The United States is set to significantly restrict the use of Russian and Chinese-made software and hardware in automobiles, citing national security concerns. The U.S. Department of Commerce has announced a final rule that bans the integration of certain technologies originating from these countries into new vehicles, marking a major escalation in the U.S. government’s efforts to counter foreign influence in critical sectors. Keep reading to learn more about this new rule, including when it will take effect.
The scope of the ban
The ban specifically targets passenger vehicles. The rule prohibits the use of:
- Hardware and software within the Vehicle Connectivity System (VCS): This system enables external communication for features like telematics, over-the-air updates, and connected services.
- Software within the Automated Driving System (ADS): This system powers autonomous driving features, such as self-parking and lane-keeping assist.
The ban applies to technologies originating from or significantly influenced by entities in the People’s Republic of China (PRC) or Russia. This includes components designed, developed, manufactured, or supplied by these entities.
Importantly, the rule extends beyond the origin of the vehicle itself. Even if a vehicle is manufactured in the United States, it cannot be sold in the U.S. market if it incorporates prohibited VCS hardware, VCS software, or ADS software from entities with ties to the PRC or Russia.
A separate rule addressing commercial vehicles is expected to be issued soon.
The reasons behind the ban
The final regulation, published in the Federal Register on Tuesday, January 14th, follows extensive deliberation and public review by the U.S. Commerce Department’s Bureau of Industry and Security. Throughout the rulemaking process, the Bureau determined that certain technologies originating from China and Russia pose significant and unacceptable risks to national security, cybersecurity, and data security.
“Cars today aren’t just steel on wheels – they’re computers,” outgoing Commerce Secretary Gina Raimondo said in a news release Tuesday. “They have cameras, microphones, GPS tracking, and other technologies that are connected to the internet. Through this rule, the Commerce Department is taking a necessary step to safeguard U.S. national security and protect Americans’ privacy by keeping foreign adversaries from manipulating these technologies to access sensitive or personal information.”
A senior administration official added that the risks posed by Chinese and Russian software extend beyond vehicles themselves. If mobile phones are linked to these systems, they could provide foreign adversaries with easy access to user data.
“Recent malicious cyber activity, particularly activity that they do that was volt typhoon (an advanced persistent threat engaged in cyber espionage) has really heightened the urgency of preempting even more risk to our critical infrastructure, and we’ve seen not just volt typhoon, but really mounting evidence of the PRC pre-positioning malware in our critical infrastructure, solely for the purpose of sabotage and disruption,” the official said, as reported by ABC News. “With potentially millions of connected vehicles coming on the road, you know, each with 10-to-15-year lifespans, the risk of sabotage really increases substantially. The second set of risks, as was alluded to as well, are this data security risk given the massive amount of sensitive personal data, including geo-location data, audio, video recordings, and other live data that’s collected connected by these vehicles.”
Does the U.S. automotive industry support the rule?
Another senior administration official shared during a recent conference call that the U.S. automotive industry largely supports the new rule, acknowledging the national security concerns that underpin it.
According to a statement from the Commerce Department, “Malicious access to these critical supply chains could allow our foreign adversaries to extract sensitive data, including personal information about vehicle drivers or owners, and remotely manipulate vehicles.”
When will the rule take effect?
The newly announced rule will take effect gradually, with software bans applying to Model 2027 vehicles and hardware bans coming into force for Model 2030 vehicles.