After US, Europe probes Chinese car software

BRUSSELS — Slowly, surely, the European Union is tinkering with its own blocks on Chinese connected-car technology like those proposed in the United States this week.

After the U.S. government on Monday announced it wanted to ban Chinese tech linking cars to the internet from American roads, European officials have echoed Washington’s concerns about the spying, surveillance and sabotage risks posed by what EU digital czar Margrethe Vestager described as “computers on wheels.”  

A connected car “can register everything where it is, and it can also transmit that data to those who have access to the data,” Vestager told reporters on a U.S. visit Tuesday. The EU’s services “are looking at this, also with our economic security experts,” she said, adding “it’s legitimate to look into whether or not that kind of technology can be misused when it comes to security issues.”

The focus on Chinese car technology opens up another front in an ongoing battle among the U.S., China and other regions over who controls key technologies like artificial intelligence, microchips and 5G; driving the rivalry are fears of espionage, sabotage, economic coercion tactics and supply chain disruptions. It also comes as Europe is already slapping trade tariffs on Beijing-subsidized electric vehicles, in an effort to stop Chinese cars from flooding the bloc’s market.

The U.S. Commerce Department’s Monday announcement is the latest barrier Washington has wanted to impose on Chinese vehicles in recent years, but is the first to address cyber-hacking threats. Canada and the U.K. are also considering enacting bans or other legislation to address security concerns. In July U.S. officials met with selected European countries and others to discuss cybersecurity and data risks related to connected cars.

European officials, meanwhile, have been quietly working on measures that seek to better understand and remedy the perceived risks of Chinese tech in cars.

One possible route is a draft “ICT supply-chain toolbox” that cybersecurity officials are working to finalize in the coming weeks. The document will include proposed measures on electric-vehicle connectivity as well as on renewables, according to one person with knowledge of the drafting who was granted anonymity to disclose details. It would resemble Europe’s 5G Security Toolbox, which led a series of EU countries to ban, limit or phase-out Chinese telco vendor Huawei.

These “toolboxes,” however, are non-binding documents and rely heavily on the willingness of national governments to turn them into tough restrictions.

On top of that, the EU in recent years has passed a patchwork of laws and legislation ranging from cybersecurity policies in critical sectors, such as transport, to rules on the management of data generated by connected devices. But those rules aren’t used to target specific countries or suppliers — yet.

Dutch EU lawmaker Bart Groothuis, who worked on some of the mentioned rulebooks, says everything now “hinges on the political will” to start a probe.

While the U.S. can act on national security grounds, Brussels has to leave such decisions to European capitals.

“The U.S. is taking more of a national security approach to it, and the EU doesn’t necessarily have that tool to deploy,” said Greta Peisch, former general counsel with the Office of the United States Trade Representative, in response to questions about the U.S. using national security to put a 100-percent tariff on Chinese EVs.

New car cyber rule dented August sales

Another tweak to Europe’s rules on cybersecurity in cars has already made an impact in Europe. The United Nations Economic Commission for Europe is tasked with setting certain regulations for autonomous vehicles and cybersecurity in cars. A regulation that took effect in July has already limited the models available in the EU.

Under the rule, manufacturers must implement a cybersecurity management system that protects user data. The rule helped dent Chinese car sales figures in August, according to European car analyst Matthias Schmidt.

MG — acquired by Chinese automaker SAIC in 2007 — registered zero vehicles in July, which a Norwegian automotive official confirmed to Schmidt was caused by the UN’s latest cyber regulation.

The rule also hit European carmakers, with Volkswagen subsidiary Porsche pulling its Macan combustion-engine model from the bloc’s market for that very reason, Schmidt said.

While the EU is considering its own moves on Chinese tech in cars, its industries warned that the U.S. measures could cause significant pain to Europe’s powerful car sector.

Under the proposed U.S. ban, European manufacturers could be forced to find new suppliers if they use targeted parts in vehicles they export to the U.S. Several brands import cars from their Chinese production hubs, such as BMW’s Mini and iX3, meaning they could be hit by a European version of the regulation.

Automakers are also loath to anger Beijing, particularly German brands that depend on the Chinese market for the bulk of their revenue.

Car lobby ACEA didn’t provide a specific comment on the expected impact.

European Commission spokesperson Thomas Regnier said the EU will “closely monitor” the U.S. proposal and any “direct or indirect impact” it has. He added that Brussels will “intensify its exchanges” with Washington — after an earlier meeting at the end of July.

Sam Clark contributed reporting.