Connected Car Rules: India Plans Vehicle Software Update Norms
With cars increasingly run by software, the government is reportedly preparing update and security norms aimed at preventing vehicle hijacking and governing how connected cars in India are patched and protected.
The NE Times Technology Desk
Commentary & Analysis ·

India's government is planning norms for vehicle software updates as cars grow steadily more connected, according to a Times of India report on July 5. The move, which reportedly includes measures to thwart digital hijacking of vehicles, signals a new phase in Indian auto regulation — one where the code inside a car matters as much as the machinery.
Cars are becoming rolling computers
Connected vehicles are no longer a luxury niche in India. Software now runs infotainment, safety systems, diagnostics, navigation and increasingly sophisticated driver-assistance features. Many models already receive over-the-air updates, meaning a car's behaviour can change overnight without a visit to the workshop.
That capability cuts both ways. Well-governed updates can fix defects quickly and improve safety at scale. Poorly secured connected systems, on the other hand, could expose owners to data theft or even operational interference — the hijacking scenario regulators are reportedly keen to shut down.
What the norms may need to cover
The core policy question is how India should regulate security, accountability and update quality for vehicles that talk to external systems. Automakers may face clearer standards on update logs, user consent, vulnerability disclosure and emergency fixes. The next concrete milestone to watch is the release of draft norms or a public consultation from the government.
The NE Times View
This is regulation catching up with reality, and it is overdue. Indian buyers are adopting connected cars faster than the rulebook has evolved, leaving questions of liability, data ownership and patch quality to fine print written by manufacturers. Done well, these norms could become a template: mandatory update logs and vulnerability reporting would give consumers real protection without stifling innovation. Done clumsily, they could bury smaller automakers and startups in compliance while the biggest players absorb the cost. The government should consult widely and set outcome-based standards — because a car that can be updated remotely is a car that can, in the wrong hands, be attacked remotely.
This article is original commentary and analysis by The NE Times. Background facts were referenced from Times of India.
You may also like to read

IIT Madras, IIT Kanpur Launch Cybersecurity Degree With Field Training
IIT Madras and IIT Kanpur have jointly launched a practice-oriented Bachelor of Cybersecurity featuring two years of field deployment, a direct response to India's widening shortage of trained cyber defence professionals.

Tata Electronics Cyber Incident Raises Supply-Chain Data Questions
Tata Electronics has confirmed a cybersecurity incident after a ransomware group claimed to post over 200,000 files allegedly tied to Apple and Tesla component designs, spotlighting India's electronics supply-chain security.

I4C Warns Indian Companies of Rising 'Boss Scam' CEO-Impersonation Cyber Fraud
India's cybercrime coordination agency has flagged an emerging 'Boss Scam' in which fraudsters impersonate regulators and executives to push urgent, fraudulent money transfers at companies.

Bajaj Auto Says Ransomware Attack Hit Company Systems
Bajaj Auto has disclosed that a ransomware attack affected systems at the company and its subsidiary Bajaj Auto Technology, intensifying concern over cyber risk across India's increasingly digital manufacturing sector.
More from this section
MoreCG Semi Sanand Plant Opens, Boosting India's Semiconductor Drive
Prime Minister Narendra Modi inaugurated CG Semi's chip assembly and test facility in Sanand, Gujarat, giving India's semiconductor mission a working manufacturing milestone rather than another policy promise.

Chinese E-Rickshaw Apps Banned in India Over Remote Disable Risk
The Centre has ordered the removal of three Chinese apps — BAT-BMS, Lossigy and Epoch-i-ion — over fears they could remotely disable battery-run e-rickshaws, turning mobility software into a public safety concern.

Gaganyaan Parachute Test Success Moves ISRO Closer to Crewed Flight
ISRO has completed successful integrated parachute tests for the Gaganyaan crew capsule, validating a critical part of the descent and recovery system as India's human spaceflight programme advances through key engineering milestones.