MoRTH Proposes Mandatory Vehicle Cybersecurity Rules for Software-Defined Vehicles

MoRTH
The Ministry of Road Transport and Highways (MoRTH) has proposed new rules to make cybersecurity and software update management mandatory for vehicles equipped with advanced electronic and automated driving technologies, aiming to strengthen protection against rising cyber threats.

The proposed regulations seek to establish mandatory cybersecurity management systems and software update management systems for vehicles as increasing software integration and connected technologies expose them to risks such as malware and cyberattacks.

The rules will apply to passenger vehicles, commercial vehicles and tractors equipped with at least one electronic control unit (ECU) supporting Level-3 or higher automated driving capability.

Under the proposed implementation timeline, new vehicle models featuring Level-3 or higher automated driving systems will be required to comply with the cybersecurity framework from October 2026. Existing models incorporating such technologies will have to comply from April 2027.

In the next phase, vehicles capable of receiving over-the-air (OTA) software updates through Wi-Fi or cellular networks will be required to meet the new cybersecurity requirements between April and October 2028. Vehicles equipped with software update capability will come under the framework from October 2029.

Over-the-air software update technology enables manufacturers to remotely deliver software, firmware and system upgrades without requiring vehicles to visit service centres. The system allows manufacturers to deploy security patches, feature enhancements and software improvements directly through wireless connectivity.
📅 Published on: 06 July 2026
🔗 Share:
We Value Your Comment
How useful is this information?

NBM Media

30+ years of reporting on infrastructure, construction, architecture, & real estate across print, digital, and social media.