Auto Firms Face October 2026 Deadline for New EV Cyber Norms

AUTO
Whalesbook Logo
AuthorKavya Nair|Published at:
Auto Firms Face October 2026 Deadline for New EV Cyber Norms

India’s Ministry of Heavy Industries has ordered automakers to urgently audit electric vehicle battery systems for cybersecurity flaws. This directive mandates new security standards, AIS-189 and AIS-190, starting October 1, 2026, to prevent remote vehicle interference. Investors should monitor potential compliance costs and the impact on EV manufacturers' product design timelines.

The Ministry of Heavy Industries has issued a direct advisory to automobile manufacturers and industry bodies, including the Society of Indian Automobile Manufacturers, following reports of critical security flaws in electric vehicle battery systems. The government is concerned about vulnerabilities that could allow unauthorized individuals to remotely disable a moving electric vehicle via Bluetooth-enabled applications.

New Regulatory Standards for EVs

To address these security gaps, the ministry is preparing to roll out mandatory standards known as AIS-189 and AIS-190. Starting October 1, 2026, automotive companies will be required to implement formal Cyber Security Management Systems and Software Update Management Systems. These standards shift the focus toward securing over-the-air software updates, improving user authentication protocols, and ensuring that software integrity is validated at every stage of vehicle operation.

While previous regulations like AIS-156 and AIS-038 focused primarily on battery safety and telematics, they did not specifically mandate protection against wireless cyber threats. The government’s move suggests that manufacturers may need to increase their capital spending on hardware and software upgrades to meet these new, more rigorous security requirements.

Understanding the Security Risk

The ministry’s directive stems from technical reports involving the BAT-BMS application, which was found to be capable of shutting down e-rickshaws by remotely disconnecting the battery’s discharge function. While the developer of the application, Shenzhen Grenergy Technology, has described the tool as a legitimate management interface, security experts have noted that the issue often arises when battery packs are deployed with factory-default passwords or weak authentication. Because these battery systems often communicate via Bluetooth, vehicles within a short physical range become susceptible to external interference.

Potential Impact on Manufacturers

For Indian EV manufacturers, this shift signifies a move toward mandatory cybersecurity integration at the design level. While this helps build a more robust connected vehicle ecosystem, it also introduces a potential risk of cost increases and the need for faster compliance. Investors should track how quickly companies can transition to the new AIS-189 and AIS-190 standards and whether these requirements lead to higher research and development expenses in the near term. The government has tasked industry associations like the Automotive Component Manufacturers Association with ensuring that all stakeholders, including component suppliers, prioritize these cybersecurity upgrades before the October deadline.

Disclaimer:This article is published for informational purposes only. While reasonable efforts are made to ensure accuracy, completeness, and timeliness, readers are encouraged to independently verify information before making any decisions based on the content. The views and information presented are subject to editorial review and may be updated without notice.