Breaking India Sets Mandatory Cybersecurity Standards for Connected Cars to Prevent Remote Hijackings

Date:

Breaking News — updating as confirmed details emerge

NEW DELHI — The Ministry of Road Transport and Highways announced a phased rollout of mandatory cybersecurity and software‑update norms for vehicles equipped with advanced driver‑assist and autonomous technologies, aiming to curb the growing risk of remote hijackings as cars become more software‑driven.

The new framework, slated to begin in October 2026, will first apply to all new models that feature Level‑3 automation or higher. A second phase will bring existing models into compliance, followed by a final stage that targets any vehicle capable of over‑the‑air (OTA) updates. Manufacturers will be required to embed secure boot mechanisms, use encrypted communication channels, conduct regular vulnerability assessments, and publish a “software update calendar” detailing the frequency and scope of patches. Non‑compliant firms could face fines or revocation of type‑approval certificates, the ministry said.

What happened
The ministry released a statement outlining the three‑stage implementation plan. Starting October 2026, any new vehicle launched with Level‑3 autonomous driving capability must meet the cybersecurity framework. Existing models will be brought under the rules in a later phase, and a final phase will cover all vehicles that support OTA updates, regardless of their automation level. The regulations also call for manufacturers to work with the Automotive Research Association of India (ARAI) to develop test‑beds and certification processes for the new standards.

Why it matters
Connected cars increasingly rely on software to control critical functions such as braking, steering and acceleration. As these systems become more networked, they present attractive targets for cybercriminals seeking to remotely hijack or disable vehicles. By establishing baseline security requirements, the government aims to protect consumers from such threats and to build confidence in the safety of autonomous‑driving technologies.

Background and context
The push comes amid a global surge in cyber‑attack attempts on automotive systems. In recent years, researchers have demonstrated the feasibility of remotely taking control of vehicles through vulnerabilities in infotainment units, telematics modules and OTA update mechanisms. While India’s vehicle fleet has traditionally been dominated by low‑tech models, the market is rapidly shifting toward higher‑tech offerings, with several manufacturers planning to introduce Level‑3 and Level‑4 autonomous features within the next few years.

The ministry’s move aligns India with other jurisdictions that have introduced automotive cybersecurity regulations, such as the United States’ National Highway Traffic Safety Administration (NHTSA) guidelines and the European Union’s UNECE WP.29 cybersecurity provisions, which became mandatory for new vehicle types in 2022.

Competing claims and uncertainty
Industry groups have broadly welcomed the initiative but caution that compliance could raise production costs, especially for domestic manufacturers still scaling up electronic architectures. Some smaller original equipment manufacturers (OEMs) have expressed concern about the availability of testing infrastructure and the technical expertise required to meet the secure‑boot and encryption standards. The ministry, however, indicated that it will collaborate with ARAI to provide test‑beds and certification pathways, though details on funding or capacity limits have not been disclosed.

There is also uncertainty about how the “software update calendar” will be enforced. The statement requires manufacturers to publish update schedules, but does not specify penalties for missed or delayed patches. Critics argue that without clear metrics, the rule could become a paperwork exercise rather than a substantive security safeguard.

What to watch next
Regulatory guidelines: The ministry is expected to issue detailed technical specifications and compliance checklists in the coming weeks. Stakeholders will be watching for any amendments that could affect timelines or testing requirements.
Industry response: Major OEMs are likely to file formal comments or seek clarifications through the Ministry’s public consultation process, which is scheduled to close in early November 2026.
Enforcement mechanisms: The development of a monitoring framework, including periodic audits and a public database of compliant models, will be crucial to the policy’s effectiveness.
International coordination: As Indian manufacturers export vehicles to markets with existing cybersecurity mandates, alignment with global standards could become a competitive advantage or a source of friction if requirements diverge.

Conclusion
India’s phased cybersecurity mandate represents a proactive attempt to address the emerging threat of remote vehicle hijackings as the nation’s automotive fleet becomes increasingly software‑centric. While the rules could raise costs and pose implementation challenges for manufacturers, especially smaller players, the framework sets a clear baseline for safety and aligns the country with international regulatory trends. The ultimate impact will depend on the ministry’s ability to translate the high‑level standards into actionable, enforceable requirements and to provide the industry with the resources needed to meet them without stifling innovation.

Sources
Times of India, “As vehicles get smarter, govt plans to thwart hijackings, roll out software update norms,” https://timesofindia.indiatimes.com/india/as-vehicles-get-smarter-govt-plans-to-thwart-hijackings-roll-out-software-update-norms/articleshow/132187390.cms

Story synopsis gathered from: Times of India – Top Stories — source

Corrections

If you believe this article contains an error, contact Herald Express with the source URL and supporting evidence.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

spot_imgspot_img

Popular

More like this
Related

Breaking Hafiz Saeed’s Relatives and Associates Among 23 New Names Added to India’s UAPA Terror List, Raising Total to 80

New Delhi — The Ministry of Home Affairs announced on Tuesday that 23 individuals and entities have been added to the Union Ministry’s “terrorist and disruptive activities” (TADA) list under the Unlawful Activities (Prevention) Act (UAPA), bringing the total number…

Breaking Centre Issues Fresh Draft Emission‑Cut Targets for Iron and Steel Sector

NEW DELHI — The Ministry of Environment, Forest and Climate Change released a draft framework on Thursday that sets new carbon‑intensity reduction targets for India’s iron and steel industry. The proposal calls for a 30 percent cut in emissions intensity by 2030…

Breaking Northeast India Gets Its First MEMU Train Connecting Agartala and Karimganj

The Northeast Frontier Railway (NFR) has launched the region’s inaugural Mainline Electric Multiple Unit (MEMU) service, linking Tripura’s capital Agartala with Karimganj in Assam. The daily train, numbered 15673/15674, departs Agartala at 06:30 a.m. and reaches Karimganj at 10:45 a.m., covering a…

Breaking Manipur Chief Minister Says He “Often Thinks I Could Have Prevented” MLA’s Murder at Funeral

Imphal, Manipur — Manipur Chief Minister Yumnam Khemchand Singh visited the funeral of Zomi community legislator Vungzagin Valte on Monday, expressing personal remorse over the slain lawmaker’s death. Singh told mourners that he “often thinks I could have prevented it,”…