India drafts cybersecurity rules for connected vehicles – Introduction

https://www.autocarindia.com/industry/india-drafts-cybersecurity-rules-for-connected-vehicles-440072

Publish Date: 2026-06-29 04:43:00

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points. The Ministry of Road Transport and Highways (MoRTH) has published draft rules that would, for the first time, make cybersecurity and software-update management mandatory for certain categories of motor vehicles in India. The proposed regulations introduce two new provisions under the Central Motor Vehicles Rules, 1989, and are open for public comments for 30 days before being finalized.New rules introduce mandatory cybersecurity and software-update standardsNew standards to remain in force until BIS issues its own normsIndia aligns with vehicle regulations followed in the EU, Japan and South KoreaNew cybersecurity and software-update rules proposedThe draft notification proposes adding Rules 125-T and 125-U to the Central Motor Vehicles Rules, 1989. Rule 125-T covers vehicle cybersecurity and requires eligible vehicles to comply with AIS-189, India’s cybersecurity standard, while Rule 125-U mandates compliance with AIS-190 for software updates. Both standards will remain in force until the Bureau of Indian Standards (BIS) issues its own specifications, at which point those will take over.The cybersecurity rules will apply to passenger vehicles, commercial vehicles and tractors equipped with at least one electronic control unit (ECU), as well as quadricycles with Level 3 or higher automated driving capability. The software-update requirements will cover a wider range of vehicles, including passenger vehicles, commercial vehicles, trailers and semi-trailers.Rollout to be phased until 2029Rather than applying the rules to all vehicles at once, MoRTH has proposed a phased rollout based on risk exposure. Vehicles with Level 3 or higher automated driving systems will be the first to comply, with deadlines beginning in October 2026 for new models and April 2027 for existing ones. Vehicles capable of receiving over-the-air (OTA) software updates will follow between April and October 2028, while all other vehicles with software-update capability will come under the rules from October 2029.India moves closer to global regulationsAccording to the draft notification, the proposed rules align India with the United Nations regulatory framework already adopted in markets such as the European Union, Japan and South Korea, where cybersecurity and software-update management are mandatory requirements for vehicle type approval.