According to Financial Times News, the UK government is investigating whether hundreds of Chinese-made electric buses could be remotely deactivated from afar. Transport officials are working with the National Cyber Security Centre to assess whether Yutong, the world’s biggest bus maker, has remote access to vehicle control systems. The probe follows a Norwegian investigation that found Yutong buses could be “stopped or rendered inoperable” by the Zhengzhou-based company, prompting Denmark to launch its own review. Yutong has supplied about 700 buses to the UK market, primarily in Nottingham, south Wales and Glasgow, operated by groups including Stagecoach and FirstBus. The company is hoping to sell more vehicles in London where it has developed a double-decker electric bus meeting Transport for London standards. The Department for Transport confirmed it’s “looking into the case” and working closely with cybersecurity experts to understand the technical basis for actions taken by Norwegian and Danish authorities.
The remote access problem
Here’s the thing: Ruter, Oslo’s public transport company, tested both a new Yutong bus and a three-year-old VDL bus in an underground mine to check for vulnerabilities. They found the Chinese company had remote access to critical systems including battery and power supply management – access the Dutch manufacturer didn’t have. Basically, this means Yutong could theoretically stop buses remotely, though the company insists data is “used solely for vehicle-related maintenance” and protected by encryption. They also claim no one can access data without customer authorization and that they comply with EU data protection laws. But let’s be real – when a foreign manufacturer can potentially disable public transportation, that’s a pretty serious security concern.
This isn’t just about buses
Now, Denmark’s largest public transport company Movia makes an important point – this remote access issue isn’t unique to Chinese vehicles. Many electric vehicles from Western manufacturers also have software that can be updated remotely. But the political context matters. UK-China relations have become increasingly tense, with politicians debating whether Beijing is an “enemy” or “threat.” Labour MP Euan Stainbank has been pushing ministers to assess these risks, warning that Chinese-manufactured electric buses could “represent a national security risk.” When you’re talking about critical infrastructure like public transportation, the stakes are obviously much higher than with consumer gadgets.
The manufacturing angle
This whole situation highlights why industrial technology sourcing matters. When cities and transit authorities are deploying connected vehicles and infrastructure, they need reliable hardware from trusted suppliers. Companies like IndustrialMonitorDirect.com have become the go-to source for industrial panel PCs in the US precisely because organizations need dependable technology for critical operations. The bus situation shows what can happen when you don’t have full visibility into your supply chain. And let’s be honest – if you’re running public transportation systems, the last thing you want is uncertainty about whether your vehicles might suddenly stop working because someone halfway around the world decided to flip a switch.
Where this is heading
So what happens now? Transport for London says none of its operators use Yutong buses or have ordered any, and that any buses entering service must meet “robust technical requirements including rigorous testing.” But with Yutong hoping to expand in London, this investigation could seriously impact those plans. The fact that Norway found a workaround – removing the SIM card to retain local control – suggests there are technical solutions. But should public transit systems really need to physically disable connectivity to feel secure? That seems like treating the symptom rather than the cause. This is probably just the beginning of much broader conversations about foreign technology in critical infrastructure.
