- Latest available (Revised)
- Original (As adopted by EU)
Commission Implementing Regulation (EU) 2016/799Show full title
Commission Implementing Regulation (EU) 2016/799 of 18 March 2016 implementing Regulation (EU) No 165/2014 of the European Parliament and of the Council laying down the requirements for the construction, testing, installation, operation and repair of tachographs and their components (Text with EEA relevance)
You are here:
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
Revised version PDFs
- Revised 26/02/202011.25 MB
- Revised 17/04/201810.62 MB
- Revised 26/05/20169.89 MB
This is a Regulation originating from the EU
This is a legislation item that originated from the EU
After exit day there will be three versions of this legislation to consult for different purposes. The legislation.gov.uk version is the version that applies in the UK. The EU Version currently on EUR-lex is the version that currently applies in the EU i.e you may need this if you operate a business in the EU.
The web archive version is the official version of this legislation item as it stood on exit day before being published to legislation.gov.uk and any subsequent UK changes and effects applied. The web archive also captured associated case law and other language formats from EUR-Lex.
Changes over time for: Division 9.2.
Changes to legislation:
There are outstanding changes not yet made to Commission Implementing Regulation (EU) 2016/799. Any changes that have already been made to the legislation appear in the content and are referenced with annotations.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. Changes and effects are recorded by our editorial team in lists which can be found in the ‘Changes to Legislation’ area. Where those effects have yet to be applied to the text of the legislation by the editorial team they are also listed alongside the legislation in the affected provisions. Use the ‘more’ link to open the changes and effects relevant to the provision you are viewing.
Changes and effects yet to be applied to the whole legislation item and associated provisions
- Signature words omitted by S.I. 2019/453 reg. 110
- Annex 1C modified by S.I. 2023/739 reg. 3 Sch.
9.2. Symmetric Keys U.K.
9.2.1 Keys for Securing VU — Motion Sensor Communication U.K.
9.2.1.1 General U.K.
Note: readers of this section are supposed to be familiar with the contents of [ISO 16844-3] describing the interface between a vehicle unit and a motion sensor. The pairing process between a VU and a motion sensor is described in detail in chapter 12 of this Appendix.U.K.
CSM_100A number of symmetric keys is needed for pairing vehicle units and motion sensors, for mutual authentication between vehicle units and motion sensors and for encrypting communication between vehicle units and motion sensors, as shown in Table 3. All of these keys shall be AES keys, with a key length equal to the length of the motion sensor master key, which shall be linked to the length of the (foreseen) European root key pair as described in CSM_50.U.K.
| Table 3 | ||||
| Keys for securing vehicle unit — motion sensor communication | ||||
| a Storage of KM and KID is optional, as these keys can be derived from KM-VU, KM-WC and CV. | ||||
| Key | Symbol | Generated by | Generation method | Stored by |
|---|---|---|---|---|
| Motion Sensor Master Key — VU part | KM-VU | ERCA | Random | ERCA, MSCAs involved in issuing VUs certificates, VU manufacturers, vehicle units |
| Motion Sensor Master Key — Workshop part | KM-WC | ERCA | Random | ERCA, MSCAs, card manufacturers, workshop cards |
| Motion Sensor Master Key | KM | Not independently generated | Calculated as KM = KM-VU XOR KM-WC | ERCA, MSCAs involved in issuing motion sensors keys (optionally)a |
| Identification Key | KID | Not independently generated | Calculated as KID = KM XOR CV, where CV is specified in CSM_106 | ERCA, MSCAs involved in issuing motion sensors keys (optionally)a |
| Pairing Key | KP | Motion sensor manufacturer | Random | One motion sensor |
| Session Key | KS | VU (during pairing of VU and motion sensor) | Random | One VU and one motion sensor |
CSM_101The European Root Certificate Authority shall generate KM-VU and KM-WC, two random and unique AES keys from which the motion sensor master key KM can be calculated as KM-VU XOR KM-WC. The ERCA shall communicate KM, KM-VU and KM-WC to Member State Certificate Authorities upon their request.U.K.
CSM_102The ERCA shall assign to each motion sensor master key KM a unique version number, which shall also be applicable for the constituting keys KM-VU and KM-WC and for the related identification key KID. The ERCA shall inform the MSCAs about the version number when sending KM-VU and KM-WC to them.U.K.
Note: The version number is used to distinguish different generations of these keys, as explained in detail in section 9.2.1.2.U.K.
CSM_103A Member State Certificate Authority shall forward KM-VU, together with its version number, to vehicle unit manufacturers upon their request. The VU manufacturers shall insert KM-VU and its version number in all manufactured VUs.U.K.
CSM_104A Member State Certificate Authority shall ensure that KM-WC, together with its version number, is inserted in every workshop card issued under its responsibility.U.K.
Notes: U.K.
