China: Shanghai Municipal Communications Administration adopted 2025 Internet of Vehicles action plan including cybersecurity regulation

On 22 April 2025, the Shanghai Municipal Communications Administration adopted the “Shielding the Connected Car” 2025 Internet of Vehicles (IoV) action plan, establishing binding cybersecurity obligations for IoV enterprises operating in Shanghai. The plan requires enterprises to conduct security classification filings for platforms, network infrastructure, and systems, and to submit conformity assessments and risk evaluations within 30 working days following approval for systems classified as Level 3 or higher. The plan mandates regular vulnerability reporting, implementation of emergency response mechanisms, and conformity testing for vehicle software upgrades and onboard applications. Intelligent connected vehicle manufacturers must ensure that core components such as T-Boxes, gateways, and information interaction systems undergo security testing prior to market launch or major updates. Additionally, providers of autonomous driving solutions are required to perform security assessments before conducting public tests or commercial deployment of L3 or higher-level functions.