Worries about Chinese Yutong buses’ remotely operated ‘kill switch’

Luc Joris

November 12, 2025

A Yutong bus on typical Flemish roads. According to research, the Chinese manufacturer can remotely shut down the buses with an automatic software update /Yutong

Yutong, China’s biggest bus manufacturer, based in Zhengzhou, which has supplied electric buses to Norway, Denmark, and the Netherlands, has built a remotely operated ‘kill switch’ into its vehicles.

This mechanism gives the manufacturer digital access to systems for software updates and diagnostics. Still, in theory, it is also possible to disable or influence the e-bus or coach remotely via digital access.

So far, there is no evidence or incident of such a shutdown, but authorities are warning, from a cybersecurity perspective, that stricter security requirements are urgently needed.

Theory versus practice

Huawei, TikTok, or Hikvision’s surveillance cameras-another Chinese company? In the EU, which is striving for strategic autonomy, there is a growing debate over digital security and national sovereignty amid technological dependence on China. The whole Yutong bus story also fits into this context.

At the end of October, Norwegian public transport operator Ruter conducted tests on e-buses from Yutong and Dutch manufacturer VDL in a facility inside a mountain tunnel, a measure to prevent external connectivity and simulate worst-case conditions.

During these tests, Ruter found that the Chinese manufacturer Yutong had access to the operating systems for software updates and diagnostics, and to the control system for the battery and power supply, via a mobile network SIM card (a Romanian SIM). “In theory, therefore, this bus can be stopped or rendered inoperable by the manufacturer,” dixit the report.

Risk of hacking or sabotage

From a cybersecurity perspective, Ruter’s report immediately set off alarm bells in the EU countries where Yutong’s e-buses operate. After all, such access opens a potential risk of hacking, sabotage, or unauthorized access to vital vehicle system functions.

In Norway, for example, there are now 850 Yutong e-buses in operation. In Denmark, transport company Movia has 262 Yutong buses in its fleet.

In the Netherlands, bus operators such as Qbuzz, Keolis, and Transdev have Yutong buses in service or on order – a quarter of the more than 9,000 buses in Dutch public transport come from China.

According to the newspaper De Standaard, there are currently ten Yutong buses in operation in Belgium at private companies, including a subcontractor of De Lijn. At the same time, the public transport company has also placed orders with BYD.

Although no exact figures are available for the United Kingdom, Yutong buses are used in Bristol, Essex, Leicester, Nottingham, South Wales, and South Yorkshire, among other places.

And such a report naturally fuels fears that dependent infrastructure could be vulnerable to a foreign manufacturer or authority having access to vehicles used in public transport.

Yutong T15E, the award-winner at Busworld 2023, is in operation in Finland.

Systems comply with local legislation

Yutong, one of the world’s largest bus manufacturers, has not immediately responded to the news that its buses are vulnerable to interference.

However, the company has previously stated that its systems comply with local legislation, that data are encrypted and stored on Amazon servers, and that access is only granted after customer authorization. In other words, the functions are intended for maintenance, optimization, and service, not for the manufacturer’s operational control of the bus.

It also emphasizes that over-the-air updates and digital connectivity are now standard in modern EVs, not just at Yutong.

Stricter security requirements

However, as a precaution, Ruter will impose stricter security requirements in future tenders. The company has also developed firewalls that guarantee local control and protect against hacking.

Movia, for its part, is working hard to review risk assessments and is looking for ways to better secure vulnerable areas against unwanted access or shutdown.

In the UK, the government and the National Cyber Security Center are investigating whether Chinese-made buses, such as those from Yutong, pose a national security risk. According to the NRC, research is currently underway in the Netherlands into the potential risks posed by external manipulation of smart buses and trucks.

Although a malicious ‘kill switch’ has not yet been demonstrated, and the news in the field of economic espionage has a certain John le Carré feel, the Yutong case is reigniting the debate over Beijing’s involvement in European infrastructure.

China has laws requiring companies to share data with the government when it is in the national interest. This obviously makes it risky for European states to use Chinese technology, and the EU will undoubtedly, under the motto ‘Trust but verify,’ impose more requirements on digital transparency and source code access for foreign technology in its procurement rules.

The Yutong stand at Busworld Europe in Brussels in October /Yutong

You Might Also Like

Create a free account, or log in.

Gain access to read this article, plus limited free content.

Yes! I would like to receive new content and updates.