CONNECTED CAR TECH SERIES PART 4: Complex regulatory landscape threatens to restrict the market's development

Author: Waseem Haider

In the last three parts of our Connected Car Tech Series, we talked about the immense possibilities this space is offering to car manufacturers, network operators and other stakeholders. This obviously creates an impression of the grass as all green which is not the case. Connected cars have a number of challenges.

One significant roadblock facing the connected car industry relates to regulations and standards. The need for regulations governing in-vehicle data and other connected car resources is one of the most pressing issues affecting connected car stakeholders. This is partially because regulations were meant to deal with basic connectivity, e.g. emergency calling, and partially because of the expansion of the connected car ecosystem. Current regulations do not sufficiently address the challenges posed by increased connectivity and the role of different stakeholders.

Though there are multiple areas which are affected by lack of standardisation and proper regulations in the connected car ecosystem, there are two significant areas which stand-out due to their impact on both the end-consumers and service providers: data protection and privacy, and cybersecurity.

Data Protection and Privacy

One of the biggest challenges faced by the connected car ecosystem is the protection of consumer data. Even though regulatory authorities have made some significant policy changes around connected cars, data access and privacy regulations have yet to be tackled adequately. For example, the EU updated its Motor Vehicle Type Approval Regulation in 2019, but the increasing vehicle connectivity is still a topic of discussion.

One major data protection law from the EU is the General Data Protection Regulation, or GDPR. There is a lot of uncertainty between the EU and US since the introduction of GDPR. Meanwhile, numerous regional efforts around data protection have emerged, inspired by the GDPR. One such regulation is the California Consumer Privacy Act (CCPA). The CCPA directly addresses car manufacturers and automotive suppliers globally on their telematics data capture, and influences cloud service providers’ data privacy practices.

The amount of data generated not only within the car but also outside of the car, certainly poses a threat to the protection of personal data and raises serious privacy issues. According to some estimates, almost 25 gigabytes of data is produced per hour from a connected car. Most of this is driver’s personal data and that of passengers. Moreover, suddenly the data generated by connected cars have attracted the interests of multiple stakeholders – enforcement and government authorities, car insurance companies, car manufacturers and other third parties.

Primarily, connected cars are generating data from three different categories of functionalities: Telematics, V2X and Infotainment (see Figure 1 below).
Figure 1: Main Data Sources in Connected Cars
conncar4 fig1
Source: ENISA
The functions shown in the graphic enhance the customer experience for car owners and some of them are essential for safety and emergency services. However, the amount of personal data which the connected car systems are generating becomes a cause of worry for the protection of the data and privacy of individual car owners and/or related parties. Note that we are not talking about the fully autonomous vehicles of the future, which will generate and gather even larger amounts of data than today’s connected cars.

Hence, the question arises how to adopt data protection and privacy standards today which will stand the test of time. While there is some progress in creating standards and regulations surrounding connected cars, for instance the new Motor Vehicle Type Approval Regulation, EU GDPR, and CCPA, many issues have not been addressed comprehensively or consistently enough to support growth of this new market.


Another big challenge for the connected car ecosystem is the now-increased vulnerability of cyberattacks and hacking threats. The transformation of the automotive industry into one offering digital mobility products and services has given rise to importance of cybersecurity in the connected car ecosystem (see figure 2 below). Though the digital features in connected cars are adding great customer value, they are also exposing connected cars to multiple touchpoints for possible cyberattacks. As connected cars have more and more in-vehicle software units, hackers have access to electronic systems and data, posing potential threats to critical safety functions and data privacy.
Figure 2: Cyberattack scenarios in connected cars
conncar4 fig2
Source: Frost & Sullivan
In the past few years there have been multiple instances of cyberattacks on connected cars, where hackers have taken full control of the vehicles. The major challenge is lack of clear regulatory guidelines and standards for the connected car ecosystem. As such, the cybersecurity problem is related to data protection and privacy. Cybersecurity and data protection/privacy are two sides of the same coin: cybersecurity presents the outside-in scenario and data protection is the inside-out scenario.

One important point to highlight here is that regulators are having a tough time formulating such laws. Part of the challenge is the involvement of multiple stakeholders in the connected car ecosystem. This influences current supplier contracts with OEMs and other third-party relationships for software development, testing and managing over-the-air (OTA) updates.

Regulators face a difficult situation in adoption of standards across the entire automotive value-chain. For the last few years, however, regulators have been working on a cybersecurity framework for the automotive industry that will cover the entire value-chain. This year, the United Nations Economic Commission for Europe (UNECE) passed a law called the Vehicle Cyber-Security Management System (CSMS), to be implemented by automotive manufacturers. The law will make cybersecurity an integral part of the entire connected car ecosystem and OEMs need to implement a certified CSMS across the entire lifecycle of any given connected vehicle in near future.

Next Up: Data ownership

Among the many regulatory issues in the connected car ecosystem is, who owns the data generated by connected car ecosystem. In the next part of this series, we will take a deeper look at ownership of data in the connected car space.
MTN Consulting: Company news

Recently published reports

In August, MTN Consulting published two major reports - a competitive assessment of the data center chips market, and an update to its annual network spending forecast. Below is information on how to access these reports, along with brief snippets:
  • Network operator capex to hit $591B in 2025 (August 23): "The 12/20 forecast called for total capex to climb from $425B in 2020 to $520B in 2025. The new forecast starts from a higher baseline, $457B in 2020, and grows to $591B in 2025. Webscale capex is slightly more important, accounting for 42% of 2025 capex from 39% in 2025 under the last forecast."
  • Competitive Intelligence Briefing: Data Center Chips (August 12): "...One of the key reasons for [webscalers'] backward integration and start-ups disrupting the server CPU market is ARM. This pure play “design house” licenses its design architecture to both chip and tech companies for further customization and development, and it is gaining unprecedented traction in the data center space..."
For September, we are working on three network spending profiles (China Telecom, Swisscom, and Telkom Indonesia), and three quarterly trackers (telco network infrastructure vendor share, telecom operator review, and webscale operator review).

New website

MTN Consulting's website has been undergoing a facelift over the last few months. The new site, and a domain change (to, will be revealed shortly.

    To see our most recently published reports, click here
    For information on subscribing to our research services, click here

    You are receiving this because you are signed up to receive MTN Consulting's latest blogs and research alerts. We hope you enjoy our content, but you can unsubscribe at any time with the link at the bottom of this email - or by replying with "unsubscribe".