Reading time
6 minutes

The new US ICTS rule: What it means for the automotive software market

The recent US rule on securing the ICTS supply chain for connected vehicles is a game-changer. Let’s dive into how this rule could shake up the market.

 

Understanding the rule

Effective March 17, 2025, the US Department of Commerce’s new rule aims to mitigate national security risks by banning transactions involving Connected Vehicles’ hardware and software from certain foreign adversaries. “It will prohibit the import or sale of certain connected vehicle systems designed, developed, manufactured, or supplied by entities with ties to the PRC (including the Hong Kong Special Administrative Region and the Macau Special Administrative Region) or Russia.”

The ban specifies vehicle connectivity systems (VCS) and automated driving systems (ADS). VCS are defined as “systems of components that connect vehicles to the outside world – including via Bluetooth, cellular, satellite, and Wi-Fi modules,” specifically those over 450 megahertz. ADS are defined as systems “which allow highly autonomous vehicles to operate independently of a driver behind the wheel.”

 

Compliance requirements

Based on the U.S. Rule for VCS/ADS, companies must ensure connected vehicle systems exclude components from PRC or Russia. For companies which develop software or systems for VCS/ADS, it has the following obligations:

• Verify if software (excluding open source) or hardware is designed, developed or manufactured in PRC or Russia
• Verify if software (excluding open source) or hardware provided by suppliers is designed, developed or manufactured in PRC or Russia

For software developed before March 17, 2026, it must be ensured that the company developing or maintaining the software – or the supplier of the software or hardware – operates outside the jurisdiction of the PRC or Russia.

 

Economic Impact

Clearly, this rule will have cost impacts and can also impact supply chains significantly.

OEMs, Tier 1s, and Tier 2s are expected to obtain a declaration of conformity from suppliers, confirming that VCS/ADS software or systems were not designed, developed, or maintained in the PRC or Russia after March 17, 2026. This requirement will introduce additional costs for OEMs and suppliers serving the U.S. market.

Automotive manufacturers and suppliers must rethink their partnerships and sourcing strategies. Companies dependent on Chinese or Russian VCS/ADS software will need to secure compliant alternatives, driving a market shift and increasing demand for secure software.

While challenging, this regulation also fuels innovation. For consumers, it underscores the critical role of data security in connected vehicles. As connectivity expands, so does the need for robust system security. By reinforcing these safeguards, the rule aims to strengthen U.S. consumer trust in vehicle safety and reliability.

 

Shifting global landscape

This rule will shape global collaboration and competition, potentially driving the emergence of parallel technological ecosystems. While this may spur regional innovation, it could also create challenges for global interoperability. Companies must navigate these complexities to remain competitive.

 

Looking ahead

The new ICTS rule is one of many regulatory changes shaping the future of the automotive software market. By embracing these changes and focusing on innovation, we can turn disruptions into opportunities for growth and resilience.
In conclusion, while the new US ICTS rule presents challenges, it also offers a unique chance to innovate. By thinking ahead and adapting, OEMs/Tier1/Tier2 suppliers can continue to lead in automotive software security and compliance.