The US government is stepping up efforts to protect national security by proposing a new rule aimed at regulating the import and sale of connected vehicles integrating certain software and hardware from what it deems “countries of concern,” specifically China and Russia. The proposed rule will ban the use of specific vehicle connectivity systems (VCSs) and autonomous driving systems (ADSs) that, according to the US government, could pose risks to national security, particularly within automotive supply chains.
Who will be affected?
This rule will primarily affect automotive manufacturers (OEMs) and suppliers that utilize VCSs, technologies that connect vehicles to external systems via Bluetooth, cellular, satellite, or Wi-Fi. Connections through these technologies could potentially expose sensitive information about drivers, passengers, and even critical infrastructure. Additionally, the rule applies to ADSs, which enable highly autonomous vehicles to operate without a driver.
If finalized, this new rule would specifically target automotive software and hardware capable of processing radio frequency (RF) communications or integrated into systems that enable self-driving cars. However, it will not encompass passive components, such as fasteners and plastic covers.
When are the key deadlines?
According to the US government, the prohibitions on software will begin with the 2027 model year, while hardware restrictions will take effect starting with the 2030 model year, or Jan. 1, 2029, for vehicles without a model year.
How should companies prepare?
Companies in the automotive industry should proactively review their supply chains to avoid dependence on technologies from countries of concern. A good starting point is auditing the software bill of materials (SBOM) and hardware bill of materials (HBOM) to identify the origin of each software and hardware component. Other steps include building partnerships with trusted local or international providers, investing in internal tech development, and keeping open communication with regulatory bodies to ensure compliance and resilience in an ever-evolving threat landscape.
