POLITICO — 2024-09-27
Automotive Industry
Brussels is in the hot seat to act on cyber-hacking threats stemming from Chinese connected cars.
Slowly, surely, the European Union is tinkering with its own blocks on Chinese connected-car technology like those proposed in the United States this week.
After the US government on Monday, 23 September 2024, announced it wanted to ban Chinese tech linking cars to the internet from American roads, European officials have echoed Washington's concerns about the spying, surveillance and sabotage risks posed by what EU digital czar Margrethe Vestager described as “computers on wheels.”
A connected car “can register everything where it is, and it can also transmit that data to those who have access to the data,” Vestager told reporters on a US visit Tuesday, 24 September 2024. The EU's services “are looking at this, also with our economic security experts,” she said, adding “it’s legitimate to look into whether or not that kind of technology can be misused when it comes to security issues.”
The focus on Chinese car technology opens up another front in an ongoing battle among the US, China and other regions over who controls key technologies like artificial intelligence, microchips and 5G; driving the rivalry are fears of espionage, sabotage, economic coercion tactics and supply chain disruptions. It also comes as Europe is already slapping trade tariffs on Beijing-subsidized electric vehicles, in an effort to stop Chinese cars from flooding the bloc's market.
The US Commerce Department's Monday announcement is the latest barrier Washington has wanted to impose on Chinese vehicles in recent years, but is the first to address cyber-hacking threats. Canada and the UK are also considering enacting bans or other legislation to address security concerns. In July 2024 US officials met with selected European countries and others to discuss cybersecurity and data risks related to connected cars.
European officials, meanwhile, have been quietly working on measures that seek to better understand and remedy the perceived risks of Chinese tech in cars.
One possible route is a draft “ICT supply-chain toolbox” that cybersecurity officials are working to finalize in the coming weeks. The document will include proposed measures on electric-vehicle connectivity as well as on renewables, according to one person with knowledge of the drafting who was granted anonymity to disclose details. It would resemble Europe's 5G Security Toolbox, which led a series of EU countries to ban, limit or phase-out Chinese telco vendor Huawei.
These “toolboxes,” however, are non-binding documents and rely heavily on the willingness of national governments to turn them into tough restrictions.
On top of that, the EU in recent years has passed a patchwork of laws and legislation ranging from cybersecurity policies in critical sectors, such as transport, to rules on the management of data generated by connected devices. But those rules aren't used to target specific countries or suppliers — yet.
Dutch EU lawmaker Bart Groothuis, who worked on some of the mentioned rulebooks, says everything now “hinges on the political will” to start a probe.
While the US can act on national security grounds, Brussels has to leave such decisions to European capitals.
“The US is taking more of a national security approach to it, and the EU doesn't necessarily have that tool to deploy,” said Greta Peisch, former general counsel with the Office of the United States Trade Representative, in response to questions about the US using national security to put a 100% tariff on Chinese EVs.
New car cyber rule dented August sales
Another tweak to Europe's rules on cybersecurity in cars has already made an impact in Europe. The United Nations Economic Commission for Europe is tasked with setting certain regulations for autonomous vehicles and cybersecurity in cars. A regulation that took effect in July has already limited the models available in the EU.
Under the rule, manufacturers must implement a cybersecurity management system that protects user data. The rule helped dent Chinese car sales figures in August, according to European car analyst Matthias Schmidt.
MG — acquired by Chinese automaker SAIC in 2007 — registered zero vehicles in July, which a Norwegian automotive official confirmed to Schmidt was caused by the UN's latest cyber regulation.
The rule also hit European carmakers, with Volkswagen subsidiary Porsche pulling its Macan combustion-engine model from the bloc's market for that very reason, Schmidt said.
While the EU is considering its own moves on Chinese tech in cars, its industries warned that the US measures could cause significant pain to Europe's powerful car sector.
Under the proposed US ban, European manufacturers could be forced to find new suppliers if they use targeted parts in vehicles they export to the US Several brands import cars from their Chinese production hubs, such as BMW’s Mini and iX3, meaning they could be hit by a European version of the regulation.
Automakers are also loath to anger Beijing, particularly German brands that depend on the Chinese market for the bulk of their revenue.
Car lobby ACEA didn't provide a specific comment on the expected impact.
European Commission spokesperson Thomas Regnier said the EU will “closely monitor” the US proposal and any “direct or indirect impact” it has. He added that Brussels will “intensify its exchanges” with Washington — after an earlier meeting at the end of July 2024.