Cybersecurity rules proposed for smart vehicles to prevent malware risks | India News

NEW DELHI: A new era of cyber threats is coming to the roads. As vehicles become smarter, with more software driving systems, the risk of malware attacks is no longer science fiction. In response, road transport ministry has proposed sweeping rules to make cybersecurity and software update management mandatory for vehicles equipped with advanced systems.For the first time, the ministry has put out draft rules to make cybersecurity and software update management mandatory for certain categories of vehicles in India. The proposed cybersecurity rules will apply to passenger vehicles, commercial vehicles and tractors equipped with at least one electronic control unit (ECU) with Level-3 or higher automated driving capability.As per the proposed norms, compliance to cybersecurity and cybersecurity management system would be mandatory for new models of vehicles with Level-3 automation and above, such as Mercedes Benz S Class, Audi A8, and BMW 7 Series, from Oct. This would be applicable for existing models from next April.Vehicles capable of receiving over-the-air (OTA) software updates will be next, between April and Oct 2028, followed by all other vehicles with software update capability from Oct 2029.OTA in cars refers to wireless delivery of software, firmware, or system updates directly to a vehicle via cellular networks or Wi-Fi. This is similar to smartphone updates as it eliminates the need to visit a dealership for repairs, enhancements, or new features.As per the proposed rules, vehicle manufacturers will have to comply with Automotive Industry Standards (AIS) 189, which outlines the strict regulations and frameworks that automakers and suppliers must follow to protect connected, autonomous, and modern electronic vehicles from digital attacks, hacking, and remote firmware tampering.It also proposes mandatory implementation of AIS 190, which defines the framework for secure vehicle software updates and Software Update Management Systems (SUMS). It ensures that all OTA and manual software updates on modern connected vehicles are safe, traceable, authorized, and protected from cybersecurity threats.According to the draft notification, the proposed rules align India with the UN regulatory framework adopted in the European Union, Japan and South Korea, where cybersecurity and software update management are mandatory requirements for vehicle type approval.