THE CAR INDUSTRY IS RACING TO REPLACE CHINESE CODE
How Chinese is your car? Automakers are racing to work it out.
Modern cars are packed with internet-connected widgets, many of them containing Chinese technology. Now, the car industry is scrambling to root out that tech ahead of a looming deadline, a test case for America’s ability to decouple from Chinese supply chains.
New U.S. rules will soon ban Chinese software in vehicle systems that connect to the cloud, part of an effort to prevent cameras, microphones and GPS tracking in cars from being exploited by foreign adversaries.
The move is “one of the most consequential and complex auto regulations in decades,” according to Hilary Cain, head of policy at trade group the Alliance for Automotive Innovation. “It requires a deep examination of supply chains and aggressive compliance timelines.”
Carmakers will need to attest to the U.S. government that, as of March 17, core elements of their products don’t contain code that was written in China or by a Chinese company. The rule also covers software for advanced autonomous driving and will be extended to connectivity hardware starting in 2029. Connected cars made by Chinese or China-controlled companies are also banned, wherever their software comes from.
The deadline is bringing fresh urgency to an industrywide effort to rely less on Chinese components. The shift was sparked by pandemic-era supply-chain disruptions and has stepped up amid rising geopolitical tensions. Tesla last year decided to stop using China-based suppliers for cars it makes in the U.S.
“There should be no critical semiconductor components coming from China—that’s easy to check,” said Håkan Samuelsson, chief executive officer of Volvo Cars. “More challenging is to be sure that no data that the car collects can ever be transmitted to China.”
Carmakers typically buy electronics from big suppliers, which sometimes source software from smaller suppliers or joint ventures in China. The supply chain isn’t motivated to give automakers the information they suddenly need.
“The suppliers don’t want to share source code,” said Brandon Barry, founder of Detroit-based Block Harbor Cybersecurity. “That’s their IP.”
Even when Chinese software is clearly identifiable, it is hard for automakers to switch to an alternative. Automotive code tends to be bespoke, and changing it on existing vehicles brings risks.
To be sure, cybersecurity experts expect some automakers and suppliers to get temporary exemptions from the software ban if they show they have addressed risks in other ways.
The Commerce Department’s Bureau of Industry and Security, which introduced the connected-vehicle rule, is also allowing the use of Chinese code that is transferred to a non-Chinese entity before March 17.
That carve-out has sparked a rush of corporate restructuring, according to Matt Wyckhouse, chief executive of cybersecurity firm Finite State. Global suppliers are relocating China-based software teams, while Chinese companies are seeking new owners for operations in the West.
Among those rushing to close a deal is Pirelli. The Italian tiremaker risks falling foul of the rules because its biggest shareholder is Chinese chemicals giant Sinochem. The new regulations apply to the company because its smart tires connect to the cloud.
Pirelli, its top two shareholders and the Italian government are now in talks about potential solutions. Options include Sinochem reducing its 34% stake and the ringfencing of the U.S. smart-tire business.
One beneficiary of the changes is Ohio-based startup Eagle Wireless.
Eagle is working to establish a U.S. source of so-called cellular modules, which connect smart devices to the internet.
The American company last year acquired source code from China’s Quectel—the world’s largest supplier of the widgets—and is working with automakers and big suppliers to migrate software updates to its platform before the cutoff date.
Having a compliant software partner allows Quectel to continue shipping its hardware to American clients for another three years. Meanwhile, Eagle is building up its own module manufacturing.
“The connected-vehicle rule is a major tailwind for onshoring both software development and manufacturing,” said Mark Kvamme, Eagle’s co-founder.
One of the differences clients will notice: Eagle’s modules are roughly 10% more expensive than Quectel’s Chinese-made ones.
Nevertheless, Eagle expects wider concerns about the dominance of Chinese cellular modules in other products, ranging from asset trackers to energy pipelines, to boost demand for U.S.-made alternatives.
Chinese cellular-module manufacturers had a global market share of 87% in the first half of last year, up from 69% in 2019, according to data provider Counterpoint Research.
China’s tightening grip on the supply chain for connected devices has prompted comparisons with both America’s reliance on Chinese rare earths and its security concerns about telecommunication company Huawei.
“If you think rare earths is a bad dependency to have on China, wait till you’re dependent on cellular modules. It’s much, much worse. It’s broader,” former British diplomat Charles Parton told a U.S. congressional committee in December.
The Bureau of Industry and Security team responsible for the connected-car rule had signaled it would expand its clampdown on Chinese tech to other products, including commercial vehicles and drones.
However, that effort is now uncertain after the Trump administration recently pushed out two officials focused on tackling technological threats from China. The drone investigation was shelved in January.
A spokesperson for the Bureau of Industry and Security said it was committed to ensuring the connected-vehicle rule addressed national-security risks while creating a workable framework for industry.
Write to Stephen Wilmot at [email protected]
2026-02-06T04:05:41Z