UK Scrutinizes Yutong Electric Buses Over Remote-Access Risks

The UK government has opened a security review into Yutong electric buses after tests in Norway and Denmark suggested the vehicles may allow remote access to critical onboard systems. The findings raise concerns about digital control, software dependencies, and the cybersecurity posture of imported transport infrastructure.

Why the Review Started

Officials began investigating after Scandinavian transport agencies tested Yutong buses and detected remote-access capabilities tied to diagnostics and firmware management. These findings indicated that the manufacturer could, in theory, interact with core systems while the buses operated within European fleets. Because hundreds of Yutong buses run across UK regions, the discovery prompted immediate government attention.

Key Cybersecurity Risks

The most significant concern involves the buses’ connectivity. Each vehicle communicates through SIM-based links that allow software updates, performance monitoring, and operational data transfers. This connectivity creates a potential attack surface if security controls are weak or if remote permissions extend beyond basic diagnostics.

Furthermore, investigators question how much authority the manufacturer retains once the buses enter service. If the command structure is not transparent, fleet operators may lack full control over critical functions. Denmark and Norway both identified the same issue, showing that the risk is systemic rather than isolated.

Manufacturer’s Response

Yutong has rejected claims that it can deactivate propulsion, braking, or steering systems remotely. The company says all sensitive components remain isolated from remote interfaces and that remote access covers diagnostics only. Yutong also states that it stores operational data within the EU and uses secured channels for every maintenance-related connection.

Impact on UK Transport Strategy

The UK must now evaluate how software-dependent vehicles fit into broader infrastructure plans. As more fleets rely on digital platforms, the country faces pressure to ensure that foreign-manufactured systems do not introduce vulnerabilities. This review may influence procurement guidelines, cybersecurity standards, and long-term requirements for connected public-transport vehicles.

Conclusion

The concerns surrounding Yutong electric buses highlight how modern transport technology brings both efficiency and new security risks. The UK’s investigation underscores the need for transparent control, secure software architecture, and strict cybersecurity oversight. As electric fleets expand, governments must guarantee that operational autonomy remains fully within national borders.