Why OEMs Now Demand TISAX, VISAR & ISO 27001, and What UK Dealerships Must Do Next
Cybersecurity standards like TISAX, VISAR, and ISO 27001 are now required by Volkswagen, BMW, Mercedes-Benz and others. Here’s what it means for UK dealerships and suppliers, and how to protect your contracts.
JLR Cyberattack in August 2025: A Turning Point for the Industry
In August 2025, Jaguar Land Rover’s UK operations were disrupted by a cyberattack that originated in its supply chain. Vehicle deliveries stalled. Operations were halted. The headlines were everywhere.
It wasn’t just a wake-up call for JLR, it sent a message across the entire automotive ecosystem: you’re only as secure as your weakest vendor.
The Cybersecurity Mandates Now Affecting UK Dealerships
In response to the growing number of attacks, OEMs are pushing new compliance demands onto dealerships, suppliers, and IT partners. These include:
- VISAR – Volkswagen’s dealer-level security assessment
- VDA ISA – The control set used by German OEMs
- TISAX – The formal certification many now require
- ISO 27001 – Internationally recognised information security standard
These aren’t optional. If you haven’t been asked yet, you likely will be soon.
More High-Profile Incidents You Should Know About
CDK Global Ransomware Attack
In June 2024, CDK, a major dealership software platform — was taken offline by a ransomware attack. It disrupted over 15,000 dealerships. CDK reportedly paid a $25 million ransom to restore operations.
ClickFix Dealership Website Breach
In July 2025, over 2,000 dealership websites were compromised due to a vulnerable plugin (ClickFix). Malicious code was injected, exposing customers to phishing and malware.
⚠️ Who’s Demanding TISAX or VISAR?
- Volkswagen Group – Uses VISAR across SEAT, Audi, VW, Škoda
- Mercedes-Benz – Explicitly requires TISAX for sensitive operations
- BMW – Requires TISAX AL2 or AL3 for data-handling suppliers
- Stellantis – Circulated TISAX guidance to all supplier groups
🧭 What Should Dealerships Do Now?
At Bondgate IT, we simplify compliance for dealerships and suppliers by helping you:
- ✅ Complete your VISAR self-assessment
- ✅ Fast-track Cyber Essentials certification
- ✅ Align with VDA ISA requirements
- ✅ Prepare for ISO 27001 or TISAX certification
- ✅ Train your team and manage risks internally
📞 Book a Free Cyber Readiness Call
We’ll walk you through what your OEM is asking, assess your current state, and show you exactly what to do next, no jargon, no pressure.
Book Your Free Call🚀 Get Started with Bondgate IT
Complete the form below to request your free consultation, download the guide, or ask a question and we’ll get straight back to you.