The US Department of Commerce has today published a final rule in the Federal Register, prohibiting the import of automotive software of Russian or Chinese origin from model year 2027, and hardware of the same origin from model year 2030.
The US Government has cited national security concerns as the core reasoning behind the ban, stating that it applies to any information or communications that are designed, developed, manufactured or supplied by those associated with “certain foreign adversaries”, namely the People’s Republic of China or the Russian Federation.
Undue or unacceptable risk
The Commerce Department believes the progressive complexity of automotive hardware and software systems increases the risk of attack vectors, entry points through which “malign actors and foreign adversaries” might gain access to a vehicle and the information available through it.
Out of the many countries the US considers to be potential foreign adversaries, China and Russia were singled out due to their “legal, political and regulatory regimes, combined with their current and anticipated growth and involvement in the connected vehicles sector”.
The department points out the administrations of these countries have the ability to compel companies to cooperate with security and intelligence services, making their equipment easily exploitable.
“These risks, moreover, present an urgent national security risk to the safety and security of technology used in the United States and to US persons,” the Bureau of Industry and Security stated in the final rule report.
While the emphasis has been almost entirely on issues of national security for this ban, the move will also offer some benefits to the US automotive industry, offering it a chance to fill the potential gap left behind by the cessation of Chinese and Russian vehicle imports.