← Compliance Hub

COMPLIANCE · INDIA

AIS 189

India's organisational CSMS standard, designed to interoperate with UNECE R155 and ISO/SAE 21434. One evidence chain — Indian programmes serving global OEMs.

See KAVACH On Your ArchitectureRequest A Compliance Readiness Discussion
Regulator: Government of India / ARAIScope: India's organisational cybersecurity management standard for vehicle manufacturers

WHAT IS AIS 189?

AIS 189 is India's standard for an organisational automotive Cybersecurity Management System — India-ready, globally aligned with UNECE R155 expectations.

CONTEXT

AIS 189 defines organisational CSMS requirements for vehicle manufacturers operating in India. The evidence chain mirrors UNECE R155 and ISO/SAE 21434 patterns intentionally, so Indian programmes can satisfy domestic approvals and global export-market expectations on the same underlying work products.

WHAT ENGINEERING TEAMS PRODUCE

Outputs that go into the evidence chain

  • 01

    Documented organisational Cybersecurity Management System covering processes and governance

  • 02

    Roles, responsibilities, and competence evidence for cybersecurity engineering teams

  • 03

    Risk-management processes aligned with ISO/SAE 21434 lifecycle activities

  • 04

    Supplier coordination evidence — Cybersecurity Interface Agreements

  • 05

    Vulnerability management and incident-response process evidence

  • 06

    Post-production monitoring and continuous-improvement records

WHERE TEAMS STRUGGLE

Friction points that show up at audit time

  • AIS 189 readiness is new for many Indian programmes — interpretation and audit expectations are still settling

  • Programmes already chasing UNECE R155 for export markets need to avoid duplicating evidence for India

  • Supplier coordination across Indian and global tiers compounds the Interface Agreement burden

  • Documented governance often lags real-world engineering practice

HOW AGNILE AND KAVACH HELP

Engineering evidence prepared for review

We support evidence preparation, structure work products, and help engineering teams ready themselves for assessment discussions. Final review and approval rest with the relevant authority.

  • KAVACH workflows align with ISO/SAE 21434 — the same engineering outputs satisfy AIS 189 and UNECE R155 readiness

  • Architecture-aware TARA, Cybersecurity Case assembly, and Interface Agreement workflows on one evidence chain

  • Agnile India-based engineering teams support AIS readiness sprints and supplier-side coordination

  • Optional on-premise or customer-dedicated EU VPC deployment keeps sensitive programme data inside the customer's boundary

RELATED CAPABILITIES

RELATED RESOURCES

Detailed reference reading

PILLAR GUIDE

In-depth AIS 189 reference guide

Long-form technical reference — work-product enumeration, clause-level walkthroughs, and worked examples.

Read the guide →

INDUSTRY

Automotive Cybersecurity in India: The Growing Opportunity

India’s AIS 189/190 regulations, Bengaluru’s emerging cybersecurity hub, and the opportunity for Indian automotive companies.

Read article →

COMPANY NEWS

Agnile Technologies and Dayananda Sagar University Forge Strategic MoU

A strategic partnership to advance Cybersecurity research for the mobility sector.

Read article →

ISO/SAE 21434

ISO/SAE 21434 vs UNECE R155: What’s the Difference?

Engineering standard vs regulation — understanding how ISO/SAE 21434 and UNECE R155 work together for Automotive Cybersecurity compliance.

Read article →

FAQ

Common questions about AIS 189

Move from architecture to AIS 189 evidence with engineers who do this work.

Bring a programme scope. We'll show where KAVACH fits cleanly, where integration work is, and what evidence is already in good shape for review.