Security Maturity: What TISAX® 2025 Requirements Say About Trust in the Automotive Supply Chain

From over-the-air (OTA) updates to digital twins and shared mobility platforms, the automotive industry is undergoing one of the most profound transformations in its history. Behind the scenes, this evolution hinges on something seemingly intangible yet absolutely foundational: trust in data, in systems, and in suppliers.

That trust is now being codified through TISAX® (Trusted Information Security Assessment Exchange) Version 6.0, the latest evolution of the Trusted Information Security Assessment Exchange, which governs how information security is validated across the automotive value chain. But this version goes far beyond compliance checklists. It reflects a deeper shift in how original equipment manufacturers (OEMs) are approaching supplier relationships.

The New Reality for Automotive Suppliers

As of 2025, all TISAX® assessments must conform to Version 6.0 of the VDA ISA catalog. This is no minor version bump. With heightened scrutiny of information classification, operational technology, and privacy risk management, OEMs are signaling a new baseline: trust, transparency, and security maturity are now prerequisites for participation.

Trust, Translated into Frameworks

Why are TISAX® changes emerging now?

In short, because the risks have changed.

Vehicles have never been isolated products—they’re endpoints in vast, real-time digital ecosystems, and Information Security standards should reflect that:

·       OTA updates push new code into fleets overnight.

·       Digital twins replicate physical systems in cyberspace.

·       Shared mobility creates persistent, cross-platform data flows.

Each of these innovations introduces new attack surfaces and interdependencies.

For OEMs, these are not theoretical risks. A breach in one supplier’s system can ripple across an entire product lifecycle—from design to manufacturing to driver experience. That’s why frameworks like TISAX® are shifting from generalized security assurances to dimension-specific accountability.

TISAX® Version 6.0 makes this tangible. Instead of relying on broad “Information Security Very High” tags, the new version allows for granular evaluations in confidentiality, availability, and integrity. It’s a more mature approach—one that mirrors the complexity of today’s automotive supply chain security.

Maturity as a Market Signal

For suppliers, demonstrating compliance with TISAX® 6.0 signals to OEMs that they are capable partners. More than ever, trust is earned through maturity—in security postures, in process design, and in organizational readiness.

And some OEMs are already raising the bar. According to recent industry updates, Honda and Hyundai have modified their automotive supplier security expectations, while others like Daimler Trucks continue to use TISAX® as a filtering mechanism for supplier qualification.

In this climate, lagging on compliance could mean losing access to future programs.

Why Trust Needs a Technical Backbone

TISAX® 6.0 is being described as a compliance update, which minimizes the meaning behind this change to expectations in automotive supply chain security. It reflects a growing consensus that in an age of hyperconnectivity and intelligent mobility, any level of supply chain can be vulnerable.

For automotive suppliers, especially Honda, Hyundai and Daimer suppliers, that means suppliers must prove trustworthiness through rigorous, tailored, and transparent practices. The question is no longer “Are we secure enough?” but rather “Are we trusted enough to be part of the future?”

This article was independently written by DQS and is not affiliated with or endorsed by Honda Motor Co., Ltd., Hyundai Motor Company, Daimler Trucks North America, or any other OEM.