The clock has started ticking for India’s automotive industry, and for buyers of its next generation of connected vehicles. From software-rich vehicles such as the Tata Harrier EV, Mahindra XEV 9e, BE 6, Tata Curvv.ev and Hyundai Creta Electric to connected buses, trucks and smart tractors, the next generation of vehicles will have to be built with cybersecurity at their core rather than treating it as another software feature.Industry estimates suggest meeting the new requirements could add ₹10,000-15,000 to the cost of highly connected vehicles through investments in secure electronics, software validation and long-term cybersecurity support. In return, buyers stand to gain stronger protection against cyber threats, safer over-the-air (OTA) software updates, better protection of vehicle data and faster software fixes throughout a vehicle’s life, while automakers and component suppliers will have to redesign everything from electronic architecture to software development and long-term lifecycle support.Driving this shift is a draft notification issued by the Ministry of Road Transport and Highways (MoRTH) on June 22, 2026, proposing the insertion of Rules 125-T and 125-U into the Central Motor Vehicles Rules, 1989.The proposal would make compliance with AIS-189 for Cyber Security Management Systems (CSMS) and AIS-190 for Software Update Management Systems (SUMS) mandatory for vehicle type approval, with implementation beginning on October 1, 2026 for new Level 3 automated vehicles before expanding in phases to connected passenger vehicles, commercial vehicles, tractors and construction equipment through October 2029, aligning India with cybersecurity regulations already in force across the European Union, Japan and South Korea.Opportunities for Semiconductor & Component makersCompanies making electronic control units, telematics systems, infotainment platforms and embedded software will increasingly be expected to deliver secure hardware, authenticated software and long-term update support rather than simply supplying components. TThe regulation opens opportunities for semiconductor companies, embedded software developers, cybersecurity firms, engineering service providers and automotive testing agencies as software becomes a larger part of the automotive value chain.What buyers are paying forFor buyers, most of these changes will remain invisible, but their benefits may be felt every day. Imagine buying a connected Harrier EV or XEV 9e in 2028. Over the next decade, the vehicle could receive dozens of software updates to improve battery performance, enhance driver-assistance systems, fix bugs or strengthen security.Under the proposed framework, those updates would have to be authenticated, recorded and designed to fail safely if something goes wrong, reducing the risk of corrupted or unauthorised software being installed.The framework is also intended to make it significantly harder for attackers to gain unauthorised access to safety-critical vehicle systems while strengthening protection around the growing amount of data generated by connected vehicles.Software joins the safety checklistThe proposal is about far more than regulatory compliance. For the first time, software integrity is set to join crash safety, emissions and fuel efficiency as a core pillar of vehicle approval. As vehicles evolve into software-defined machines that constantly exchange data with smartphones, cloud servers, charging networks and navigation systems.MoRTH is effectively saying that software must now be engineered with the same discipline as brakes or airbags.Why OEMs cannot waitWhile the first deadline applies only to new Level 3 automated vehicles, the engineering work starts much earlier. A new vehicle typically spends 18 to 30 months in development before reaching a showroom, and by then much of its electronic architecture, including software, electronic control units and semiconductor choices—has already been frozen.Manufacturers planning launches over the next few years will therefore have to integrate cybersecurity into vehicle development today if they want to avoid delays in type approval.The price of digital safetyThe additional investment will inevitably raise development costs, although the extent to which that translates into higher sticker prices will depend on how much manufacturers absorb in a competitive market.Much of the spending will go towards secure electronics, software engineering, cybersecurity testing, certification and lifecycle support rather than visible hardware. Industry estimates suggest these investments could add around ₹10,000-15,000 to the cost of highly connected vehicles.Just as buyers today expect airbags, electronic stability control and high crash-test ratings, cybersecurity is emerging as another layer of vehicle safety—one designed not to protect occupants during a collision, but to protect the vehicle’s software, connected systems and digital identity throughout its life.Published on June 28, 2026
Harrier EV to XEV 9e, new MoRTH cyber rules may raise costs by ₹10,000–15,000 from October
New MoRTH cyber rules could increase connected vehicle costs by ₹10,000-15,000, enhancing safety and cybersecurity in India's automotive industry.
India mandates cybersecurity (AIS-189/190) for connected vehicles from October 2026, adding ₹10,000-15,000 cost per unit. OEMs must redesign electronic architectures now; 18-30 month development cycles mean suppliers locked into governance-first embedded-software strategies.











