A host of advanced technologies— software over-the-air (OTA) updates, vehicle-to-everything (V2X), cloud integration, and voice assistants, among them—are transforming the connected vehicle environment. On the one hand, they are opening up the prospect for greater personalization and an array of exciting new features and services. On the other hand, this is exposing vulnerabilities linked to personal information leaks, data fraud, unauthorized access to sensitive driver-related information, and privacy concerns.
Connected vehicles, therefore, have multiple implications for automakers: the need to focus on cybersecurity and data management, design new business models, boost investments in technology R&D, anticipate and address changing customer expectations, and collaborate with technology providers in order to stay abreast with the latest automotive technologies. Overarching this is the urgent need for a common set of regulations, standards, and policies to govern the rapidly evolving, technology-driven connected vehicle industry.
To learn more, please access our recent research report, Growth Opportunities in the Global Connected Vehicle Regulatory Environment or contact [email protected] for information on a private briefing.
Lack of Regulatory Standardization a Challenge in North America
There are a uniform set of regulations under the United Nations Economic Commission for Europe’s (UNECE) World Forum for Harmonization of Vehicle Regulations. In North America, the US is not signatory to this nor does it recognize UN type approvals. Instead, it has its own mechanism – the Federal Motor Vehicle Safety Standards (FMVSS). Canada has the Canada Motor Vehicle Safety Standards that is broadly similar to FMVSS. However, the Comprehensive Economic and Trade Agreement between Canada and Europe could potentially make UN Regulations acceptable alternatives to the Canadian regulations.
Without a uniform, regulatory framework in place, global commercialization will be difficult to achieve. As automakers look to advanced technologies that can leverage future 5G connectivity and improve their forthcoming vehicle models and services, the need for regulatory uniformity will be further emphasized. Varying standards and policies will mean delayed new vehicle launches and prohibitive production costs. For instance, eCall functionality is currently mandated in Europe but not in North America.
The problem is specifically compounded in the US because every state can have its own data privacy laws meaning what is acceptable in one state might not be acceptable in another. Additionally, National Highway Traffic Safety Administration (NHTSA) has only recommended cybersecurity best practices which leads to a situation where OEMs can disregard the best practices altogether.
Europe Leads in Progressive Regulation
Among the key markets for connected vehicles, Europe has been a forerunner on the regulatory front. It has the most regulations for connected vehicle technologies- eCall, NG eCall, V2X, cybersecurity, 5G connectivity, personal data privacy, ISA and C-V2X – followed by North America. China is in the early stages of regulating connected vehicle services but is gradually pulling level with Europe and North America. All three key markets – Europe, China, and North America – have regulations related to cybersecurity, personal data privacy and C-V2X.
Today, Europe has one of the most stringent privacy and security laws under the General Data Protection Regulation (GDPR) which imposes restrictions on the ability of organizations, including automakers, to target or collect individuals’ personal data.
Beginning in October 2021, China Management of Automotive Data Security Regulations have been in effect in China, with the Shenzhen government leading the way with its proposed draft regulation for customer use of ICVs in 2021. More recently in May 2023, China released a set of new draft technical standards that seek to strengthen data protection and cybersecurity for autonomous vehicles (AVs). Among two major clauses here include, firstly, ensuring the installation of data storage systems in AVs with the aim of clearly determining liability in the case of an accident and, secondly, using Chinese cloud service providers for data transfers with the aim of preventing direct data transmission to overseas companies.
In the future, 5G connectivity, in-vehicle payment (eCommerce), satellite communications and eCall in both North America and China will be among the connected services that will be regulated or that will require policies and standards. In Europe, progressive regulations are expected related to geofencing guidance for urban vehicle access, usage-based insurance (UBI) and NG eCall.
Promisingly, the UNECE-governed regulations which has almost 60 signatory countries is set to catalyze CV commercialization and adoption. UNECE introduced two new cybersecurity and software update regulations for automakers in 2021. The adoption of WP.29 in June 2020 for implementation in more than 60 countries in 2022, requires OEMs to manage cyber risks across the supply chain. It is applicable in Europe, Japan, and South Korea, among other countries. Automakers belonging to countries that are not signatories to the agreement are constrained to comply with UNECE cybersecurity regulations if they wish to commercialize their vehicles in countries that are governed by the UNECE mandate. By 2026, WP.29 is anticipated to spur cybersecurity adoption in new vehicles to between 95% and 100% in key regions.
Collaboration and Clarity will be crucial
Frost & Sullivan estimates that around 69 million new CVs will be sold by 2026, underlining the immediate need for global regulatory harmonization. This will be a challenge since it involves reconciling the interests of multiple stakeholders in the CV space, including technology participants, Tier I and mobility service providers, OEMs, and customers.
Meaningful collaboration between governments, regulatory authorities, and CV market participants will fast-track the harmonization of global regulations, while highlighting the development of safe and secure CVs. Establishing clear policies and standards for advanced CV technologies, including V2X, from the outset will allow automakers sufficient time to ensure compliance with these new regulations.
With inputs from Amrita Shetty, Senior Manager, Communications & Content – Mobility