Key Takeaways
- UK government investigating potential remote deactivation of 700 Chinese-made electric buses
- Probe follows similar investigations in Norway and Denmark
- Yutong, world’s largest bus manufacturer, denies any improper access
- Transport for London confirms no current Yutong buses in operation
The UK government has launched a security investigation into whether hundreds of Chinese-made electric buses on British roads could be remotely deactivated by their manufacturer. This marks the third European country to examine potential cybersecurity risks in Yutong buses after similar probes in Norway and Denmark.
Security Investigation Underway
Officials at the Department for Transport (DfT) are working with the National Cyber Security Centre (NCSC) to determine whether Yutong can access control systems of its UK vehicles for software updates and diagnostics. The investigation follows a Norwegian finding that Yutong buses could be “stopped or rendered inoperable” remotely.
A DfT spokesperson stated: “We are looking into the case and working closely with the UK’s National Cyber Security Centre to understand the technical basis for the actions taken by the Norwegian and Danish authorities.”
Yutong’s UK Presence and Response
Yutong has supplied approximately 700 electric buses to the UK and is seeking to expand into London’s market with a new double-decker model. However, Transport for London confirmed that none of its operators currently use Yutong buses, nor have any been ordered.
In a statement to The Sunday Times, Yutong defended its practices: “We strictly comply with the applicable laws, regulations and industry standards of the locations where its vehicles operate.” The company emphasized that data collection is limited to “vehicle-related maintenance, optimisation, and improvement” with encrypted, access-controlled data.
International Findings and Mitigations
Norwegian transport operator Ruter discovered that Yutong retained remote access to bus battery and power management systems, unlike comparable vehicles from Dutch manufacturer VDL. While the risk could be mitigated by removing SIM cards, Danish authorities decided against this approach as it would disconnect buses from essential systems.
Denmark’s largest public transport company, Movia, has launched a similar investigation but noted that remote access issues aren’t unique to Chinese manufacturers. Many electric vehicles from Western companies also allow remote software updates.
Broader Political Context
The investigation comes amid heightened scrutiny of China’s role in British infrastructure and technology. UK lawmakers have been debating whether Beijing should be classified as an “enemy” or “threat” as cybersecurity concerns grow.
