Skip to content
Background Banner
TISAX assessment level comparison graphic showing two holographic panels in a dark boardroom, an AL2 panel on the left with checklist, shield, team and gauge icons and an AL3 panel on the right with a car and a network of connected security controls, joined by a glowing balance scale in the centre, illustrating how AL2 and AL3 assess the same controls at different verification depths.
TISAX®July 13, 2026 · Iulian Bozdoghina (Lead Auditor and Consultant) · 11 min read

TISAX® AL2 vs AL3: Which Assessment Level Do You Actually Need?

AL3 is not AL2 with harder rules. It is the same VDA ISA controls checked on-site. Which TISAX level you need is set by your customer, not by you.

Iulian Bozdoghina
Iulian BozdoghinaLead Auditor and Consultant

Executive Summary

TISAX has three assessment levels, and the two that matter for most suppliers are AL2 and AL3. The usual assumption is that AL3 is a tougher version of AL2 with extra requirements. It is not. AL2 and AL3 assess the same VDA® ISA controls at the same target maturity. The only thing that changes is how the auditor checks: AL2 is a remote review, AL3 is an on-site assessment. And here is the part almost nobody leads with. You usually do not choose your level at all. It is derived from the protection labels your customer requires. Three things force AL3: very high confidentiality, any prototype label, and very high availability. Almost everything else is AL2. Reach for AL3 when your customer only needed AL2 and you have bought yourself an on-site audit, extra scope, and a three-year cycle at the higher level for nothing you can put on an invoice to the customer.

You have been told you need TISAX. Maybe it was a line in a procurement questionnaire, maybe a Tier-1 customer said your next quote depends on it. So you start reading, and within an hour you hit the levels: AL1, AL2, AL3. The pages you find explain that AL3 is the deepest, most thorough audit, and a reasonable instinct kicks in. If AL3 is the serious one, surely that is the one to aim for.

That instinct is exactly how suppliers talk themselves into weeks of work they never needed to do.

So let us take the decision apart. What the levels actually mean, why the choice is usually not yours to make, the three things that genuinely require AL3, and what it costs when a supplier reaches for the higher level just to look diligent.

The level is not something you pick from a menu

Start with the thing most pages bury. Your TISAX assessment level is not a preference you select. It is a consequence of what you are protecting.

TISAX works through assessment objectives, which appear as labels on the ENX portal. Those labels describe the kind of information you handle and how sensitive it is: information with high protection needs, information with very high protection needs, prototype protection, data protection, and, since the VDA ISA 6.0 catalogue, availability as a protection goal in its own right. Your customer tells you which labels they require, either directly or through the protection level written into the contract. The assessment level then follows from those labels. As the TISAX rules put it, the level results from the objectives you need, not the other way around.

So the real first question is never "AL2 or AL3." It is "which labels did my customer actually ask for." Answer that and the level is already decided for you. Guess at it, or jump straight to comparing AL2 and AL3 in the abstract, and you are solving the wrong problem.

AL3 is not "AL2 but harder"

Here is the misconception worth killing early, because it drives most of the bad calls we see.

AL2 and AL3 are built on the same VDA ISA catalogue. Same controls, same questions, same maturity bar. TISAX scores each control from zero to five, and the target is the same whether you are heading for AL2 or AL3. Nobody bolts on extra controls when you move up. The requirements do not get stricter. One thing changes, and only one: how the auditor confirms that you meet them.

AL1 is a self-assessment. You fill it in, and on its own it is rarely enough for an OEM.

AL2 is a remote assessment. An accredited audit provider reviews your evidence and interviews your people over video or phone, checking that what you claimed in your self-assessment holds up. A plausibility check, done at a distance.

AL3 is that same check, on-site. The assessor comes to your location, walks the premises, inspects physical security, spot-checks technical controls, and interviews your team in the room. Same catalogue, same standard, verified in person instead of over a screen.

Once you see it this way, "which level is harder" stops being the right question. AL3 is not a harder exam. It is the same exam with the invigilator sitting next to you. That single distinction is the whole basis for deciding well, because the question is no longer "can we clear a higher bar." It is "does the sensitivity of our data actually need someone standing in our building."

