UK Probes Chinese-Made Yutong Buses Over Possible Remote Control Risks
British transport and cyber-security authorities examine whether Chinese-built electric buses could be accessed or disabled remotely by their manufacturer
The United Kingdom’s Department for Transport, together with the National Cyber Security Centre, has begun an investigation into whether electric buses manufactured by China’s Yutong Group may be remotely accessed or deactivated by the company.
The inquiry follows findings from authorities in Norway and Denmark suggesting that Yutong vehicles could, in theory, be stopped or rendered inoperable via remote software connections.
Norway’s public transport operator Ruter reported that tests on Yutong buses revealed the presence of over-the-air software update functions and access to critical systems through a mobile network connection using a foreign SIM card.
The investigation concluded that such connectivity could, under certain circumstances, allow the manufacturer to halt a vehicle’s operation.
Although no evidence has surfaced that Yutong attempted to manipulate the buses, the discovery prompted similar reviews in Denmark.
Yutong, one of the world’s largest bus manufacturers, has exported more than 100,000 vehicles to over 100 countries and holds a significant share of the UK’s electric bus market.
Its models are currently in service in Bristol, Leicester, Nottingham, South Wales, and South Yorkshire.
The Department for Transport said it is taking the matter seriously and working closely with national intelligence and cyber experts to assess potential security risks.
Yutong stated that it fully complies with all applicable laws and data protection standards, emphasising that remote connectivity features are designed solely for diagnostic and maintenance purposes.
The company said vehicle data is encrypted and access is restricted to authorised personnel.
The probe reflects broader concerns across Europe about technological dependence on Chinese suppliers in critical infrastructure.
Officials said that while no malicious interference has been detected, the findings highlight the need for stronger cybersecurity safeguards, stricter procurement requirements, and more transparent software oversight for public transport systems.
Results from the UK investigation are expected to guide future policy on connected-vehicle security and supplier risk management.
The inquiry follows findings from authorities in Norway and Denmark suggesting that Yutong vehicles could, in theory, be stopped or rendered inoperable via remote software connections.
Norway’s public transport operator Ruter reported that tests on Yutong buses revealed the presence of over-the-air software update functions and access to critical systems through a mobile network connection using a foreign SIM card.
The investigation concluded that such connectivity could, under certain circumstances, allow the manufacturer to halt a vehicle’s operation.
Although no evidence has surfaced that Yutong attempted to manipulate the buses, the discovery prompted similar reviews in Denmark.
Yutong, one of the world’s largest bus manufacturers, has exported more than 100,000 vehicles to over 100 countries and holds a significant share of the UK’s electric bus market.
Its models are currently in service in Bristol, Leicester, Nottingham, South Wales, and South Yorkshire.
The Department for Transport said it is taking the matter seriously and working closely with national intelligence and cyber experts to assess potential security risks.
Yutong stated that it fully complies with all applicable laws and data protection standards, emphasising that remote connectivity features are designed solely for diagnostic and maintenance purposes.
The company said vehicle data is encrypted and access is restricted to authorised personnel.
The probe reflects broader concerns across Europe about technological dependence on Chinese suppliers in critical infrastructure.
Officials said that while no malicious interference has been detected, the findings highlight the need for stronger cybersecurity safeguards, stricter procurement requirements, and more transparent software oversight for public transport systems.
Results from the UK investigation are expected to guide future policy on connected-vehicle security and supplier risk management.
