Breaking India Sets Mandatory Cybersecurity Standards for Connected Cars to Prevent Remote Hijackings

Date:

Breaking News — updating as confirmed details emerge

NEW DELHI — The Ministry of Road Transport and Highways announced a phased rollout of mandatory cybersecurity and software‑update norms for vehicles equipped with advanced driver‑assist and autonomous technologies, aiming to curb the growing risk of remote hijackings as cars become more software‑driven.

The new framework, slated to begin in October 2026, will first apply to all new models that feature Level‑3 automation or higher. A second phase will bring existing models into compliance, followed by a final stage that targets any vehicle capable of over‑the‑air (OTA) updates. Manufacturers will be required to embed secure boot mechanisms, use encrypted communication channels, conduct regular vulnerability assessments, and publish a “software update calendar” detailing the frequency and scope of patches. Non‑compliant firms could face fines or revocation of type‑approval certificates, the ministry said.

What happened
The ministry released a statement outlining the three‑stage implementation plan. Starting October 2026, any new vehicle launched with Level‑3 autonomous driving capability must meet the cybersecurity framework. Existing models will be brought under the rules in a later phase, and a final phase will cover all vehicles that support OTA updates, regardless of their automation level. The regulations also call for manufacturers to work with the Automotive Research Association of India (ARAI) to develop test‑beds and certification processes for the new standards.

Why it matters
Connected cars increasingly rely on software to control critical functions such as braking, steering and acceleration. As these systems become more networked, they present attractive targets for cybercriminals seeking to remotely hijack or disable vehicles. By establishing baseline security requirements, the government aims to protect consumers from such threats and to build confidence in the safety of autonomous‑driving technologies.

Background and context
The push comes amid a global surge in cyber‑attack attempts on automotive systems. In recent years, researchers have demonstrated the feasibility of remotely taking control of vehicles through vulnerabilities in infotainment units, telematics modules and OTA update mechanisms. While India’s vehicle fleet has traditionally been dominated by low‑tech models, the market is rapidly shifting toward higher‑tech offerings, with several manufacturers planning to introduce Level‑3 and Level‑4 autonomous features within the next few years.

The ministry’s move aligns India with other jurisdictions that have introduced automotive cybersecurity regulations, such as the United States’ National Highway Traffic Safety Administration (NHTSA) guidelines and the European Union’s UNECE WP.29 cybersecurity provisions, which became mandatory for new vehicle types in 2022.

Competing claims and uncertainty
Industry groups have broadly welcomed the initiative but caution that compliance could raise production costs, especially for domestic manufacturers still scaling up electronic architectures. Some smaller original equipment manufacturers (OEMs) have expressed concern about the availability of testing infrastructure and the technical expertise required to meet the secure‑boot and encryption standards. The ministry, however, indicated that it will collaborate with ARAI to provide test‑beds and certification pathways, though details on funding or capacity limits have not been disclosed.

There is also uncertainty about how the “software update calendar” will be enforced. The statement requires manufacturers to publish update schedules, but does not specify penalties for missed or delayed patches. Critics argue that without clear metrics, the rule could become a paperwork exercise rather than a substantive security safeguard.

What to watch next
Regulatory guidelines: The ministry is expected to issue detailed technical specifications and compliance checklists in the coming weeks. Stakeholders will be watching for any amendments that could affect timelines or testing requirements.
Industry response: Major OEMs are likely to file formal comments or seek clarifications through the Ministry’s public consultation process, which is scheduled to close in early November 2026.
Enforcement mechanisms: The development of a monitoring framework, including periodic audits and a public database of compliant models, will be crucial to the policy’s effectiveness.
International coordination: As Indian manufacturers export vehicles to markets with existing cybersecurity mandates, alignment with global standards could become a competitive advantage or a source of friction if requirements diverge.

Conclusion
India’s phased cybersecurity mandate represents a proactive attempt to address the emerging threat of remote vehicle hijackings as the nation’s automotive fleet becomes increasingly software‑centric. While the rules could raise costs and pose implementation challenges for manufacturers, especially smaller players, the framework sets a clear baseline for safety and aligns the country with international regulatory trends. The ultimate impact will depend on the ministry’s ability to translate the high‑level standards into actionable, enforceable requirements and to provide the industry with the resources needed to meet them without stifling innovation.

Sources
Times of India, “As vehicles get smarter, govt plans to thwart hijackings, roll out software update norms,” https://timesofindia.indiatimes.com/india/as-vehicles-get-smarter-govt-plans-to-thwart-hijackings-roll-out-software-update-norms/articleshow/132187390.cms

Story synopsis gathered from: Times of India – Top Stories — source

Corrections

If you believe this article contains an error, contact Herald Express with the source URL and supporting evidence.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

spot_imgspot_img

Popular

More like this
Related

Breaking Operation Entebbe: Newly Declassified Files Detail Israel’s 1976 Hostage Rescue

Israel’s 1976 raid on Entebbe Airport – known at the time as Operation Thunderbolt – was carried out by elite Sayeret Matkal commandos who flew more than 2,500 km from Israel, landed at night and freed 102 hostages from a hijacked Air France flight.…

Breaking Why India Is Allocating Rs 52,000 Crore to Defend the First 100 Kilometres of a Future Battlefield

New Delhi – The Ministry of Defence has approved a procurement plan worth roughly Rs 52,000 crore (about US$6.2 billion) that concentrates on weapons and systems meant to dominate the initial 100 kilometres of any future conflict zone. Announced in late 2025, the package marks a…

Breaking Doctor, Engineer… or Something Else? India’s Career Aspirations Shift Toward AI and Digital Skills

New Delhi — For generations, a degree in engineering or medicine has been the benchmark of middle‑class security and social prestige in India. New data and industry surveys suggest that this hierarchy is eroding as the country’s economy pivots toward artificial…

Breaking Maine Couple Intervenes as Black Bear Chases Moose Calf, Capturing the Drama on Video

A fishing outing on a remote lake in western Maine turned into a wildlife rescue when Todd and Elvia Malcolm drove their pickup into the path of a black bear pursuing a moose calf, according to a video posted online…