicles. The existing Macan’s electronic architecture lacks the necessary safeguards against **potential cyber threats, malfunctions, or electronic system failures** that could compromise vehicle safety. Retrofitting the model to meet these requirements was deemed **financially unviable** due to the extensive overhaul needed for its control units and cybersecurity management systems. While the decision aligns with Porsche’s broader **electrification strategy**, the immediate impact includes **lost sales revenue in Europe**, reputational risk from discontinuing a flagship model, and operational disruptions in supply chains. The move also signals a **strategic shift away from ICE vehicles** in regulated markets, forcing Porsche to accelerate its EV transition. Though the Macan ICE remains available in other regions (e.g., U.S., UK, Canada), its long-term viability is uncertain if similar cybersecurity mandates expand globally.
Source: https://www.torquenews.com/17994/ice-porsche-macan-be-droped-2024-allegedly-no-longer-true-heres-why
TPRM report: https://www.rankiteo.com/company/porsche-ag
"id": "por3543135102725",
"linkid": "porsche-ag",
"type": "Vulnerability",
"date": "7/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'European customers seeking to '
'purchase new ICE Macan models '
'post-mid-2024',
'industry': 'Automotive',
'location': 'Stuttgart, Germany (HQ); global '
'operations',
'name': 'Porsche AG',
'size': 'Large (39,557 employees as of 2022)',
'type': 'Automotive Manufacturer'}],
'customer_advisories': 'European customers were advised to purchase the ICE '
'Macan before mid-2024 or consider the all-electric '
'Macan as an alternative. Porsche highlighted the '
'performance and sustainability benefits of the '
'electric model.',
'date_publicly_disclosed': '2023-10-00',
'description': 'Porsche has decided to discontinue the sale of its internal '
'combustion engine (ICE) Macan SUV in Europe starting mid-2024 '
'due to non-compliance with the new UNECE WP.29 cybersecurity '
'regulations (UN Regulation No. 155). The regulations mandate '
'stricter cybersecurity standards for all new vehicles sold in '
'the EU, including protection against hacking and electronic '
'system malfunctions. Retrofitting the existing Macan to meet '
'these standards was deemed cost-prohibitive, leading Porsche '
'to focus on its all-electric Macan as a replacement in '
'Europe. The ICE Macan will continue to be sold in other '
'markets such as the UK, U.S., and Canada.',
'impact': {'brand_reputation_impact': 'Minimal (strategic alignment with '
'electrification goals); potential '
'short-term dissatisfaction among ICE '
'enthusiasts',
'financial_loss': 'Cost-prohibitive retrofitting expenses for '
'cybersecurity compliance',
'operational_impact': 'Discontinuation of ICE Macan sales in '
'Europe starting mid-2024; shift to '
'all-electric Macan',
'revenue_loss': 'Potential loss of sales revenue in Europe for ICE '
'Macan',
'systems_affected': 'Vehicle control units and electronic '
'architecture of Porsche Macan ICE'},
'investigation_status': 'Resolved (strategic decision made; no active '
'investigation required)',
'lessons_learned': 'Proactive compliance with emerging cybersecurity '
'regulations is critical in the automotive industry, '
'especially for vehicles with interconnected electronic '
'systems. Early integration of cybersecurity standards in '
'vehicle development can avoid costly retrofits and '
'strategic pivots. The incident also highlights the '
'broader industry shift toward electrification as a '
'response to both environmental and regulatory pressures.',
'motivation': 'Regulatory compliance and strategic shift toward '
'electrification',
'post_incident_analysis': {'corrective_actions': ['Discontinuation of ICE '
'Macan in Europe and '
'replacement with '
'all-electric Macan (2024).',
'Continued sales of ICE '
'Macan in markets without '
'UNECE WP.29 regulations '
'(e.g., U.S., UK, Canada).',
'Integration of '
'cybersecurity standards in '
'the development of new '
'models, including the '
'electric Macan.'],
'root_causes': ['Development of the ICE Macan '
'predated the finalization of '
'UNECE WP.29 cybersecurity '
'requirements, leading to '
'non-compliance.',
'High cost and complexity of '
"retrofitting the vehicle's "
'electronic architecture to meet '
'cybersecurity standards.',
'Strategic prioritization of '
'electrification over ICE model '
'updates in Europe.']},
'recommendations': ['Automakers should prioritize cybersecurity in vehicle '
'design phases to align with evolving regulations like '
'UNECE WP.29.',
'Invest in modular electronic architectures that can be '
'updated to meet future cybersecurity standards without '
'full retrofits.',
'Accelerate electrification strategies to meet dual goals '
'of emissions reduction and compliance with cybersecurity '
'regulations.',
'Monitor regulatory developments in key markets (e.g., '
'potential adoption of UNECE WP.29 in the U.S. or UK) to '
'anticipate similar compliance challenges.'],
'references': [{'source': 'Porsche Newsroom'},
{'date_accessed': '2023-10-00',
'source': 'Motolog Studio (Bhavik Sreenath)'},
{'source': 'UNECE WP.29 UN Regulation No. 155',
'url': 'https://unece.org/transport/regulations/un-regulation-no-155-cyber-security-and-cyber-security-management-system'}],
'regulatory_compliance': {'regulations_violated': ['UNECE WP.29 UN Regulation '
'No. 155 (Cybersecurity '
'for vehicles)'],
'regulatory_notifications': 'UNECE mandate '
'effective July 1, '
'2024, for all new '
'vehicles sold in the '
'EU'},
'response': {'communication_strategy': 'Public announcement via Porsche '
'Newsroom and automotive media; '
'emphasis on electrification strategy '
'and sustainability goals',
'containment_measures': 'Discontinuation of ICE Macan sales in '
'Europe; focus on all-electric Macan as '
'replacement',
'recovery_measures': 'Continued sales of ICE Macan in non-EU '
'markets (UK, U.S., Canada, etc.)',
'remediation_measures': 'Development and launch of all-electric '
'Macan (2024) to comply with '
'cybersecurity and emissions '
'regulations'},
'stakeholder_advisories': 'Porsche has communicated the discontinuation to '
'dealers, customers, and investors, emphasizing the '
'transition to the all-electric Macan and broader '
'electrification goals.',
'title': 'Discontinuation of Porsche Macan ICE in Europe Due to UNECE WP.29 '
'Cybersecurity Regulations',
'type': 'Regulatory Non-Compliance (Cybersecurity)'}