How the New TISAX® Rules Empower Automotive Suppliers

DQS HK

Blog Author

Jul 09 , 2025

With the growing complexity of digital systems, data security is now a fundamental requirement in the automotive industry. Original Equipment Manufacturers (OEMs) are demanding more transparency and control over the way their suppliers manage sensitive information, and TISAX® remains a key tool in meeting those expectations.

The latest updates to the TISAX® rules introduce important changes that are already reshaping how suppliers prepare for and approach their assessments. These updates not only raise the standard, they also offer suppliers a clearer, more strategic path to demonstrating trustworthiness.

Here’s how the new TISAX® rules are helping automotive suppliers succeed.

A More Practical and Transparent Process

The TISAX® framework has always aimed to bring consistency to information security across the automotive supply chain. Now, the updated rules go a step further by making the process easier to navigate.

The latest version of the ISA (Information Security Assessment) catalog, ISA 6.0, features clearer language, a simplified structure, and more guidance on how to address each control. This helps reduce uncertainty during preparation and allows suppliers to focus on what matters most: strengthening their security posture.

Remote-Friendly Assessments: AL2 and AL2.5

One of the most notable changes is the option to complete Assessment Level 2 (AL2) and the new AL2.5 assessments entirely remotely. This is especially valuable for small and mid-sized suppliers that may find on-site audits disruptive or costly.

Remote assessments enable:

Lower travel and logistical expenses
Greater flexibility in scheduling
Faster access to certification outcomes

This flexibility makes it easier for suppliers to stay compliant while maintaining operational efficiency.

Better Alignment with International Standards

The new rules bring TISAX® into closer alignment with internationally recognized standards such as ISO/IEC 27001 and the NIST cybersecurity framework. This encourages a more risk-based, context-specific approach to information security.

For suppliers, this means:

A stronger connection between TISAX® and your existing Information Security Management System (ISMS)
A focus on real, business-relevant risks
Improved integration between compliance and overall risk management

This not only improves audit readiness but also strengthens your ability to manage threats proactively.

Electromobility, electric car, e-car, being charged at a charging station, Duesseldorf, North Rhine-

Greater Data Control and Transparency

The updated rules also offer participants more control over their data within the TISAX® exchange system. Companies can now manage how and with whom their assessment results are shared, ensuring:

Increased confidentiality
Protection of competitive information
Enhanced visibility into how your TISAX® label is used by OEMs or other partners

This builds trust within the supply chain, both in how data is handled and in the reliability of the assessment process itself.

TISAX® as a Business Differentiator

What was once a compliance checkbox is now becoming a strategic differentiator. As OEMs continue to tighten their information security requirements, suppliers with a valid TISAX® label, especially those who demonstrate maturity beyond minimum compliance, stand out as preferred partners.

By embracing the new TISAX® framework, suppliers can:

Meet growing customer expectations
Signal trust and security readiness
Strengthening their position in global supply chains

Interested in TISAX®?

Get your quote today.

Start a conversation

Author

DQS HK

"In everything we do, we set the highest standards for quality and competence in every project. This makes our actions the benchmark for our industry, but also our own mission statement, which we renew every day"