Commerce Curbs Connected and Autonomous Vehicles with a Nexus to China or Russia
Commerce Curbs Connected and Autonomous Vehicles with a Nexus to China or Russia
Continuing the Biden administration’s focus on securing the nation’s critical technologies, on September 23, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) announced a Notice of Proposed Rulemaking (NPRM) that would prohibit the import or sale of connected vehicles and vehicle systems and components designed, developed, manufactured, or supplied by entities connected to the People’s Republic of China (PRC) or Russia.
Although the proposed rule will apply principally to vehicles entering the market near the end of the decade, the development is noteworthy because it is another indication that, when it perceives supply chain vulnerabilities—in this case, potential foreign adversary access to, data exfiltration from, and manipulation of connected vehicles—the U.S. government will not hesitate to ban certain market participants. Moreover, notwithstanding the lag time, automakers will need to assess the supply chains in the short term given the long lead times in the development and launching of new vehicles.
The NPRM is a follow-up to an Advanced Notice of Proposed Rulemaking published by BIS on March 1, 2024. BIS is inviting public comments on the NPRM, which are due November 12, 2024. The proposed rule proceeds from the broad authorities delegated to the Secretary of Commerce under the Trump-era executive order “Securing the Information and Communications Technology and Services Supply Chain” and is the first sector-wide expansion of regulations previously published under that authority.
The proposed rule would prohibit the import or sale of vehicles in the United States with certain Vehicle Connectivity Systems (VCS) or Automated Driving Systems (ADS) hardware or software with a nexus to the PRC or Russia. VCS allow a vehicle to communicate externally (for example, Bluetooth, cellular, satellite, and Wi-Fi modules). ADS covers components and systems that allow autonomous vehicles to operate without a driver. Many driverless cars use in‑vehicle AI computing and machine vision; connected vehicles that utilize this type of software would be impacted by the proposed rule.
The proposed rule covers VCS and ADS hardware and software designed, developed, manufactured, or supplied by persons who are owned by, controlled by, or subject to direction or jurisdiction of the PRC or Russia, regardless of their location. For such hardware and software, the rule would prohibit:
The threshold within the proposed rule for persons or entities owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary (for purposes of the proposed rule, PRC and Russia) includes:
Under the proposed rule, the prohibitions on software would take effect for model year 2027 vehicles, while the hardware prohibitions would take effect for model year 2030 vehicles (or January 1, 2029, for units without a model year).
BIS is also proposing processes to monitor and facilitate compliance with the rule. These measures are intended to ensure members of the impacted industries understand the prohibitions and are not caught off guard by enforcement actions. The proposed processes include:
Parties potentially affected by the NPRM should set time aside now to consider whether and to what extent, the NPRM will affect their operations. As technologies advance and potential national security vulnerabilities are identified, the U.S. government may increase or introduce new controls in this and related sectors. The NPRM puts automakers on notice that the U.S. government views their industry as part of the national’s critical technology infrastructure, alongside companies in the semiconductor, quantum computing, AI, and other spaces.