TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources CYBER RISK Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. EU Auto Rules Shift Gears on Cybersecurity Standards The European Union is taking new precautions as climate change and cybersecurity threats rise across the automotive industry. Arielle Waldman,Features Writer,Dark Reading March 6, 2026 5 Min Read SOURCE: HENRIK5000 VIA ISTOCK PHOTO If manufacturers want to sell new vehicles in Europe next year, they must not only adhere to updated emission standards, but for the first time, prioritize cybersecurity as well. The European Union's (EU) latest emissions standard, dubbed Euro 7, sets new and updated regulations for all gasoline, diesel, and electric vehicles as part of the Union's work toward achieving zero pollution. Deadline dates are swiftly approaching following publication in 2024; the EU will enforce Euro 7 in phases beginning this November. Among the array of emission and exhaust limit standards, air quality objectives, and environmental data requests sit a series of cybersecurity requirements. The measures focus on preventing tampering and protecting sensitive data as roads become saturated with electric-powered vehicles – some without a human behind the wheel. The EU urged manufacturers to "ensure the secure transmission of data related to emissions and battery durability" by taking cybersecurity measures. That includes obtaining security certificates on risk assessment, threat mitigation, and secure software development throughout the lifecycle. Related:PCI Council Says Threats to Payments Systems Are Speeding Up In Euro 7, regulators warned that the "tampering of vehicles to remove or deactivate parts of the pollution control systems is a well-known problem." Odometer tampering that can "lead to false mileage" and "hamper the proper in-service control of a vehicle" was another concern expressed in the 2024 document. Experts agree that cybersecurity provisions are fairly new to the EU's vehicle emission directives and reflect a landscape riddled with change. Both from an emerging technology and threat perspective. The Trouble with Tampering Cybersecurity's addition to Euro 7 could be related to "Dieselgate," a 2015 scandal where Volkswagen was charged with installing software to fake the results of emissions and fuel-efficiency testing. However, and more importantly, it's a continuation of improvements for emission standards in Europe, says Dr. Liz James, managing security consultant at NCC Group. Cybersecurity requirements were not explicit in past directives. Now, the objective of taking accurate measurements of emissions from a vehicle over a lifetime is itself under cyber threat, adds James. That begs the question, how can the regulators capture data and ensure it cannot be tampered with or modified? The EU needs a way to track and manage emissions more efficiently to reduce pollution, and that means trustable data is essential. Euro 7 builds the framework on how to hold the industry accountable, explains James. Related:Dark Patterns Undermine Security, One Click at a Time Data tampering was an ongoing concern, but now Euro7 ties it into UN Regulation No.555 around cybersecurity management systems, she adds. The regulation aims to set uniform provisions for vehicle approvals. Auto manufacturers must "demonstrate" that they conducted thorough risk and threat analyses to mitigate vulnerabilities and prevent unauthorized access to the vehicle or communication systems. "Compliance with these emissions standards means you have to explicitly show those threats have been managed," James adds. If regulators want to reduce emissions, one of their biggest potential opponents is the manufacturers themselves who are responsible for managing emissions, notes James. It all boils down to helping regulators ensure the accuracy of information despite so many car companies involved having incentives to manipulate and modify that data. "If you have a huge deviation between different manufacturers, now you have the ability to question, is that because they're actually producing more efficient systems or is something suspicious going on?" James says. What Happens if Threats Materialize? These days, vehicle systems are increasingly interconnected, advanced, and driven by software which inevitably contain vulnerabilities. If manufacturers do not mitigate vulnerabilities, threat actors can hack the car’s systems, warns Nikhil Gupta, professor at the department of mechanical and aerospace engineering at New York University. Related:Consumers Reluctant to Shop at Stores That Don't Take Security Seriously Hackers could breach the GPS to gain sensitive location information, and if financial information is saved in the system, data and financial theft could be a concern. Many of those services are running on subscriptions, Gupta warns. “Cybersecurity will be important there too," he says. The auto manufacturing platform is integrated as well, and the integration piece poses the biggest concern for people, explains Gupta. The software on one car model can be sourced from different vendors and integration processes may not always go smoothly. Plus, one piece of vulnerable software could hurt the rest of the supply chain. Automotive companies must also worry about car parts controlled by software. That means a hacker could manipulate brakes and make the hardware malfunction, warns Gupta. "How do you develop a trusted system?" he says. "That is the crux." Will the Industry Push Back? While cybersecurity measures are newer to EU emission regulations, experts agree they will not be too difficult to implement. Especially since cybersecurity requirements for software already exist. Companies will mainly be concerned about integration, reiterates Gupta. Different vendors will supply certain pieces and create cyber-secure systems for their own software, but now the car company must integrate all of those together, he adds. He notes integration is one area that may take additional time to implement. "The only concern is: Can we meet the timelines?" Gupta says. "But cyber is a concern for everyone, so I don't think there's a resistance from the industry." Manufacturers already face immense cyber threats on the factory floor, so cybersecurity is on their minds. Now, it's getting more formalized for the automation systems, adds Gupta. James agrees that certain aspects of Euro 7 shouldn't be difficult for companies to comply with because regulations don't "say how you need to mitigate it," but rather urges them to "manage risk appropriately." However, security requirements could be challenging for certain manufacturers who were not doing it prior to the Euro 7 publication. Implementation takes a level of maturity, says James. Manufacturers of heavy machinery and vehicles with large emissions may not be as prepared. "They're doing some of it already, it's just figuring out what is truly new," James says. "The reality is, we don't want to stop people from making things, but it's around incentivizing the right behaviors and encouraging a maturity process." Read more about: CISO Corner About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBER RISK Even Resilient Organizations Can Be Blind to AI Threats by Arielle Waldman MAY 01, 2025 CYBER RISK Max-Severity Commvault Bug Alarms Researchers by Jai Vijayan, Contributing Writer APR 24, 2025 CYBER RISK Zambia's Updated Cyber Laws Prompt Surveillance Warnings by Robert Lemos, Contributing Writer APR 23, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge CYBERSECURITY OPERATIONS Software Development Practices Help Enterprises Tackle Real-Life Risks MAR 5, 2026 CYBERSECURITY OPERATIONS Stranger Things Meets Cybersecurity: Lessons from the Hive Mind MAR 4, 2026 СLOUD SECURITY The Tug-of-War Over Firewall Backlogs in the AI-Driven Development Era MAR 2, 2026 CYBER RISK PCI Council Says Threats to Payments Systems Are Speeding Up FEB 25, 2026 Read More The Edge Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us N