The relationship between the United States and China has never been simple when it comes to automobiles. Tariffs and trade disputes have grabbed headlines for years. But the latest friction isn’t about steel or batteries. It’s about something less visible and potentially more consequential: the software that runs modern vehicles and the data those vehicles collect every time they’re driven.
Federal officials have grown increasingly vocal about concerns that connected vehicles with Chinese-developed software or hardware could pose national security risks. The worry is that cars equipped with foreign technology might collect sensitive information about American infrastructure, military installations, driving patterns, and personal behavior, then transmit that data to servers accessible by foreign governments. Whether those concerns are grounded in demonstrated threats or theoretical vulnerabilities depends on who you ask.
The Commerce Department proposed rules late last year that would effectively ban Chinese-developed software and certain hardware components from connected vehicles sold in the United States. The regulations target vehicle connectivity systems, including telematics modules, Bluetooth, cellular, satellite, and Wi-Fi capabilities, as well as automated driving systems that rely on external data inputs. If finalized, the restrictions would begin affecting new vehicle models within a few years and expand to cover existing designs shortly after.
“We’re not waiting for a problem to emerge,” said a Commerce Department official who spoke on background because the rulemaking process is ongoing. “The integration of software and connectivity into vehicles creates risks that didn’t exist a decade ago. We need to address those risks before the supply chain becomes harder to unwind.”
Chinese officials have responded sharply, calling the proposed rules protectionist measures disguised as security concerns. The Ministry of Commerce in Beijing issued a statement last month accusing the United States of discriminating against Chinese technology companies without evidence of wrongdoing. Industry groups in China have warned of retaliatory measures that could affect American automakers operating in the Chinese market.
The stakes are significant on both sides. China remains the world’s largest automotive market, and several American manufacturers depend heavily on sales there. General Motors, Ford, and Tesla all have substantial operations in China. Any escalation that restricts market access or raises costs could ripple through earnings reports and strategic plans for years.
At the same time, Chinese automakers have been eyeing the U.S. market with growing ambition. Brands like BYD and Nio have expanded aggressively in Europe and other regions, and American entry has long been seen as the next step. The proposed software rules, combined with existing tariffs on Chinese-made vehicles, would make that path considerably harder.
I talked to a supply chain analyst based in Detroit who works with several global automakers. “The issue is that software sourcing is genuinely complicated,” she said. “A vehicle might have dozens of software suppliers, and some of those suppliers use code libraries or components that trace back to Chinese developers even if the primary contractor is American or European. Disentangling all of that is a massive undertaking.”
The data question cuts in multiple directions. Modern vehicles collect enormous amounts of information. Cameras capture surroundings continuously. GPS systems track precise locations. Microphones enable voice commands. Sensors monitor driver behavior. In aggregate, that data can reveal patterns of life for individuals and, when scaled up, potentially sensitive details about infrastructure, traffic flows near government facilities, and the movements of specific people.
Automakers have generally insisted that customer data is handled responsibly and stored securely. Privacy policies vary by manufacturer, but most claim that personally identifiable information is either anonymized or protected by encryption. Whether those assurances satisfy national security officials is another matter.
“Privacy and security aren’t the same thing,” said Martin Caldwell, a cybersecurity researcher at Stanford. “A company can be fully compliant with consumer privacy laws and still be vulnerable to state-level cyber intrusion. The concern isn’t necessarily what automakers intend to do with data. It’s who else might be able to access it.”
Chinese technology companies have faced similar scrutiny in other sectors. Huawei’s telecommunications equipment has been banned or restricted in multiple Western countries. TikTok has faced ongoing legislative pressure over data handling practices. The connected vehicle issue follows a familiar template, though the complexity of automotive supply chains makes enforcement more challenging.
Some automakers have already begun adjusting. Companies with global operations are reportedly examining their software sourcing to identify potential exposure to the proposed rules. A few have discussed creating separate technology stacks for different markets, which would add cost but reduce regulatory risk. Others are waiting to see whether the final rules match the initial proposal or get softened through the comment process.
The Chinese automotive industry has responded with a mix of defiance and pragmatism. Some manufacturers have accelerated efforts to develop relationships with non-Chinese software providers. Others have focused on markets where U.S. regulations don’t apply. A few have suggested that American concerns are overblown and politically motivated.
Consumer awareness of these issues remains limited. Most buyers don’t think about where their car’s software comes from or where their driving data ends up. They care about features, price, reliability, and maybe fuel economy or charging speed. The geopolitical layer underneath all of that is invisible unless something goes wrong.
For now, the proposed rules are still working through the regulatory process. Public comments have been submitted, and revisions are possible before anything becomes final. Industry lobbyists are pushing for longer timelines and clearer definitions. Security hawks want faster implementation and broader scope. Where the balance lands will shape the connected vehicle landscape for years.
The tension between openness and security isn’t going away. Vehicles are becoming rolling computers with wheels, and the question of who controls the software and data inside them has implications that extend well beyond the showroom. The U.S. and China are drawing lines that may not be easily redrawn. How automakers and consumers adapt will depend on decisions being made right now, in conference rooms and regulatory offices, far from any dealership floor.
