Transforma logo

Connected vehicle regulations: Navigating the global policy landscape

JUL 17, 2026 | Suruchi Dhingra
 
region: ALL ManufacturingTransportation & Storage Artificial IntelligenceHyperconnectivityInternet of ThingsEdge ComputingAutonomous Robotic SystemsData Sharing

The automotive industry is no longer defined solely by engines, horsepower, or mechanical engineering. Today's vehicles are software-defined, cloud-connected, and data-driven platforms capable of communicating with drivers, infrastructure, and other vehicles. Features such as over-the-air (OTA) software updates, predictive maintenance, advanced driver assistance systems (ADAS), vehicle-to-everything (V2X) communication, and autonomous driving capabilities are rapidly reshaping how vehicles are designed, operated, and maintained.

While these innovations promise safer roads, better mobility, and improved user experiences, they also introduce an entirely new set of regulatory challenges. Connected vehicles generate and exchange enormous volumes of data, rely on continuous software updates, and interact with external networks that can expose them to cybersecurity threats. As a result, policymakers worldwide are rethinking traditional automotive regulations, which have historically focused on vehicle safety and emissions, to address emerging issues around cybersecurity, data governance, software liability, and digital infrastructure.

Transforma Insights recently wrote a report ‘Global regulations for connected vehicles’ examining the evolving regulatory landscape for connected vehicles across major global markets. The report explores how governments are responding to this technological shift and identifies the key regulatory themes shaping the future of connected mobility. While approaches differ across regions, six regulatory areas consistently emerge as the foundation of connected vehicle governance: data privacy, data sovereignty, cybersecurity, software and OTA updates, vehicle-to-everything (V2X) communication, and autonomous vehicles.

The six pillars of connected vehicle regulation

connected-vehicle-regs-pillars.jpg

1. Data privacy

Connected vehicles continuously collect information about drivers, passengers, vehicle performance, location, and surrounding environments. This data enables valuable services ranging from navigation and predictive maintenance to insurance and fleet management. However, it also raises important questions about how personal information is collected, processed, stored, and shared.

Data privacy regulations are becoming central to connected vehicle policy. Regulators increasingly require vehicle manufacturers and service providers to obtain user consent, ensure transparency in data collection, minimise unnecessary data processing, and provide mechanisms for users to exercise control over their personal information. As vehicles become extensions of the digital ecosystem, automotive companies must now comply with many of the same privacy obligations that apply to technology companies.

2. Data sovereignty

Beyond privacy lies the issue of where vehicle data is stored and who can access it. Connected vehicles often transfer information across national borders through cloud platforms, creating concerns around national security, law enforcement access, and economic competitiveness.

Many governments are introducing data sovereignty requirements that restrict cross-border transfers of certain categories of automotive data or require local storage of sensitive information. China has emerged as one of the strongest advocates of data localisation for connected vehicles, reflecting broader concerns around national security and digital sovereignty. Other jurisdictions are also evaluating whether critical mobility data should remain within national boundaries, particularly as connected vehicles become increasingly integrated into transportation infrastructure.

For global automotive manufacturers, these requirements create operational complexity, requiring different data management strategies for different markets.

3. Cybersecurity

Cybersecurity has become one of the most significant regulatory priorities for connected vehicles. Unlike traditional vehicles, connected cars are exposed to external networks throughout their lifecycle, making them potential targets for cyberattacks.

Modern regulations increasingly require manufacturers to adopt cybersecurity-by-design principles, conduct risk assessments, implement secure software development practices, monitor emerging threats, and establish incident response mechanisms. Rather than treating cybersecurity as an optional feature, regulators now expect it to be integrated throughout the vehicle's design, production, and operational lifecycle.

4. Software and OTA updates

Software has become as important as hardware in modern vehicles. Many vehicle functions can now be improved, modified, or repaired remotely through OTA updates, reducing the need for physical recalls while enabling continuous feature enhancements. However, remote software updates also create regulatory challenges. Authorities need assurance that updates do not compromise vehicle safety, introduce cybersecurity vulnerabilities, or alter certified vehicle performance without appropriate oversight.