The three things that genuinely require AL3

For most suppliers handling information with high protection needs, AL2 is the norm. AL3 gets triggered by a smaller, specific set of situations, and it pays to know them exactly so you neither under-scope nor over-scope.

The first trigger is very high confidentiality. When the information you hold is not merely confidential but strictly confidential, the kind of data where a leak would seriously hurt your customer, the protection need steps up to very high, and that objective calls for an on-site assessment. In the current catalogue this is the label once called "Info Very High," now read as strictly confidential.

The second trigger is prototype protection, and this one is not up for debate. Every prototype protection objective requires AL3. Handle physical prototype parts, prototype vehicles, test vehicles, or host events where prototypes are shown, and you are going to AL3. The reason is simple. Protecting prototypes is as much about locks, zones, and who can walk where as it is about data, and you cannot verify a secure prototype area over a video call. The auditor has to see it.

The third trigger is very high availability, and it is the one that catches people out, because it is relatively new. The VDA ISA 6.0 catalogue split the old single information-security objective into separate confidentiality and availability labels. Availability is now assessed on its own terms, and where a customer requires very high availability, that points to AL3 as well. A supplier whose data is not especially confidential can still land at AL3 purely because a customer depends on their systems staying up. Guidance written before the 6.0 change tends to miss this completely.

Special-category personal data sits in the same tier. Standard data protection under the usual GDPR provisions maps to AL2, but the special categories of personal data raise the protection need and bring AL3 into play.

Outside those situations, high protection needs are handled at AL2. That is the default across most of the supply base, and treating it as the lesser option is precisely the mistake this article is trying to head off.

The over-scoping trap

Now the expensive part. Say your customer asked for a label that sits at AL2, and you are tempted to do AL3 anyway. To look thorough. To be safe. To make sure no one ever tells you that you came up short. It feels like the responsible choice. In practice it is usually just the pricier one.

Going to AL3 when AL2 was required earns you no better standing with the customer, because the customer set the requirement and an AL2 label satisfies it. What the higher level does cost you is concrete. An on-site audit instead of a remote one, with the travel, scheduling, and day-of logistics of hosting an assessor. Scope you might not otherwise have taken on, especially around physical security, because on-site verification looks hard at things a remote review would leave alone. More preparation to get every one of those areas presentable. And it locks in for the full three-year validity, so the recertification down the line is on-site too. If you want a sense of what that repeating cycle looks like, the TISAX recertification countdown lays it out.

We see the reasoning that leads here, and it is nearly always defensive rather than calculated. Better safe than failing, the thinking goes. But you do not fail by holding the correct label for your data. You overspend by holding a heavier one than your contracts call for. The disciplined move is to confirm the requirement and meet it exactly, not to pad it. If a customer raises their protection requirement later, the label follows the requirement then, on their timing and their justification, not pre-emptively on yours.

There is a mirror image of the same mistake, and it deserves naming. Under-scoping, going for AL2 when the customer's label actually needs AL3, is the more damaging one, because the result will not be accepted and you have paid for an assessment that does not clear the requirement. Both failures grow from the same root: deciding the level before confirming the labels.

How to confirm the level you actually need

The practical path is short, and it starts nowhere near the AL2-versus-AL3 comparison.

Read the requirement your customer gave you, and read it for the labels, not for a level. Procurement language does not always say "AL3." It states the protection level, or names the type of data, or references prototype handling in the scope. The label is the signal. In the engagements we run, the single most useful hour is the one spent confirming exactly which objectives a customer requires before any assessment is booked, because everything after that, cost, timeline, remote or on-site, flows straight from it.

Our TISAX® and ISO 27001 experts help European automotive suppliers achieve compliance within 95 days.

If the requirement is ambiguous, ask the customer rather than rounding up. A short clarification email is a lot cheaper than an on-site audit you did not need. If your scope includes prototypes, you already have your answer. If it does not, and your confidentiality and availability needs are high rather than very high, AL2 is very likely correct. When you want a second read on what a given OEM's requirement really implies at your level, what automotive procurement actually asks for sets out how those requirements tend to be written and what they mean on the ground.

The goal is to let the level fall out of the facts, cleanly, instead of choosing it on instinct and paying for the instinct later.

