

Amid growing concerns over security vulnerabilities in applications used to manage electric vehicle (EV) batteries, the government has asked the automobile industry and related stakeholders, including testing agencies, to strengthen cybersecurity measures across the EV ecosystem.
Sources aware of the development told TNIE that, in a written communication to the industry, the government has outlined three immediate action points - maintaining heightened vigilance, collaborating on secure vehicle design, and accelerating the adoption of AIS-189 and AIS-190—India's automotive cybersecurity and software update standards.
The government has asked industry bodies such as the Society of Indian Automobile Manufacturers (SIAM) to advise original equipment manufacturers (OEMs) to audit their battery communication interfaces and eliminate unsecured default settings, weak authentication mechanisms and unprotected over-the-air (OTA) update pathways, sources said.
To strengthen vehicle design, the industry has been asked to work with the Ministry of Road Transport and Highways (MoRTH), the Ministry of Electronics and Information Technology (MeitY) and other stakeholders to embed cybersecurity safeguards at the design stage, enabling more resilient cyber safety protocols from the factory level.
The communication also urges the industry to prepare for the implementation of AIS-189 and AIS-190 by putting in place Cyber Security Management Systems (CSMS) and Software Update Management Systems (SUMS). This includes securing OTA software updates, strengthening user authentication and validating software integrity ahead of the new certification requirements.
According to officials, the government's move reflects a broader effort to embed cybersecurity into India's automotive safety framework rather than treating it as a response to a single incident.
Last week, MeitY issued notices to Google and Apple directing them to remove seven battery management applications from their Android and iOS app stores following concerns that the apps could be misused to remotely disable batteries in e-rickshaws and other electric vehicles. The action followed reports and viral videos showing e-rickshaws being remotely shut down, prompting the Centre to crack down on battery management apps that could facilitate unauthorised interference with EV operations. Officials said any application found enabling such remote disruption would face similar action.
The government has flagged that low-cost lithium battery packs deployed with default factory settings, weak passwords or no Bluetooth authentication could pose a significant security risk. Under such conditions, a person standing within 10-15 metres of a vehicle could potentially connect to the battery management system through an app and disable the battery's "discharge" function, rendering the vehicle inoperable.