—See the description of data type 
in Appendix 2.U.K.
—as explained in section 9.2.1.2, in fact multiple generations of KM-WC may have to be inserted in a single workshop card.U.K.
CSM_105In addition to the AES key specified in CSM_104, a MSCA shall ensure that the TDES key KmWC, specified in requirement CSM_037 in Part A of this Appendix, is inserted in every workshop card issued under its responsibility.U.K.
Notes: U.K.
—This allows a second-generation workshop card to be used for coupling a first-generation VU.U.K.
—A second-generation workshop card will contain two different applications, one complying with Part B of this Appendix and one complying with Part A. The latter will contain the TDES key KmWC.U.K.
CSM_106An MSCA involved in issuing motion sensors shall derive the identification key from the motion sensor master key by XORing it with a constant vector CV. The value of CV shall be as follows:U.K.
[F1For 128-bit motion sensor master keys: CV = ‘ B6 44 2C 45 0E F8 D3 62 0B 7A 8A 97 91 E4 5D 83 ’]
For 192-bit motion sensor master keys: CV = ‘72 AD EA FA 00 BB F4 EE F4 99 15 70 5B 7E EE BB 1C 54 ED 46 8B 0E F8 25’
For 256-bit motion sensor master keys: CV = ‘1D 74 DB F0 34 C7 37 2F 65 55 DE D5 DC D1 9A C3 23 D6 A6 25 64 CD BE 2D 42 0D 85 D2 32 63 AD 60’
Textual Amendments
Note: the constant vectors have been generated as follows:U.K.
Pi_10 = first 10 bytes of the decimal portion of the mathematical constant π = ‘24 3F 6A 88 85 A3 08 D3 13 19’
CV_128-bits = first 16 bytes of SHA-256(Pi_10)
CV_192-bits = first 24 bytes of SHA-384(Pi_10)
CV_256-bits = first 32 bytes of SHA-512(Pi_10)
CSM_107 [F1Each Motion sensor manufacturer shall generate a random and unique pairing key K P for every motion sensor, and shall send each pairing key to its Member State Certificate Authority. The MSCA shall encrypt each pairing key separately with the motion sensor master key K M and shall return the encrypted key to the motion sensor manufacturer. For each encrypted key, the MSCA shall notify the motion sensor manufacturer of the version number of the associated K M .] U.K.
Note: as explained in section 9.2.1.2, in fact a motion sensor manufacturer may have to generate multiple unique pairing keys for a single motion sensor.U.K.
[F1CSM_108 Each motion sensor manufacturer shall generate a unique serial number for every motion sensor, and shall send all serial numbers to its Member State Certificate Authority. The MSCA shall encrypt each serial number separately with the identification key K ID and shall return the encrypted serial number to the motion sensor manufacturer. For each encrypted serial number, the MSCA shall notify the motion sensor manufacturer of the version number of the associated K ID .] U.K.
CSM_109For requirements CSM_107 and CSM_108, the MSCA shall use the AES algorithm in the Cipher Block Chaining mode of operation, as defined in [ISO 10116], with an interleave parameter m = 1 and an initialization vector SV = ‘00’ {16}, i.e. sixteen bytes with binary value 0. When necessary, the MSCA shall use padding method 2 defined in [ISO 9797-1].U.K.
CSM_110The motion sensor manufacturer shall store the encrypted pairing key and the encrypted serial number in the intended motion sensor, together with the corresponding plain text values and the version number of KM and KID used for encrypting.U.K.
Note: as explained in section 9.2.1.2, in fact a motion sensor manufacturer may have to insert multiple encrypted pairing keys and multiple encrypted serial numbers in a single motion sensor.U.K.
CSM_111In addition to the AES-based cryptographic material specified in CSM_110, a motion sensor manufacturer may also store in each motion sensor the TDES-based cryptographic material specified in requirement CSM_037 in Part A of this Appendix.U.K.
Note: doing so will allow a second-generation motion sensor to be coupled to a first-generation VU.U.K.
CSM_112The length of the session key KS generated by a VU during the pairing to a motion sensor shall be linked to the length of its KM-VU, as described in CSM_50.U.K.
9.2.1.2 Motion Sensor Master Key Replacement in Second-Generation Equipment U.K.
CSM_113Each motion sensor master key and all related keys (see Table 3) is associated to a particular generation of the ERCA root key pair. These keys shall therefore be replaced every 17 years. The validity period of each motion sensor master key generation shall begin one year before the associated ERCA root key pair becomes valid and shall end when the associated ERCA root key pair expires. This is depicted in Figure 2.U.K.
