Biden administration moves to ban imports of Chinese ‘connected’ cars and parts

The Commerce Department is publishing a proposed rule today to ban imports of Chinese and Russian vehicles, as well as key hardware and software components, that could be used to spy on Americans or potentially even take control of their cars.

“Cars today have cameras, microphones, GPS tracking, and other technologies connected to the internet,” Commerce Secretary Gina Raimondo said in a statement. “It doesn’t take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of U.S. citizens.’

The proposed regulation is the latest barrier that the United States has imposed on Chinese vehicles in recent years, but the first to address cyber hacking threats. Former President Donald Trump imposed a 25 percent tariff on Chinese cars when he was in office, and President Joe Biden recently moved to quadruple that tariff to 100 percent on Chinese electric vehicles.

The proposed rule focuses on hardware and software integrated into a car’s Vehicle Connectivity System and the software integrated into its Automated Driving System. Both are critical systems that allow for external connectivity and autonomous driving capabilities in the increasingly commonplace “connected vehicles” traversing American roads.

The VCS is the set of systems that allow the vehicle to communicate externally, including telematics control units, Bluetooth, cellular, satellite and Wi-Fi modules. The ADS includes the components that collectively allow a highly autonomous vehicle to operate without a driver behind the wheel.

Commerce officials said malicious access to those systems could allow adversaries to access and collect sensitive data and remotely manipulate cars. The proposed rule covers fully-assembled vehicles, as well as components used in the vehicle connectivity and automated driving systems that have “a sufficient nexus to China or Russia.”

That could force foreign manufacturers in third countries such as Germany, South Korea and Japan to find new suppliers if they currently use the targeted Chinese or Russian parts in the vehicles that they export to the United States.

Last year, the United States imported about $458 billion worth of autos and auto parts from around the world, according to Commerce Department figures. Mexico is by far the largest foreign supplier, followed by Canada, Japan, South Korea and Germany. Imports from China totaled slightly more than $17 billion, including about $14.4 billion worth of parts. Russia is not a significant supplier to the United States of either fully-assembled vehicles or parts.

The proposed rule would apply to all on-road vehicles such as cars, trucks, and buses, but would exclude vehicles not used on public roads like agricultural or mining vehicles. The software prohibitions would take effect for Model Year 2027 and the hardware prohibitions would take effect for Model Year 2030, or January 1, 2029 for units without a model year.

Today’s action follows an Advance Notice of Proposed Rulemaking published by Commerce Department’s Bureau of Industry and Security on March 1. That proposal spawned concerns among automakers both in the United States and overseas that the Biden administration would take an overly broad approach.

“Not all (information and computer technology) components from countries of concern pose a threat to national security,” VDA, the German Automotive Industry Association, said in comments urging Commerce to limit the scope of its rulemaking.

Biden administration officials said they would hold another comment period on the final proposed rule, but insisted the threat was too real to ignore.

“If the PRC, or Russia, for example, could collect data on where the driver lives, or where or what school their kids go to, where their doctor is, that data would make the American vulnerable in an extreme situation,” Raimondo told reporters on a call to discuss the proposed rule. “A foreign adversary could shut down or take control of all their vehicles operating in the United States, all at the same time, causing crashes, blocking roads, etc.”

The United States has “already seen ample evidence that the PRC is pre-positioning malware on our critical infrastructure for the purpose of disruption and sabotage,” White House National Security Adviser Jake Sullivan said.

“Many of these technologies collect large volumes of information on drivers in their environment, while connecting constantly with personal devices, with other cars, with U.S. critical infrastructure, and with the original manufacturers of vehicles and components,” he added.