Yutong and Pelican respond to electric vehicle cybersecurity reports.

Pelican controls UK market software updates, which may only be obtained through in-person car visits.

Yutong and UK dealer Pelican Bus & Coach have replied to mainstream media concerns about cybersecurity, claiming that the builder may remotely deactivate or control the marque’s battery-electric coaches and buses.

The manufacturer acknowledges worries about vehicle safety and data privacy protection. Data created in Europe is retained in Germany for use in maintenance, optimisation, and improvement to meet customer aftersales service requirements.

“The data is protected by storage encryption and access control measures,” Yutong says. “No one is permitted to inappropriately access or read the data without written customer consent.

Yutong strictly adheres to the EU’s data protection rules and regulations. Ian Downie, Pelican’s Head of Yutong, said the Castleford dealership controls all software upgrades given to electric buses here.

He adds that they are only uploaded to vehicles after receiving written consent from the operator, and that under a protocol implemented by Pelican earlier in 2025, software updates can only be performed in-person with the vehicle. Over-the-air upgrades are not available for automobiles sold in the United Kingdom.

Mr Downie emphasises that all Yutong equipment provided to Europe are fully compliant with UN Regulation 155, which controls cybersecurity and cybersecurity management.

Furthermore, the vehicles comply with UN Regulation 156 on software updates and software update management systems, ISO 27001 on information security management systems, and ISO 27701 on privacy information management systems.

“These regulations establish unified standards for vehicle cybersecurity and cybersecurity management systems,” according to the company.

Mr Downie adds that Yutong vehicles supplied in European countries allow remote control for comfort-related demands such as on-board temperature pre-conditioning.

Operators can manage their fleets by logging in using private accounts. Furthermore, Yutong claims that its cars sent to Europe do not offer remote acceleration, steering, or braking.

“Yutong always prioritises vehicle data security and the protection of customer privacy and fulfils its commitments to cybersecurity management for vehicles and data protection with high standards,” it further states.

“Yutong strictly complies with the applicable laws, regulations and industry standards of the locations where its vehicles operate.”

The vehicle OEM has also confirmed that its electronic architecture is comparable to that used in many other battery-electric vehicles, and that all data is controlled by the operator rather than the manufacturer.

“Yutong cannot in any way make changes, update or reduce the speed of the bus without the owner itself being involved or doing so,” said Pelican in a statement.

“Vehicles comply with all UK and EU requirements for data security, having been thoroughly tested, and are monitored by European authorities in the same way as any other manufacturer’s products from Europe, the United States or Asia.”

The dealership further states that any operator of Yutong automobiles who is dissatisfied with over-the-air operation can detach the i-card reader or unhook the SIM card. That will isolate the vehicle and prevent it from receiving any data, with no effect on on-road performance.

“There is absolutely nothing for operators or stakeholders to be concerned about in these reports,” says Pelican Managing Director Richard Crump.

Read more on Straightwinfortoday.com