What the TISAX Readiness Check evaluates
The TISAX Readiness Check for authorities is only relevant if your authority processes automotive data as a research institution or development operator (e.g., technical testing bodies, state research institutes). For standard administrative operations, TISAX is not relevant.
Legal foundations
VDA ISA 6.0; ENX Association TISAX framework. For authorities without automotive context: BSI IT-Baseline plus state IT security acts are the applicable references. Placeholder — Phase 46 provides the target-group-specific ContentBlock.
How the check works
1. Notice: TISAX is primarily automotive (banner at the top) 2. If relevant: choose target group authority 3. AL determination and maturity questions 4. Result with guidance on BSI IT-Baseline as the alternative
Your benefits
• Free and without registration • Clear distinction: automotive vs. administration • Reference to BSI IT-Baseline as the public-body standard • Legal status April 2026
Frequently asked questions
- Is TISAX relevant for authorities?
- Only for specialized bodies with automotive context (e.g., Federal Motor Transport Authority, state research institutes). For standard administration, BSI IT-Baseline is the applicable standard.
- What alternatives do authorities have?
- BSI IT-Baseline, BSI Standards 200-1/2/3, and — for municipalities — the state-specific IT security acts form the core standard for public administration.
- When does an authority still need a TISAX label?
- When it processes OEM or supplier data as part of the automotive supply chain. This is generally a contractual exception and affects only a few bodies.
This initial assessment is not legal advice and does not replace consultation with a qualified lawyer. Legal status: April 2026.