Navigating Cybersecurity & Privacy in Connected Vehicles

Introduction

The automotive industry is in the midst of a sweeping digital transformation. Modern vehicles now arrive as “rolling data centers,” equipped by default with telematics, Vehicle-to-Everything (V2X) communications, over-the-air (OTA) software updates, and cloud-based infotainment systems that promise safer, smarter, and highly personalised mobility. Yet this pervasive connectivity dramatically expands the attack surface and escalates privacy exposure—not just for individual drivers, but for entire fleets.

Regulators across the globe have moved quickly. Cybersecurity frameworks such as UNECE WP.29 and ISO/SAE 21434 impose rigorous, life-cycle security requirements, while data-protection regimes like the GDPR, India’s DPDP Act, and California’s CCPA demand robust governance of the vast personal data generated on-board. In this environment, original-equipment manufacturers (OEMs) and suppliers must adopt proactive, end-to-end security and privacy programmes that evolve in lockstep with both technological innovation and regulatory change.