Navigating AIS-189 and AIS-190: The New Era of Cybersecurity in Connected Vehicles
- ganesh336
- 2 days ago
- 4 min read
The automotive world is changing fast. Cars today are no longer just machines; they are complex computers on wheels. With features like Over-the-Air (OTA) updates, vehicle-to-everything (V2X) communication, and connected mobile apps, vehicles face new cybersecurity risks. To address these, India introduced AIS-189 and AIS-190 regulations, aligning with global standards UNECE UN R155 and UN R156. These rules require manufacturers to build cybersecurity into every stage of a vehicle’s life. This post explains what AIS-189 and AIS-190 mean for the automotive industry and how companies can meet these new demands.

What AIS-189 Means for Vehicle Cybersecurity
AIS-189 is India’s framework for automotive cybersecurity. It sets rules for creating a Cybersecurity Management System (CSMS) that covers the entire vehicle lifecycle—from design to production and beyond. Instead of focusing on just one electronic control unit (ECU) or software part, AIS-189 requires a broad, systematic approach.
Key elements of AIS-189 include:
Cybersecurity Management System (CSMS)
A formal system to manage cybersecurity risks across the organization.
Secure Product Development Lifecycle
Integrating security checks and controls during design, development, and testing.
Threat Identification and Risk Assessment
Continuously finding and evaluating potential cyber threats.
Security Validation and Vulnerability Management
Testing security measures and fixing vulnerabilities promptly.
Incident Monitoring
Detecting and responding to cybersecurity incidents in real time.
Supplier Cybersecurity Management
Ensuring suppliers follow cybersecurity standards.
Continuous Improvement
Regularly updating cybersecurity practices based on new threats and lessons learned.
For original equipment manufacturers (OEMs) and Tier-1 suppliers, AIS-189 means cybersecurity is no longer just a technical issue. It becomes a company-wide responsibility involving engineering, quality assurance, and supply chain management.
Understanding AIS-190 and Secure Software Updates
AIS-190 complements AIS-189 by focusing on secure software update management. Modern vehicles receive software updates remotely through OTA systems, which can introduce risks if not properly secured. AIS-190 requires:
Secure Update Mechanisms
Ensuring updates are authenticated and encrypted to prevent tampering.
Update Traceability
Keeping records of all software updates for accountability.
Rollback Protection
Preventing installation of outdated or vulnerable software versions.
Update Testing and Validation
Verifying updates do not introduce new vulnerabilities or affect vehicle safety.
By enforcing these rules, AIS-190 helps maintain vehicle security throughout its operational life, even after it leaves the factory.
How AIS-189 and AIS-190 Align with Global Standards
India’s AIS-189 and AIS-190 are closely aligned with UNECE regulations UN R155 and UN R156, which many countries follow. This alignment helps Indian manufacturers compete globally by meeting international cybersecurity expectations.
For example, UN R155 requires a CSMS similar to AIS-189, while UN R156 covers secure software updates like AIS-190. Together, these regulations push the industry toward a consistent global approach to vehicle cybersecurity.
Practical Steps for OEMs and Suppliers to Comply
Meeting AIS-189 and AIS-190 requires a clear plan and strong collaboration across teams. Here are practical steps companies can take:
Build a Cybersecurity Management System
Define policies, roles, and processes to manage cybersecurity risks.
Train Teams on Cybersecurity Best Practices
Ensure engineers, quality staff, and suppliers understand their roles.
Integrate Security into Product Development
Use threat modeling, secure coding, and regular security testing.
Establish Vulnerability Handling Procedures
Set up ways to receive, assess, and fix security issues quickly.
Implement Secure OTA Update Systems
Use encryption, authentication, and logging for software updates.
Monitor Vehicles Post-Production
Track cybersecurity incidents and respond promptly.
Work Closely with Suppliers
Verify that suppliers follow cybersecurity requirements and share information.
Challenges and Opportunities in Building Cyber-Resilient Vehicles
Implementing AIS-189 and AIS-190 is not without challenges. Manufacturers must balance security with cost, time-to-market, and user experience. Some common challenges include:
Complex Supply Chains
Coordinating cybersecurity across multiple suppliers.
Rapid Technology Changes
Keeping up with new threats and software updates.
Resource Constraints
Allocating skilled cybersecurity personnel and budgets.
Despite these challenges, the regulations offer opportunities to improve vehicle safety and customer trust. Cyber-resilient vehicles can reduce risks of hacking, protect user data, and support new connected services securely.
The Role of Technology Partners like Cyphera by Ettiksoft
Technology solutions can help OEMs and suppliers meet AIS-189 and AIS-190 requirements efficiently. For example, Cyphera by Ettiksoft offers cybersecurity platforms tailored for connected vehicles. These platforms provide:
End-to-end cybersecurity management tools
Automated threat detection and response
Secure software update frameworks
Supplier risk management features
By using such tools, companies can build stronger cybersecurity programs and simplify compliance with regulations.
Looking Ahead: The Future of Automotive Cybersecurity in India
As connected vehicles become more common, cybersecurity will remain a top priority. AIS-189 and AIS-190 mark a significant step toward safer, more secure vehicles in India. Manufacturers who embrace these rules early will gain a competitive edge and build trust with customers.
The journey does not end with compliance. Continuous improvement, innovation, and collaboration will be key to staying ahead of evolving cyber threats.
Building cyber-resilient vehicles requires more than technical fixes. It demands a culture of security, clear processes, and strong partnerships. AIS-189 and AIS-190 set the foundation for this new era in automotive cybersecurity. OEMs and suppliers who act now will shape the future of connected vehicles in India and beyond.


Comments