The Centre, through the Ministry of Heavy Industries (MHI), has directed automobile manufacturers and auto component companies to immediately review the software used in connected cars and electric vehicles (EVs) following reports of security flaws that could allow unauthorised users to remotely disable moving EVs through Bluetooth-enabled applications.
The Centre has asked automakers and auto component manufacturers to strengthen the cybersecurity of connected vehicles by auditing the software and electronic systems used in EVs and connected cars.
In an advisory sent this week to the Society of Indian Automobile Manufacturers (SIAM) and the Automotive Component Manufacturers Association of India (ACMA), the Ministry of Heavy Industries asked companies to review battery communication interfaces, eliminate insecure default settings, strengthen user authentication, and secure over-the-air (OTA) communication channels.
The ministry also urged companies to remain vigilant, collaborate on secure vehicle design, and accelerate the adoption of India’s upcoming automotive cybersecurity standards, AIS-189 and AIS-190.
According to Report, the ministry said, “Manufacturers must begin building systematic cyber security management systems and software update management systems now. This includes securing over-the-air (OTA) updates, implementing robust user authentication, and validating software integrity.” No deadline has been announced for completing the audits.
The advisory comes as India prepares to introduce mandatory vehicle cybersecurity rules under the Central Motor Vehicles Rules, 1989. The proposed framework will require compliance with AIS-189 for cybersecurity and AIS-190 for software updates, with implementation set to begin in phases from October 1, 2026.
The move follows reports of a Bluetooth-related vulnerability that could allow unauthorised users to remotely disable certain EVs. It also follows CERT-In’s CISG-2026-03 guidance, issued on June 10, which requires automotive OEMs and technology providers to conduct continuous vulnerability assessments and report cyber incidents within six hours.
India’s connected vehicle market includes global brands such as Mercedes-Benz, Audi, and BMW, alongside domestic EV manufacturers that are increasingly adopting software-defined vehicle technologies.
Read Articles: 55% of Leaders Regret AI-Driven Layoffs as Companies Rehire Workers After Automation Falls Short

