Home / Technology / India Mandates Car Cybersecurity: New Rules Roll Out
India Mandates Car Cybersecurity: New Rules Roll Out
27 Jun
Summary
- New draft rules propose mandatory cybersecurity for vehicles.
- Compliance with AIS-189 and AIS-190 standards is required.
- Phased implementation begins October 2026 for advanced vehicles.
India's Ministry of Road Transport and Highways has proposed new draft rules to make vehicle cybersecurity and software-update management mandatory for certain motor vehicles. These rules, which mirror existing regulations in the European Union, Japan, and South Korea, are open for public comment for 30 days before finalization.
Rule 125-T will enforce cybersecurity compliance with India's AIS-189 standard and require a Cyber Security Management System for various vehicle categories. Rule 125-U mandates adherence to AIS-190 for software updates, covering a broader range of vehicle types. These domestic standards will remain in effect until the Bureau of Indian Standards issues its own formal specifications.
The implementation will be phased, prioritizing vehicles with higher risk. New models with Level 3 automation and above must comply by October 2026, followed by existing models in April 2027. Vehicles with over-the-air update capabilities have deadlines extending to October 2028, and all other software-update capable vehicles must comply by October 2029.
