The US Department of Commerce’s Bureau of Industry and Security (BIS) has published a Notice of Proposed Rulemaking (NPRM) that would prohibit the sale or import of connected vehicles integrating specific pieces of hardware and software, or those components sold separately, with a ‘sufficient nexus to the People’s Republic of China (PRC) or Russia’.
The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated Driving System (ADS). These are the critical systems that, through specific hardware and software, allow for external connectivity and autonomous driving capabilities in connected vehicles.
Malicious access to these systems could allow adversaries to access and collect our most sensitive data and remotely manipulate cars on American roads. The proposed rule would apply to all wheeled on-road vehicles such as cars, trucks, and buses, but would exclude vehicles not used on public roads like agricultural or mining vehicles.
BIS and its Office of Information and Communications Technology and Services (OICTS) have found that certain technologies originating from the PRC or Russia present an undue risk to both U.S. critical infrastructure and those who use connected vehicles. The proposed action is a proactive measure designed to protect US national security and the safety of US drivers.
“Cars today have cameras, microphones, GPS tracking, and other technologies connected to the internet. It doesn’t take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of U.S. citizens,” said U.S. Secretary of Commerce Gina Raimondo in regards to the decision.
“The Biden-Harris Administration is ensuring that Americans can drive the car of their choice safely and securely – free from risks posed by Chinese technologies,” said National Economic Advisor Lael Brainard.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataNational Security Advisor Jake Sullivan said that “the data security and cybersecurity risks posed by software and hardware components sourced from the PRC and other countries of concern are equally clear, and we will continue to take necessary steps to mitigate these risks and get out ahead of the problem.”
There were also comments of support from Under Secretary of Commerce for Industry and Security Alan Estevez and OICTS Executive Director Elizabeth Cannon, who stressed that guaranteeing security was the primary driver for the decision.
The proposed rule would prohibit the import and sale of vehicles with certain VCS or ADS hardware or software with a nexus to the PRC or Russia. The VCS is the set of systems that allow the vehicle to communicate externally, including telematics control units, Bluetooth, cellular, satellite, and Wi-Fi modules. The ADS includes the components that collectively allow a highly autonomous vehicle to operate without a driver behind the wheel.
The rule would also prohibit manufacturers with a nexus to the PRC or Russia from selling connected vehicles that incorporate VCS hardware or software or ADS software in the United States, even if the vehicle was made in the United States.
The prohibitions on software would take effect for Model Year 2027 and the prohibitions on hardware would take effect for Model Year 2030, or January 1, 2029 for units without a model year.