Figure 2
Issuance and usage of different generations of the motion sensor master key in vehicle units, motions sensors and workshop cards
CSM_114At least one year before generating a new European root key pair, as described in CSM_56, the ERCA shall generate a new motion sensor master key KM by generating a new KM-VU and KM-WC. The length of the motion sensor master key shall be linked to the foreseen strength of the new European root key pair, according to CSM_50. The ERCA shall communicate the new KM, KM-VU and KM-WC to the MSCAs upon their request, together with their version number.U.K.
CSM_115An MSCA shall ensure that all valid generations of KM-WC are stored in every workshop card issued under its authority, together with their version numbers, as shown in Figure 2.U.K.
Note: this implies that in the last year of the validity period of an ERCA certificate, workshop cards will be issued with three different generations of KM-WC, as shown in Figure 2.U.K.
CSM_116In relation to the process described in CSM_107 and CSM_108 above: An MSCA shall encrypt each pairing key KP it receives from a motion sensor manufacturer separately with each valid generation of the motion sensor master key KM. An MSCA shall also encrypt each serial number it receives from a motion sensor manufacturer separately with each valid generation of the identification key KID. A motion sensor manufacturer shall store all encryptions of the pairing key and all encryptions of the serial number in the intended motion sensor, together with the corresponding plain text values and the version number(s) of KM and KID used for encrypting.U.K.
Note: This implies that in the last year of the validity period of an ERCA certificate, motion sensors will be issued with encrypted data based on three different generations of KM, as shown in Figure 2.U.K.
CSM_117In relation to the process described in CSM_107 above: Since the length of the pairing key KP shall be linked to the length of KM (see CSM_100), a motion sensor manufacturer may have to generate up to three different pairing keys (of different lengths) for one motion sensor, in case subsequent generations of KM have different lengths. In such a case, the manufacturer shall send each pairing key to the MSCA. The MSCA shall ensure that each pairing key is encrypted with the correct generation of the motion sensor master key, i.e. the one having the same length.U.K.
Note: In case the motion sensor manufacturer chooses to generate a TDES-based pairing key for a second-generation motion sensor (see CSM_111), the manufacturer shall indicate to the MSCA that the TDES-based motion sensor master key must be used for encrypting this pairing key. This is because the length of a TDES key may be equal to that of an AES key, so the MSCA cannot judge from the key length alone.U.K.
CSM_118Vehicle unit manufacturers shall insert only one generation of KM-VU in each vehicle unit, together with its version number. This KM-VU generation shall be linked to the ERCA certificate upon which the VU's certificates are based.U.K.
Notes: U.K.
—A vehicle unit based on the generation X ERCA certificate shall only contain the generation X KM-VU, even if it is issued after the start of the validity period of the generation X+1 ERCA certificate. This is shown in Figure 2.U.K.
—A VU of generation X cannot be paired to a motion sensor of generation X-1.U.K.
—Since workshop cards have a validity period of one year, the result of CSM_113 — CSM_118 is that all workshop cards will contain the new KM-WC at the moment the first VU containing the new KM-VU is issued. Therefore, such a VU will always be able to calculate the new KM. Moreover, by that time most new motion sensors will contain encrypted data based on the new KM as well.U.K.
9.2.2 Keys for Securing DSRC Communication U.K.
9.2.2.1 General U.K.
CSM_119The authenticity and confidentiality of data communicated from a vehicle unit to a control authority over a DSRC remote communication channel shall be ensured by means of a set of VU-specific AES keys derived from a single DSRC master key, KMDSRC.U.K.
CSM_120The DSRC master key KMDSRC shall be an AES key that is securely generated, stored and distributed by the ERCA. The key length may be 128, 192 or 256 bits and shall be linked to the length of the European root key pair, as described in CSM_50.U.K.
CSM_121The ERCA shall communicate the DSRC master key to Member State Certificate Authorities upon their request in a secure manner, to allow them to derive VU-specific DSRC keys and to ensure that the DSRC master key is inserted in all control cards and workshop cards issued under their responsibility.U.K.
CSM_122The ERCA shall assign to each DSRC master key a unique version number. The ERCA shall inform the MSCAs about the version number when sending the DSRC master key to them.U.K.
Note: The version number is used to distinguish different generations of the DSRC master key, as explained in detail in section 9.2.2.2.U.K.
[F1CSM_123 For every vehicle unit, the vehicle unit manufacturer shall create a unique VU serial number and shall send this number to its Member State Certificate Authority in a request to obtain a set of two VU-specific DSRC keys. The VU serial number shall have data type 
. U.K.
Note: U.K.
This VU serial number shall be identical to the vuSerialNumber element of VuIdentification, see Appendix 1 and to the Certificate Holder Reference in the VU’s certificates.
The VU serial number may not be known at the moment a vehicle unit manufacturer requests the VU-specific DSRC keys. In this case, the VU manufacturer shall send instead the unique certificate request ID it used when requesting the VU’s certificates; see CSM_153. This certificate request ID shall therefore be equal to the Certificate Holder Reference in the VU’s certificates.]
