The "Connected Vehicles Final Rule" tightens market access to the U.S. and presents the automotive industry with tricky compliance issues. Legal experts Daniel Wuhrmann, Equity Partner, and Dr. Volker Hartmann, Of Counsel, both at reuschlaw, explain what is important now.
The "Connected Vehicles Final Rule" presents challenges for automakers and suppliers.
(Image: Dall-E / AI-generated)
With the "Final Rule" adopted in March 2025, the U.S. government drastically restricts market access for connected vehicles and components related to China or Russia. This has far-reaching consequences for the globally interconnected automotive industry, particularly for German manufacturers and suppliers.
In the interview, legal experts Daniel Wuhrmann, Equity Partner, and Dr. Volker Hartmann, Of Counsel, from reuschlaw, explain the specific risks involved, the leeway for exceptions, and how companies must now respond to safeguard their U.S. operations.
In summary: What exactly do the regulations enacted by the U.S. government state?
The regulations enforced by the US Department of Commerce in March 2025, often referred to simply as the "Connected Vehicles Final Rule" (15 C.F.R. § 791.300 et seq.), lead to strict market access restrictions for vehicles and vehicle components in the context of connected and automated driving if these technologies relate to the People's Republic of China or Russia. The Final Rule affects the entire globally connected automotive industry, including German manufacturers and suppliers at various levels of the value chain.
The background is that they must ensure comprehensive supply chain compliance if vehicles or components covered by the regulation are to be imported into or sold in the U.S. This applies from the 2027 model year for software and from the 2030 model year for hardware.
What legal risks do these regulations pose for German car manufacturers and suppliers?
The legal risks are partly that market participants face the loss of market access or a sales ban, which, due to the economic significance, certainly represents the overarching sword of Damocles. Furthermore, the law provides for civil and criminal sanctions.
Furthermore, the Final Rule currently only applies to passenger vehicles weighing less than 10,001 pounds - as the responsible authority has already announced, work is underway for a regulation for commercial vehicles to follow shortly. The approach of the US government could prospectively also affect other sectors and industries where connected products pose a similar risk potential. This would correspond to the "America First Trade Policy" of the Trump-II administration.
To what extent can German manufacturers legally challenge the regulation or apply for exemptions?
The law generally stipulates that otherwise prohibited transactions may be conducted if general and/or specific exceptions have been approved for this purpose. Such exceptions must be applied for separately and strict requirements apply in the respective procedures. Additionally, the responsible authority can impose additional conditions. Furthermore, German manufacturers can file legal remedies against relevant official decisions and make inquiries regarding the applicability of the law. Otherwise, proceeding for individual companies is likely to be difficult. An effective approach could be a coordinated substantive positioning through the EU Commission.
How should existing supply contracts with Chinese suppliers be adjusted to meet the new U.S. requirements?
Affected companies have a series of to-dos:
In the first step, they must ensure clarity and transparency in the respective supply chains. The Final Rule references the due diligence obligations of manufacturers or importers at several points concerning the appropriate documentation regarding relevant parts and components - companies must therefore create so-called Software Bill of Materials and Hardware Bill of Materials.
If affected market participants determine in this way whether a component could fall under the Final Rule, they must conduct legal assessments based on this as a second step.
Thirdly, within the framework of compliance management, they must then weigh whether to apply for exemptions or whether specific supply relationships need to be adjusted, and how compliance can be documented and proven in a legally secure manner in individual cases.
What legal measures can companies take to protect themselves against sudden regulatory changes in the U.S.?
To mitigate these risks, companies should take the following measures:
First, they must adjust their compliance resources and processes accordingly.
Second, they must implement appropriate contractual safeguards in the supply chains.
Third, it is crucial that they legally reconsider and realign strategic R&D collaborations, joint ventures, and other partnerships, especially in the area of Software Defined Vehicles, so that the new compliance requirements are already taken into account in vehicle platform strategies and fundamental technical architectures.
How can German car manufacturers and suppliers prove that their vehicles comply with the new U.S. requirements? Are there certification bodies or testing procedures?
The Final Rule prescribes three dimensions for compliance: (1) declarations of conformity must be issued, (2) record-keeping obligations apply, and (3) due diligence requirements in the supply chain, which corresponds to the aforementioned supply chain compliance.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
Independent third parties can be involved in the conformity assessment; however, this is generally not mandatory. If a third party is engaged, manufacturers must disclose this and the party must meet certain minimum requirements under U.S. law.