The patterns that send suppliers to the wrong level

The same avoidable missteps come up again and again in scoping conversations.

Aiming for AL3 to look serious. The level is not a diligence signal to your customer. It is a match to the sensitivity of the data. The right label held well says more than a heavier label held for show.

Deciding the level before reading the labels. The level sits downstream of the assessment objectives. Any choice made before you confirm the required labels is a guess, and guesses trend upward, toward cost.

Assuming confidentiality is the only trigger. Since the 6.0 catalogue, very high availability can send you to AL3 on its own. If a customer leans on your uptime, check the availability label, not just the confidentiality one.

Forgetting that prototypes are always AL3. If prototype handling is anywhere in your scope, the on-site assessment is settled. Plan for it from the start instead of discovering it late.

Treating AL2 as the budget option. AL2 is not a discount AL3. It is the correct, complete assessment for high protection needs, checked remotely. For most suppliers it is simply the right answer.

Frequently asked questions

What is the difference between TISAX AL2 and AL3?

Both assess the same VDA ISA controls at the same target maturity. The difference is verification depth. AL2 is a remote assessment, where an accredited provider reviews your evidence and interviews your people over video or phone. AL3 is an on-site assessment, with a physical inspection of your premises and spot-checks of technical controls. AL3 is not a stricter standard. It is the same standard, checked in person.

Is AL3 harder than AL2?

Not in terms of what you have to implement. The control requirements and the maturity target are identical. AL3 is more demanding only in that the assessment happens on-site, so physical security and evidence have to stand up to in-person inspection rather than a remote review.

When is TISAX AL3 required?

AL3 is required for very high confidentiality (the strictly confidential label), for every prototype protection objective, and for very high availability. Special-category personal data also raises the protection need to AL3. Information with high protection needs is normally assessed at AL2.

Can I choose my TISAX assessment level?

Generally no. The level is derived from the protection labels your customer requires. You confirm which objectives apply to the information you handle, and the assessment level follows from those objectives.

Do I need AL3 for prototypes?

Yes. All prototype protection objectives require an AL3 on-site assessment, because protecting prototypes depends on physical security that can only be verified in person.

Is AL2 enough for most suppliers?

For most suppliers handling information with high protection needs, yes. AL2 is the standard assessment level. AL3 applies to the specific triggers of very high confidentiality, prototypes, and very high availability.

What happens if I pick the wrong level?

Choose a level below what your customer's label requires and the result will not be accepted, so the assessment is wasted. Choose a level above it and you take on unnecessary cost, scope, and a longer preparation for no contractual benefit. Confirming the required labels first avoids both.

Get the level right before you book

If you are weighing AL2 against AL3, the honest first step is not to compare the two levels. It is to confirm which labels your customers actually require, because that decides the level for you. Do that well and the rest, cost, timeline, remote or on-site, becomes predictable instead of a gamble.

If you want a clear read on which assessment objectives apply to your business, and whether AL2 or AL3 is really the level you need before you spend anything on an assessment, book a TISAX scoping and gap assessment. We will map the information you handle against the labels your customers require and give you an honest answer, including the times when AL2 is all you need.

Related reading: Automotive Supplier TISAX Requirements · VDA ISA 6.0: What Changed · The TISAX Recertification Countdown · How to Prepare for TISAX Awareness Training

TISAX® and VDA® are registered trademarks of the ENX Association and the VDA respectively. ITIS-Secure prepares organisations for assessment; the ENX-approved audit provider conducts the assessment. This article is guidance, not a substitute for your customer's specific labelling requirement.

Iulian Bozdoghina

"Iulian Bozdoghina is a veteran cybersecurity strategist with over 15 years of experience in securing automotive supply chains and critical infrastructure. He specializes in TISAX®, ISO 27001, and the emerging NIS2/DORA regulatory landscape."

ISO 27001 Lead AuditorTISAX® SpecialistISO14001 AuditorISO42001 Auditor

Ready to get certified?

Book your free gap assessment today. Our experts will map your current posture against your target framework and give you a clear, honest roadmap to certification.

Book Free Gap Assessment

No commitment required • GDPR compliant • Strategy confirmed via secure link

Related Articles

Continue reading about similar cybersecurity and compliance topics.