Last week, a significant controversy erupted in China. According to a report by the state-run China Media Group news agency, BYD owners who performed OTA software updates discovered that their vehicles had undergone what drivers described as a “battery lock.” The result: while BYD marketed the vehicles as capable of traveling 500 kilometers according to the European WLTP standard, after the update some owners reported an actual driving range closer to 300 kilometers. In effect, a remote software update had materially reduced the vehicles’ capabilities.

OTA updates, short for Over The Air, allow automakers to remotely update vehicle software. Modern car owners are already familiar with the process: drivers receive a notification on the vehicle’s screen, much like on a smartphone, informing them of a pending system update. The owner approves the installation, and in some cases approval is not even required, and after a few hours the vehicle’s software changes. Menus may be reorganized, cybersecurity systems upgraded, or driving functions adjusted. These changes are generally limited to software and cannot repair physical faults such as a broken air-conditioning vent or steering-wheel alignment. But in the world of electric propulsion, whether in plug-in hybrids or fully electric vehicles, software control is extremely powerful.

The fact that OTA updates can directly affect a vehicle’s electric driving range is especially significant. In a gasoline-powered vehicle, range is determined by the size of the fuel tank, which cannot be changed remotely. In contrast, battery charging limits and energy-management systems can be altered through software updates delivered over the air.

Remote software updates and the possibility that vehicles may transmit sensitive data are not new concerns. The IDF already acknowledged last year that electric vehicles could potentially transmit information to hostile actors. A class-action lawsuit recently filed against BYD and Israeli importer Shlomo Motors alleges that BYD vehicles collect driver data and transfer it abroad without properly informing customers, as required under Israeli law.

More broadly, it is difficult to ignore the fact that Israel’s regulatory approach to automotive cybersecurity remains limited. When it comes to cybersecurity, vehicle security, and oversight of OTA updates, Israel relies heavily on European standards. In Europe, the well-known “Euro” regulations traditionally focused on emissions and environmental requirements. However, the upcoming Euro 7 standard, set to take effect this November, will for the first time also include cybersecurity provisions.

The problem is that Europe’s cybersecurity requirements were designed primarily to prevent emissions-related manipulation, not terrorism or espionage. The main cyber provisions under Euro 7 focus on preventing hacking intended to increase engine power at the expense of emissions compliance, disabling pollution-monitoring sensors, erasing fault codes through diagnostic ports, or blocking software used to verify compliance with environmental standards. These rules may be suitable for protecting air quality, but they are far less relevant for consumers worried that a manufacturer could remotely reduce their vehicle’s range, or that hostile actors could use a vehicle’s cameras and systems to collect sensitive information and transmit it abroad.

Israel is now becoming more directly involved in the issue. In September 2025, the government published a memorandum for amendments to the Automotive Services and Professions Licensing Law dealing specifically with vehicle cybersecurity and defining who would be responsible for oversight.

According to the memorandum: “Since the law came into force, the issue of cyber in vehicles has become increasingly significant, both due to the growing use of computers and digital systems in vehicles, and due to the increase in cyberattacks in this space. In response to these developments, it is proposed to authorize the Minister of Transportation to determine cybersecurity requirements and directives that will apply to license holders under the law.”

In other words, the Minister of Transportation would ultimately determine what is permitted and prohibited in the world of connected vehicles. What exactly those rules will include remains unclear, but they are expected to define what manufacturers may change through OTA updates, what information vehicles are allowed to collect and transmit, what systems manufacturers may remotely disable, including heating functions or driving range, and what role Israeli security authorities will play in supervising such technologies.

The issue carries major implications for Israel’s automotive market. Israel is a country where Chinese electric vehicles are prohibited from entering military bases, yet at the same time many large high-tech companies, including some that work with the defense establishment, provide employees with Chinese-made electric vehicles as company cars.

Strict cybersecurity regulations could therefore create a significant commercial barrier. Car importers rarely address the issue publicly and generally continue to project business as usual, but occasional references appear in official disclosures. In its 2025 financial reports, Carasso Motors, the importer of Chery vehicles, warned that the proposed automotive cybersecurity legislation “could harm the company’s operations and business results.”

Over recent months, representatives of Chinese automakers have reportedly held discussions with Israeli government officials and the Ministry of Transportation regarding the issue. Some proposals even included shipping certain vehicle components separately and installing them in Israel under local supervision. So far, however, no such initiative has advanced.

The Ministry of Transportation stated: “The bill authorizing the director in matters related to cybersecurity was published in government bills in December 2025 and submitted to the Knesset Secretariat for first reading and continuation of the legislative process, which has not yet advanced in the Knesset.

“At the same time, the Ministry of Transportation is already working on formulating a package of professional guidelines for relevant entities in the market, while examining the implications for the economy and for vehicle owners, with the goal of establishing appropriate mechanisms and improving protection against cyberattacks in the Israeli automotive market. Once these processes are completed, the ministry will distribute the guidelines through channels that will be determined.”