Is it possible to have European cybersecurity standards (e.g., UNECE Regulation 155) recognized as equivalent to U.S. requirements?
Fundamentally, this is not the case, nor does the Final Rule in its regulatory part incorporate corresponding standards. However, the justification of the law does address the issue. It also mentions that the authority was advised in several comments within the framework of the standard-setting process, particularly by automotive industry associations, to please consider already existing regulations and standards. Notable among these are the UNECE regulations 155 and 156 on cybersecurity and software update management, as well as standards and frameworks like ISO/SAE 21434, ISO 26262, and others.
However, the authority believes that these norms and standards are insufficient and do not specifically serve the goal of the Final Rule, which is to mitigate the national security risk posed by the supply chain for connected vehicle technology when it has links to China or Russia.
However, it is acknowledged that some of these standards and frameworks can be used supportively to implement the process of complying with the regulations. Particularly when processing specific exemptions, the existing cybersecurity measures of the applicant company can be taken into account, which means that UNECE regulations 155 and 156 once again gain central importance, especially for German and European companies.
Are there instances where similar bans have been relaxed or lifted, and could manufacturers refer to these cases?
That would be conceivable. However, we currently see a contrary trend specifically for the Connected Vehicles Final Rule: the American approach is to be viewed in a larger geostrategic context of tech decoupling, particularly from China. China is to be kept away from certain technologies or from market entry in certain sectors identified as sensitive in the national security interest in the USA. Additionally, there is the risk that China will respond with countermeasures and the EU will have to choose between the two "blocks."
Product regulation thus intersects with security and geopolitics. In extreme cases, this can mean that Chinese technology is entirely "removed" from affected products. Especially in the globally connected automotive sector, this could ultimately lead manufacturers to increasingly think and develop in regional platforms. In other words: "US for US," "EU for EU," and "China for China." A digital, connected "world car" will thus become practically impossible.
(sb)
*Daniel Wuhrmann is an Equity Partner at reuschlaw, Dr. Volker Hartmann is Of Counsel at reuschlaw.
:quality(80)/p7i.vogel.de/wcms/da/58/da58c363e5354da35941bd4b2fe56b5b/0128273113v1.jpeg "The Hirth serration of the TTD drills from Mapal ensures a very stable fit of the drill heads. This enables optimum torque transfer as well as high changeover and concentricity accuracies. (Image:Mapal)")
:quality(80)/p7i.vogel.de/wcms/45/58/4558b829ca844389c7c340a706e80ac5/0129121753v1.jpeg "High-precision milling and grinding with oil on the Kern Micro HD achieves maximum accuracy in the tolerance range of up to 1.5 micrometers in the workpieces. (Image:Kern Mikrotechnik GmbH)")
:quality(80)/p7i.vogel.de/wcms/4b/0f/4b0faa6f14d841b9c739c2e3359eb032/0129335117v1.jpeg "Riccardo Rosa, president of Ucimu, the Italian mechanical engineering association, is not pleased with the overall situation in his country. Here is a status report from the \"boot\" of Europe ... (Image:Ucimu)")
:quality(80)/p7i.vogel.de/wcms/af/1e/af1ec4fca4636f521f780ba0ae009c8e/bild3-werkst-c3-bcck-20und-20werkzeug-5204x2928v1v1.jpeg "The main area of application for the new axial gear cutting machine is the production of rotor shafts for electric vehicles. (Image:Profiroll Technologies)")
:quality(80)/p7i.vogel.de/wcms/cd/fe/cdfe212a3b3206e2ff09dcdf71c11240/0129219561v1.jpeg "Extended S-series: The new Cobot models from Omron lift up to 30 kilograms and are now also protected against dust and water thanks to protection class IP65. (Image:Omron)")
:quality(80)/p7i.vogel.de/wcms/c3/6d/c36d161e7709095fd1de4cb9de27d927/0129133682v1.jpeg "Nanjing is Siemens' largest research and production center for CNC systems, drives and electric motors outside Germany. (Image:Siemens)")
