Government Unveils Mandatory Cybersecurity Norms for Vehicles
The Indian government has proposed a new set of mandatory cybersecurity standards for all vehicles sold in the country, aiming to bolster protection against rising cyber threats and elevate overall vehicle safety. The draft regulation, published by the Ministry of Road Transport and Highways on June 26, 2026, mandates that all new vehicle models comply with specific cybersecurity requirements starting from 2027.
Key Provisions and Timeline
According to the proposal, automakers must implement measures to protect vehicle electronic systems from unauthorized access, data breaches, and remote attacks. The standards cover critical components such as electronic control units, infotainment systems, telematics, and over-the-air update capabilities. A government official stated, “These norms are essential to safeguard consumers as vehicles become increasingly connected and software-dependent.” The compliance deadline is set for January 2027 for new models, with existing models to follow by 2028.
Industry Impact and Next Steps
The move is expected to affect major automakers operating in India, including Maruti Suzuki, Hyundai, Tata Motors, and global players like Toyota and Volkswagen. Industry body SIAM has been consulted during the drafting process and has expressed support for the initiative, though it seeks clarity on testing protocols. The government has invited public comments on the draft until August 31, 2026, before finalizing the rules.