Consequently, regulators are developing requirements governing software lifecycle management, update validation, version control, rollback capabilities, and documentation. The growing reliance on software-defined vehicles means compliance increasingly extends beyond manufacturing and into the vehicle's entire operational life.

5. Vehicle-to-Everything (V2X) communication

Vehicle-to-Everything, or V2X, communication allows vehicles to exchange information with other vehicles, roadside infrastructure, pedestrians, and cloud services. This technology has enormous potential to improve road safety, optimise traffic flow, and support autonomous driving. Realising these benefits, however, requires interoperability. Vehicles from different manufacturers must communicate using compatible technologies and agreed communication protocols. Governments therefore play an important role in spectrum allocation, communication standards, security frameworks, and infrastructure deployment.

Different regions have adopted different technological approaches, with varying preferences for dedicated short-range communications (DSRC) and cellular V2X (C-V2X). Achieving greater international harmonisation remains an ongoing challenge as connected mobility expands globally.

6. Autonomous Vehicles

Although autonomous driving extends beyond vehicle connectivity alone, the two technologies are increasingly intertwined. Connected vehicles provide many of the data inputs and communication capabilities that support higher levels of driving automation.

Regulators are therefore working to establish frameworks covering vehicle testing, safety validation, software accountability, human oversight, liability allocation, and operational design domains. Unlike traditional vehicle certification, autonomous vehicle regulation must also account for machine learning, software updates, sensor performance, and evolving operational capabilities throughout the vehicle's lifecycle.

As autonomous technologies mature, regulatory clarity will become essential for enabling commercial deployment while maintaining public trust.

A global patchwork of regulatory approaches

While the six regulatory themes are broadly consistent worldwide, countries have adopted very different approaches depending on their policy priorities, industrial strategies, and technological maturity.

Europe has developed one of the most comprehensive regulatory ecosystems for connected vehicles, placing strong emphasis on cybersecurity, functional safety, and data privacy. Regulatory certainty has become a defining feature of the European approach, providing manufacturers with clear compliance expectations while strengthening consumer protection.

China has pursued a different strategy, combining regulatory oversight with industrial policy. Alongside significant investments in intelligent transportation systems and connected infrastructure, China has placed particular emphasis on data security, data sovereignty, and domestic technology development. Vehicle connectivity is viewed not only as a transportation issue but also as a strategic component of national digital infrastructure.

The United States has traditionally favoured a more market-driven approach. Federal agencies such as the National Highway Traffic Safety Administration (NHTSA) have issued guidance covering cybersecurity, automated driving systems, and software updates, while allowing significant room for industry innovation. More recently, however, growing concerns over national security, supply chain resilience, and foreign technology dependencies have prompted increased federal scrutiny of connected vehicle components and cross-border data flows.

India remains at an earlier stage of regulatory development, but the direction of travel is becoming increasingly clear. The country's connected vehicle ecosystem is evolving alongside broader initiatives around digital governance, smart mobility, intelligent transportation systems, and road safety. Developments such as the Digital Personal Data Protection Act and emerging connected vehicle standards demonstrate growing recognition of the policy challenges associated with software-defined mobility. While India's framework is not yet as mature as those of Europe or China, regulatory activity is accelerating as connected vehicle adoption increases.

Looking ahead

Connected vehicles are transforming the automotive industry into a digital ecosystem where software, connectivity, and data are just as important as mechanical engineering. As this transformation accelerates, regulation will play an increasingly critical role in balancing innovation with safety, privacy, cybersecurity, and public trust.

For automotive manufacturers, suppliers, technology companies, and mobility providers, understanding the evolving regulatory landscape is becoming a strategic necessity rather than simply a compliance exercise. Regulations are no longer limited to vehicle certification they increasingly govern how vehicles collect data, receive software updates, communicate with infrastructure, and operate throughout their lifecycle.

Although regional approaches will continue to differ, the direction is unmistakable: connected vehicle regulation is becoming more comprehensive, more technology-focused, and more globally significant. Organisations that proactively monitor regulatory developments and build compliance into product design from the outset will be better positioned to compete in the next generation of connected mobility.

All Blog Posts