:quality(80)/p7i.vogel.de/wcms/70/dc/70dc2fbc09e6958a72c63bd15e986e14/0129206156v1.jpeg "The global shoe machine manufacturer Desma relies on automation and has been revolutionizing shoe production—together with ABB Robotics for over 40 years. (Image:ABB Robotics)")
:quality(80)/p7i.vogel.de/wcms/60/fd/60fd12ddfe1fb623568736f27d1cfe61/0128606899v1.jpeg "The future of supply chains: AI and dashboards to ensure optimal OTIF values (Picture: ©immimagery - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/8f/ff/8fff835b941e411b6f988a183905309a/0129302533v1.jpeg "The Chair of AI Chip Design at the Technical University of Munich (TUM) has created the EU's first AI chip using modern 7-nanometer technology. In the picture: Chair holder Prof. Hussam Amrouch. (Image:Andreas Heddergott / TU Munich)")
:quality(80)/p7i.vogel.de/wcms/39/38/393873c2ed943bb715a6419d94049b63/geralt-entrepreneur-1340649-1280-1280x720v1v1.jpeg "Visual Components presents its forecast for production simulation in 2026. (Image:Pixabay)")
:quality(80)/p7i.vogel.de/wcms/60/4e/604e2a1ce26f177c5f28c2bff94c2f7d/der-20rotor-20mit-20aktiv-20verwindbaren-20rotorbl-c3-a4ttern-20im-20windkanal-1920x1079v1v1.jpeg "The rotor with actively twistable rotor blades in the wind tunnel: The open measuring section and sound-absorbing wall and model fuselage cladding enable high-quality acoustic measurements. (Image:DLR)")
:quality(80)/p7i.vogel.de/wcms/a8/9a/a89aef1cba3843fa06a1ec1f07cf659b/adobestock-95634179--c2-a9-20crazyforanimeart-20-e2-80-93-20stock-adobe-com-4762x2678v1v1.jpeg "Copied from the octopus: Researchers have developed a film-like thin-film platform that can dynamically change not only its color but also its surface structure. (Image:AdobeStock_95634179_ CrazyForAnimeArt)")
:quality(80)/p7i.vogel.de/wcms/21/8e/218e304ba65372854479aa52b4ccdbe5/0129271089v1.jpeg "Suppliers from Europe are currently facing a variety of challenges. Pictured: The Aumovio headquarters in Frankfurt am Main. (Image:Aumovio)")
:quality(80)/p7i.vogel.de/wcms/d2/40/d240b49c8edba464bf610f0e0b3628f0/p90629460-lowres-2250x1265v1.jpeg "(Source: BMW Group)")
:quality(80)/p7i.vogel.de/wcms/e9/60/e960f8c34a847b11fc576c54d9d46ea6/0129325747v1.jpeg "Robobuses, like WeRide here, are well on the way to becoming an integral part of local public transport. (Image:WeRide)")
:quality(80)/p7i.vogel.de/wcms/e3/8d/e38d7a9b1bcb87f6ef6546654a2ee40f/bild1v1.jpeg "(Source: InfiMotion)")
:quality(80)/p7i.vogel.de/wcms/5b/38/5b385ec75bff6e84b70a02c0c939dd2b/0129331527v1.jpeg "The TSMC site of Japan Advanced Semiconductor Manufacturing in Kumamoto, Japan. While the second fab currently under construction was initially only intended for the production of semiconductors using the N6 process, the contract manufacturer is currently negotiating with the Japanese government to possibly upgrade the site to N3 after all. (Image:JASM)")
:quality(80)/p7i.vogel.de/wcms/02/49/0249ae04d53137282148ff0ef0fbcfa2/0129294209v1.jpeg "Superconductivity can reveal hidden magnetic orders by forcing it to break its own symmetries. (Image:freely licensed)")
:quality(80)/p7i.vogel.de/wcms/82/53/8253c7a38b4891e5822a06405e0124cb/0129319571v1.jpeg "The losses and penetration depth depend on the frequency. (Picture: ©studioworkstock - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/6f/8f/6f8ff5bf9b81829ef22736bc790cecca/0129224894v1.jpeg "View of the quantum optics laboratory at the University of Stuttgart: here, researchers are experimenting with new photon sources for quantum computing and quantum networks. (Image:Barz Group, University of Stuttgart)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/66/d5/66d5b12d87fd6ac98cd44cb6ed9d2dc8/0127640748v1.jpeg "Geopolitical tensions over Nexperia chips highlight China's use of export controls as an industrial policy tool. (Image: ©Destina - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/74/04/740437c3c9c75174c80f797d7385ebae/0123364030v1.jpeg "Some legal aspects of dealing with data rooms are further explored below to provide companies with strategies to handle data in a legally secure and responsible manner and to respond appropriately in case of data protection violations. (Image:freely licensed)")