The automotive sector will face urgency to strengthen its cybersecurity systems as new regulations under AIS 189 and AIS 190 move closer to implementation by 2027.
The norms require vehicle manufacturers to establish end-to-end cybersecurity frameworks, including real-time monitoring and secure software update systems.
With India’s connected vehicle market growing at an estimated 25-30 per cent annually, industry projections suggest that over 50 million connected vehicles could be on the road by 2030.
The rapid growth will increase the potential cyber risk. However, experts point out that building this infrastructure is time-intensive.
Vikash Chaudhary, CEO of HackersEra, said cybersecurity systems for the automotive industry require deep integration with vehicle architecture, manufacturing processes and software ecosystems, and it cannot be deployed overnight.
AIS 189 and AIS 190 are India’s regulatory frameworks for automotive cybersecurity management and software updates, aligned with global standards, he said.
Once enforced, OEMs (original equipment manufacturers) will need to demonstrate cybersecurity governance across the entire vehicle lifecycle, including continuous monitoring of vehicles in operation, he added.
Core to this requirement are Public Key Infrastructure (PKI) and Key Management Systems (KMS), which enable secure certificate provisioning, trusted communication and safe over-the-air software updates. Without these systems, manufacturers may struggle to ensure software integrity and vehicle security.
In parallel, Vehicle Security Operations Centres are becoming critical for real-time monitoring. These centres analyse vehicle data continuously to detect anomalies, cyber threats, and potential intrusions across deployed fleets.
HackersEra offers platforms covering PKI, KMS, VSOC, and in-vehicle network security. These systems monitor communication within vehicle networks, which were originally designed without built-in security layers, making them vulnerable to malicious activity.
Manufacturers that align with AIS standards now will also be better positioned to meet international regulatory requirements in markets such as Europe and Japan.
“Full implementation of cybersecurity infrastructure can take 12 to 18 months,” Chaudhary said. “OEMs that begin early are more likely to meet compliance timelines, while delays could create operational and regulatory challenges.”
The automotive cybersecurity market in India is projected to approach ₹5,000 crore over the next five years, spanning compliance systems, monitoring platforms, and embedded vehicle security technologies.