The U.S. Department of Commerce (DoC) is taking significant steps to ensure the security and integrity of connected vehicles by proposing a ban on the import or sale of vehicles that integrate software and hardware from foreign adversaries, particularly China and Russia.
The Bureau of Industry and Security (BIS) highlighted that the proposed rule specifically targets the hardware and software integrated into the Vehicle Connectivity System (VCS) and Automated Driving System (ADS) of vehicles, which are critical components enabling external connectivity and autonomous driving capabilities.
The move is motivated by concerns that unauthorized access to such systems could lead to the compromise of sensitive data and even remote manipulation of vehicles on U.S. roads, posing serious risks to national security and privacy.
While the ban covers all wheeled on-road vehicles like cars, trucks, and buses, agricultural and mining vehicles are exempted from the restrictions.
Notably, the BIS emphasized that certain technologies originating from China and Russia are deemed to pose an “undue risk” to critical U.S. infrastructure and the general public who rely on connected vehicles, which necessitates actions to safeguard against potential exploitation.
Commenting on the proposed rule, Under Secretary of Commerce for Industry and Security Alan F. Estevez noted, “This rule represents a crucial measure to protect America’s technology supply chains from foreign threats, and to ensure that connected vehicle technologies remain secure from possible exploitation by entities associated with China and Russia.”
The ban will restrict the import and sale of vehicles incorporating specific VCS or ADS hardware or software linked to China or Russia. It also aims to prevent manufacturers with ties to these countries from selling connected vehicles with such components in the U.S., regardless of where the vehicle was manufactured.
The restrictions on software components will come into effect for Model Year 2027, while those on hardware components are slated for Model Year 2030, or January 1, 2029 for units without a specific model year, according to the BIS.
In a joint statement, the White House highlighted the importance of ensuring the resilience and security of U.S. automotive supply chains from foreign threats, especially with the increasing interconnectedness of vehicles with digital networks, which could be exploited by malicious actors for gathering sensitive information or disrupting infrastructure.
The White House further pointed out that specific hardware and software in connected vehicles have the potential to collect information about critical infrastructure and geographic areas, creating opportunities for malicious interventions that could compromise operational integrity.