MoRTH proposes phased rollout of automotive cybersecurity norms; all OTA-enabled vehicles to comply by 2029, ETAuto
Publish Date: 2026-06-26 08:21:00
Source Domain: auto.economictimes.indiatimes.com
The standard will require automakers to ensure cybersecurity governance, risk assessment, monitoring, and secure updates across a vehicle’s lifecycle.
With the SDV (software defined vehicle) megatrend gaining traction, India is preparing to take security measures to enhance the security quotient of automobiles made in the country.
The Ministry of Road Transport and Highways (MoRTH) has issued a draft notification (dated June 22) proposing to mandate automotive cybersecurity and software update management requirements under AIS-189, marking a significant step towards strengthening cyber resilience in India’s connected vehicle ecosystem.
The draft amendment to the Central Motor Vehicles Rules, 1989, introduces two new provisions—Rule 125-T covering Cyber Security and Cyber Security Management Systems (CSMS), and Rule 125-U covering Software Updates and Software Update Management Systems (SUMS).
The regulations will apply across vehicle categories M (passenger vehicles), N (goods carriers), T (trailers). And, in the case of Software Updates and SUMS, also agricultural and construction machinery categories, in a phased manner.
Under the proposal, vehicles equipped with at least one electronic control unit (ECU) and compliant with AIS-189 will be required to implement cybersecurity and software update management systems in line with the standard, with corresponding BIS specifications to be notified separately.
The implementation roadmap begins with Level 3 and above automated vehicles, for which compliance will become mandatory from October 1, 2026 for new models and April 1, 2027 for existing models.
The second phase covers OTA-enabled vehicles with OTA-capable ECUs, excluding infotainment systems and tracking devices. These vehicles will need to comply from April 1, 2028 for new models and October 1, 2028 for existing models.
Aligning with global best practices
From…
Source
