Danish authorities have launched an urgent investigation into potential security vulnerabilities in hundreds of Chinese-made electric buses after it was discovered that the vehicles’ control systems could be accessed remotely by their manufacturer.
The probe follows similar findings in Norway, where transport officials determined that the Chinese supplier, Yutong, had remote access for software updates and diagnostics — a feature that could theoretically allow buses to be deactivated while in transit. Norwegian transport authority Ruter conducted isolated tests confirming the risk, prompting national discussions on stricter security standards for future electric bus purchases.
In Denmark, public transport operator Movia confirmed that 469 Chinese-made electric buses, including 262 manufactured by Yutong, are currently in service. Movia officials said the issue reflects broader cybersecurity risks affecting all connected vehicles, not just those made in China.
The Danish Agency for Civil Protection (Samsik) said there is no evidence of any buses being deactivated but acknowledged that internet-connected systems — including GPS, cameras, and microphones — could pose vulnerabilities. Authorities are now reviewing whether updated national security guidelines are needed to mitigate risks linked to foreign-made smart technologies.
Yutong stated that it complies with EU data protection laws, storing all European vehicle data in encrypted form at an AWS data center in Frankfurt. However, security analysts and political figures in Denmark warn that reliance on Chinese technology could threaten national resilience amid growing global cybersecurity concerns.