India nears finalisation of cybersecurity regulations for vehicles as global standards gain traction
Cybersecurity for connected vehicles is set to become a mandatory feature in India by 2027, as per a report detailing advancements and vulnerabilities in modern vehicles. The report outlines how connected vehicles, powered by integrated systems and cloud connectivity, face increasing risks of cyberattacks. The implementation of cybersecurity features will be required across all vehicles sold in the country by 2027.
The report, titled “Cybersecurity for Connected Vehicles,” was published by PwC India which provides an in-depth analysis of the evolution of vehicles from basic mechanical systems to complex, electronically controlled units. Today’s vehicles can integrate between 10 and 100 computers, forming a networked intelligence system that controls everything from steering to braking and real-time data processing. This increased connectivity, while enhancing consumer experiences, has also made vehicles vulnerable to cyberattacks.
India’s Adoption Of Global Standards
The global regulatory framework for vehicle cybersecurity is evolving, with standards like ISO/SAE 21434 and UNECE R155 playing a crucial role in ensuring cyber resilience in the automotive industry. From July 2024, Europe mandated that all new vehicles must comply with cybersecurity management systems (CSMS). India, following in similar footsteps, is expected to implement its AIS 189 and AIS 190 cybersecurity standards by 2027, which will mandate the inclusion of cybersecurity features in all connected vehicles sold in the country.
Rising Cybersecurity Risks In Modern Vehicles
The report also highlights the increasing reliance on software in vehicles, which makes them more susceptible to cyberattacks. As vehicles shift toward Software-Defined Vehicles (SDVs), OEMs are taking control of full-stack architecture, integrating AI and cloud computing into vehicle design. This evolution, while enhancing vehicle functionality, increases the risk of malicious actors exploiting vulnerabilities within the software and multiple interfaces between connected devices.
To address these growing cybersecurity risks, the Automotive Industry Standards (AIS) in India are being developed, with a focus on embedding cybersecurity at every stage of vehicle manufacturing. AIS 189 and AIS 190, once implemented, are expected to reshape the safety standards for connected vehicles in India, aligning the country with global best practices.
Challenges In Cybersecurity Implementation
Despite the increasing focus on cybersecurity, the PwC report highlights challenges in the industry. PwC’s survey of global original equipment manufacturers (OEMs) revealed that while many automakers have designed cybersecurity management systems (CSMS), the maturity of these systems remains low. This could delay full implementation and compliance across the automotive industry.
The PwC report stresses the urgent need for consumers to consider cybersecurity as a critical factor when purchasing new connected vehicles. With the global automotive industry facing increasing cyberthreats, the implementation of robust CSMS and compliance with regulatory frameworks will be essential for ensuring the safety of both vehicles and passengers in the digital age.
