Why U.S. Regulators Are Watching Car Software Closely

Ongoing NHTSA guidance, though voluntary, is reshaping how automakers and suppliers treat cybersecurity as a core element of vehicle safety

18 Nov 2025

A gradual shift in US vehicle safety policy is elevating cybersecurity from a technical issue to a core element of road safety, reshaping how automakers and suppliers design and manage connected vehicles.

The National Highway Traffic Safety Administration has reinforced this direction through guidance on vehicle cybersecurity, most recently updated in 2022, alongside ongoing research and engagement with the industry. Although the guidance is voluntary and non-binding, it is widely seen as a signal of regulatory intent as vehicles become more software-driven and connected.

For carmakers already managing the transition to electric and software-defined vehicles, the agency’s message is increasingly clear. Digital risks are now safety risks. While NHTSA has not set firm rules, further updates are expected, and companies are adjusting in anticipation.

Automakers are responding by investing more in secure software systems, centralised monitoring and rapid update tools that allow fixes to be deployed remotely. General Motors has pointed to its growing use of centralised systems to identify unusual vehicle behaviour, while Ford Motor Company has stressed the role of secure over-the-air updates in addressing risks without relying solely on dealership visits.

These changes are affecting the wider supply chain. Software developers, sensor makers and electronics suppliers face higher expectations to show robust cybersecurity practices, even without mandatory standards. Industry analysts say cybersecurity is increasingly influencing supplier selection, contract terms and long-term investment decisions across the sector.

Tesla has shown how frequent software updates can be used to manage risk and improve vehicle performance. Industry reporting suggests regulators and safety groups are now paying closer attention to how such systems are governed, documented and secured across the market, particularly as connected features expand into advanced driver assistance and automated driving.

Smaller suppliers face challenges in meeting rising expectations, and uncertainty remains over when voluntary guidance could turn into formal regulation. Even so, the policy direction appears set. As vehicles become more like digital platforms on wheels, cybersecurity is moving from a supporting function to a foundation of vehicle safety, with implications for regulation, competition and consumer trust.