India’s Ministry of Heavy Industries has ordered automakers to urgently audit electric vehicle battery systems for cybersecurity flaws. This directive mandates new security standards, AIS-189 and AIS-190, starting October 1, 2026, to prevent remote vehicle interference. Investors should monitor potential compliance costs and the impact on EV manufacturers' product design timelines.
The Ministry of Heavy Industries has issued a direct advisory to automobile manufacturers and industry bodies, including the Society of Indian Automobile Manufacturers, following reports of critical security flaws in electric vehicle battery systems. The government is concerned about vulnerabilities that could allow unauthorized individuals to remotely disable a moving electric vehicle via Bluetooth-enabled applications.
New Regulatory Standards for EVs
To address these security gaps, the ministry is preparing to roll out mandatory standards known as AIS-189 and AIS-190. Starting October 1, 2026, automotive companies will be required to implement formal Cyber Security Management Systems and Software Update Management Systems. These standards shift the focus toward securing over-the-air software updates, improving user authentication protocols, and ensuring that software integrity is validated at every stage of vehicle operation.
While previous regulations like AIS-156 and AIS-038 focused primarily on battery safety and telematics, they did not specifically mandate protection against wireless cyber threats. The government’s move suggests that manufacturers may need to increase their capital spending on hardware and software upgrades to meet these new, more rigorous security requirements.
Understanding the Security Risk
The ministry’s directive stems from technical reports involving the BAT-BMS application, which was found to be capable of shutting down e-rickshaws by remotely disconnecting the battery’s discharge function. While the developer of the application, Shenzhen Grenergy Technology, has described the tool as a legitimate management interface, security experts have noted that the issue often arises when battery packs are deployed with factory-default passwords or weak authentication. Because these battery systems often communicate via Bluetooth, vehicles within a short physical range become susceptible to external interference.
Potential Impact on Manufacturers
For Indian EV manufacturers, this shift signifies a move toward mandatory cybersecurity integration at the design level. While this helps build a more robust connected vehicle ecosystem, it also introduces a potential risk of cost increases and the need for faster compliance. Investors should track how quickly companies can transition to the new AIS-189 and AIS-190 standards and whether these requirements lead to higher research and development expenses in the near term. The government has tasked industry associations like the Automotive Component Manufacturers Association with ensuring that all stakeholders, including component suppliers, prioritize these cybersecurity upgrades before the October deadline.
