Navigating the New US Rule on Connected Vehicle Technologies From ‘Countries of Concern’

September 24, 2024
VicOne
Navigating the New US Rule on Connected Vehicle Technologies From ‘Countries of Concern’

The US government is stepping up efforts to protect national security by finalizing a new rule aimed at regulating the import and sale of connected vehicles integrating certain software and hardware from what it deems countries of concern, specifically China and Russia. The rule bans the use of specific vehicle connectivity systems (VCSs) and automated driving systems (ADSs) that, according to the US governmentcould pose risks to national security, particularly within automotive supply chains.  

Who are affected?

This rule primarily affects automotive manufacturers (OEMs) and suppliers that utilize VCSs, technologies that connect vehicles to external systems via Bluetooth, cellular, satellite, or Wi-Fi. Connections through these technologies could potentially expose sensitive information about drivers, passengers, and even critical infrastructure. Additionally, the rule applies to ADSs, which enable highly autonomous vehicles to operate without a driver. 

This rule specifically targets automotive software and hardware capable of processing radio frequency (RF) communications or integrated into systems that enable self-driving cars. However, it does not encompass passive components, such as fasteners and plastic covers.

Citing the complexity of the commercial vehicle supply chain, the US government says that the rule applies only to passenger vehicles (defined as those under 10,001 pounds).

When are the key deadlines?

According to the US government, the prohibitions on software will take effect for model year 2027, while hardware restrictions will take effect for model year 2030, or Jan. 1, 2029, for vehicles without a model year. Prohibitions on the sale of connected vehicles by manufacturers with sufficient connections to China or Russia, even if manufactured in the US, will take effect for model year 2027.

How should companies prepare?

Companies in the automotive industry should proactively review their supply chains to avoid dependence on technologies from countries of concern. A good starting point is auditing the software bill of materials (SBOM) and hardware bill of materials (HBOM) to identify the origin of each software and hardware component. Other steps include building partnerships with trusted local or international providers, investing in internal tech development, and keeping open communication with regulatory bodies to ensure compliance and resilience in an ever-evolving threat landscape.

This article was updated on Jan. 16, 2025, at 8:00 a.m. UTC, with information on the finalization of the new rule, based on the latest release from the US Department of Commerce’s Bureau of Industry and Security (BIS).

Our News and Views

Gain Insights Into Automotive Cybersecurity

  • Get CRA-Ready: One Platform to Simplify CRA Compliance
    Blog
    July 14, 2025
    The EU Cyber Resilience Act (CRA) has set cybersecurity requirements focusing on Products with Digital Elements (PDE). This means that manufacturers within the supply chain must monitor and report vulnerabilities once discovered. Otherwise, a fine of a substantial financial penalty will be imposed. In this landscape, what manufacturers need is a solution that offers proactive Vulnerability and SBOM Management.
    Read More
  • CVE-2025-6019: A Privilege Escalation Flaw With Implications for AGL and the Future of SDVs
    Blog
    June 25, 2025
    A recently disclosed Linux flaw shows how seemingly ordinary bugs are starting to affect software-defined vehicles (SDVs). We unpack CVE-2025-6019, its impact on Automotive Grade Linux (AGL), and what it means for in-vehicle cybersecurity.
    Read More
  • Replicating RAMN Using a Single STM32 Board: A Hands-On Exploration
    Blog
    May 26, 2025
    Replicating the core functions of a full-scale Resistant Automotive Miniature Network (RAMN) using just a single STM32 board is a practical, cost-effective way to dive into advanced in-vehicle networking. In this hands-on guide, we run through the step-by-step setup, enabling engineers and enthusiasts alike to prototype resilient automotive communication systems with minimal hardware.
    Read More
  • LockBit Ransomware Group Data Leak: Implications for Automotive Cybersecurity
    Blog
    May 21, 2025
    A recent breach of the LockBit ransomware group exposed chat logs, offering a rare inside look at how victims were targeted and extorted. Automotive companies featured prominently among those attacked. We unpack the key findings and outline practical steps that automotive companies can take to block LockBit attacks or similar incidents.
    Read More
Visit Our Blog

Accelerate Your Automotive Cybersecurity Journey Today

Contact Us