What's Happening?
The Bureau of Industry and Security's (BIS) Connected Vehicle Rule, effective since March 2025, poses significant compliance challenges for automotive software teams. The rule focuses on the origin and provenance of vehicle software components, particularly
those linked to foreign adversaries like China and Russia. Joseph M. Saunders, CEO of RunSafe Security, emphasizes that the rule is less about trade restrictions and more about software governance. It requires detailed documentation and Declarations of Conformity to ensure components are not sourced from designated adversaries. This regulation demands a shift in how automotive companies manage software provenance, moving beyond traditional supplier attestations to more rigorous evidence-based compliance.
Why It's Important?
The Connected Vehicle Rule has broad implications for the automotive industry, particularly in terms of national security and software integrity. It compels companies to scrutinize their supply chains more closely, ensuring that software components are free from foreign influence. This regulation could lead to increased costs and operational changes as companies adapt to new compliance requirements. However, it also presents an opportunity to enhance software governance and security, potentially setting a new industry standard. The rule's focus on provenance and compliance could drive innovation in software development practices, ultimately benefiting consumers through more secure and reliable vehicles.
What's Next?
Automotive companies will need to invest in tools and processes that capture software provenance at build time, ensuring compliance with the BIS rule. This may involve developing new partnerships with suppliers to enhance transparency and traceability. As the industry adapts, there could be increased collaboration between OEMs and suppliers to address compliance challenges collectively. The rule may also prompt further regulatory developments, both domestically and internationally, as other countries consider similar measures to protect their automotive industries from foreign influence.
