Indian Govt’s New AIS189 Standard Aims To Make Your Car Hacker Proof
Modern cars are essentially heavy computers on wheels, filled with internet connected infotainment screens, wireless sensors, advanced driver assistance systems, and over the air software updates. While these digital features add massive convenience and improve the driving experience, they also expose vehicles to a new and invisible threat: remote hacking.
To counter this growing risk, the government is preparing to roll out the Automotive Industry Standard 189, commonly referred to as AIS 189. This will be the country's first mandatory cybersecurity regulation for passenger vehicles, ensuring that automakers build strong digital firewalls into their cars before they even reach the showroom floor.
AIS 189 is closely modelled on established global cybersecurity frameworks, specifically the UN R155 regulation, which the European Union strictly enforced in 2022. China also introduced its own similar framework recently. By adopting AIS 189, the government is bringing domestic automotive manufacturing in line with these major global markets. Under this new mandate, obtaining official cybersecurity approval will become a strict prerequisite for launching any new vehicle.
Industry timelines indicate that the implementation phase will begin for all entirely new car models by October 2027. Following that initial rollout, full compliance will become mandatory across all passenger vehicles sold in the market by October 2028. This gives manufacturers a defined window to overhaul their electronic architectures.
To meet the requirements of AIS 189, car manufacturers will be forced to establish a comprehensive Cybersecurity Management System. This structured system will require companies to systematically identify, assess, and mitigate software vulnerabilities throughout the entire lifecycle of a vehicle. It is no longer enough to just build a secure car at the factory level. Manufacturers will now be held legally responsible for monitoring and updating the vehicle’s digital defences for as long as it remains on the road.
Before a car is approved for sale, it will have to undergo rigorous penetration testing and threat analysis. This involves hiring cybersecurity experts to actively simulate cyberattacks, trying to hack into the vehicle's internal network, electronic control units, and wireless communication systems. If any weakness is exposed during this testing phase, the manufacturer must engineer a fix before the car can receive its regulatory certification.
A critical focus area of the new standard is the security of over the air software updates. Just like a smartphone, modern vehicles frequently receive remote updates from the manufacturer to fix software bugs or unlock new features. The new standard requires automakers to absolutely guarantee that these wireless update channels cannot be intercepted or manipulated by cybercriminals to inject malicious code into the car's steering, braking, or engine management systems.
Furthermore, the regulation targets physical access vulnerabilities. It pushes for robust authentication mechanisms, such as secure keyless entry systems and multi factor authentication, to prevent unauthorized individuals from unlocking and driving away with a vehicle using signal cloning devices.
For the automotive industry, this represents a massive operational shift. Cybersecurity is now becoming just as critical to a vehicle's legal compliance as physical crash ratings and tailpipe emission norms. Automakers who delay integrating these protective measures face the very real risk of non-compliance, which could lead to blocked vehicle launches, incredibly expensive software recalls, and severe damage to their brand reputation. For consumers, AIS 189 promises the peace of mind that their highly connected vehicles are actively protected by a government backed digital shield.