CSM_124Upon receiving a request for VU-specific DSRC keys, the MSCA shall derive two AES keys for the vehicle unit, called K_VUDSRC_ENC and K_VUDSRC_MAC. These VU-specific keys shall have the same length as the DSRC master key. The MSCA shall use the key derivation function defined in [RFC 5869]. The hash function that is necessary to instantiate the HMAC-Hash function shall be linked to the length of the DSRC master key, as described in CSM_50. The key derivation function in [RFC 5869] shall be used as follows:U.K.
Step 1 (Extract):
PRK = HMAC-Hash (salt, IKM) where salt is an empty string ‘’ and IKM is KMDSRC.
Step 2 (Expand):
OKM = T(1), where
T(1) = HMAC-Hash (PRK, T(0) || info || ‘01’) with
T(0) = an empty string (‘’)
[F1info = VU serial number or certificate request ID, as specified in CSM_123]
K_VUDSRC_ENC = first L octets of OKM and
K_VUDSRC_MAC = last L octets of OKM
where L is the required length of K_VUDSRC_ENC and K_VUDSRC_MAC in octets.
CSM_125The MSCA shall distribute K_VUDSRC_ENC and K_VUDSRC_MAC to the VU manufacturer in a secure manner for insertion in the intended vehicle unit.U.K.
CSM_126When issued, a vehicle unit shall have stored K_VUDSRC_ENC and K_VUDSRC_MAC in its secure memory, in order to be able to ensure the integrity, authenticity and confidentiality of data sent over the remote communication channel. A vehicle unit shall also store the version number of the DSRC master key used to derive these VU-specific keys.U.K.
CSM_127When issued, control cards and workshop cards shall have stored KMDSRC in their secure memory, in order to be able to verify the integrity and authenticity of data sent by a VU over the remote communication channel and to decrypt this data. Control cards and workshop cards shall also store the version number of the DSRC master key.U.K.
Note: as explained in section 9.2.2.2, in fact multiple generations of KMDSRC may have to be inserted in a single workshop card or control card.U.K.
[F1CSM_128 The MSCA shall keep records of all VU-specific DSRC keys it generated, their version number and the VU serial number or certificate request ID used in deriving them.] U.K.
9.2.2.2 DSRC Master Key Replacement U.K.
CSM_129Each DSRC master key is associated to a particular generation of the ERCA root key pair. The ERCA shall therefore replace the DSRC master key every 17 years. The validity period of each DSRC master key generation shall begin two years before the associated ERCA root key pair becomes valid and shall end when the associated ERCA root key pair expires. This is depicted in Figure 3.U.K.
Figure 3
Issuance and usage of different generations of the DSRC master key in vehicle units, workshop cards and control cards
CSM_130At least two years before generating a new European root key pair, as described in CSM_56, the ERCA shall generate a new DSRC master key. The length of the DSRC key shall be linked to the foreseen strength of the new European root key pair, according to CSM_50. The ERCA shall communicate the new DSRC master key to the MSCAs upon their request, together with its version number.U.K.
CSM_131An MSCA shall ensure that all valid generations of KMDSRC are stored in every control card issued under its authority, together with their version numbers, as shown in Figure 3.U.K.
Note: this implies that in the last two years of the validity period of an ERCA certificate, control cards will be issued with three different generations of KMDSRC, as shown in Figure 3.U.K.
CSM_132An MSCA shall ensure that all generations of KMDSRC that have been valid for at least a year and are still valid, are stored in every workshop card issued under its authority, together with their version numbers, as shown in Figure 3.U.K.
Note: this implies that in the last year of the validity period of an ERCA certificate, workshop cards will be issued with three different generations of KMDSRC, as shown in Figure 3.U.K.
CSM_133Vehicle unit manufacturers shall insert only one set of VU-specific DSRC keys into each vehicle unit, together with its version number. This set of keys shall be derived from the KMDSRC generation linked to the ERCA certificate upon which the VU's certificates are based.U.K.
Notes: U.K.
—This implies that a vehicle unit based on the generation X ERCA certificate shall only contain the generation X K_VUDSRC_ENC and K_VUDSRC_MAC, even if the VU is issued after the start of the validity period of the generation X+1 ERCA certificate. This is shown in Figure 3.U.K.
—Since workshop cards have a validity period of one year and control cards of two years, the result of CSM_131 — CSM_133 is that all workshop cards and control cards will contain the new DSRC master key at the moment the first VU containing VU-specific keys based on that master key will be issued.U.K.
Options/Help
Print Options
PrintThe Whole Regulation
PrintThe Whole Annex
PrintThe Whole Division
PrintThe Whole Part
PrintThe Whole Division
PrintThis Division only
You have chosen to open the Whole Regulation
The Whole Regulation you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
You have chosen to open Schedules only
The Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.