Yutong and UK dealer Pelican Bus and Coach have responded to mainstream media claims on cybersecurity alleging that the marque’s battery-electric coaches and buses could be disabled or controlled remotely by the builder.
The manufacturer says that it understands concerns about vehicle safety and data privacy protection. Data generated in Europe is stored in Germany for use in maintenance, optimisation and improvement purposes to meet customers’ aftersales service needs.
“The data is protected by storage encryption and access control measures,” Yutong adds. “Nobody is allowed to unlawfully access or view the data without signed customer authorisation. Yutong strictly complies with the EU’s data protection laws and regulations.”
Pelican Head of Yutong Ian Downie says that all software updates delivered to electric buses here are controlled by the Castleford dealership.
He adds that they are only uploaded to vehicles after written permission is received from the operator and that under a procedure introduced by Pelican earlier in 2025, software updates can only be carried out in-person with the vehicle. Over-the-air updates are not available for vehicles sold in the UK.
Mr Downie underlines that all Yutong products supplied to Europe are in full compliance with UN Regulation 155 that governs cybersecurity and cybersecurity management.
In addition, those vehicles meet UN Regulation 156 on software update and software update management systems, ISO 27001 standards on information security management systems, and ISO 27701 on privacy information management systems.
“These regulations establish unified standards for vehicle cybersecurity and cybersecurity management systems,” the manufacturer continues.
Mr Downie adds that Yutong vehicles sold to European markets support customers’ remote control for comfort-based needs such as scheduling pre-conditioning of the on-board temperature. Operators can log in using private accounts to manage their fleets.
In addition, Yutong says that its vehicles supplied to Europe do not support remote control of acceleration, steering or braking.
“Yutong always prioritises vehicle data security and the protection of customer privacy and fulfils its commitments to cybersecurity management for vehicles and data protection with high standards,” it adds. “Yutong strictly complies with the applicable laws, regulations and industry standards of the locations where its vehicles operate.”
The vehicle OEM has also confirmed that its electronic architecture is similar to what is found on many other battery-electric vehicles and that all data is owned by the operator, not the manufacturer.
“Yutong cannot in any way make changes, update or reduce the speed of the bus without the owner itself being involved or doing so,” Pelican says in a statement.
“Vehicles comply with all UK and EU requirements for data security, having been thoroughly tested, and are monitored by European authorities in the same way as any other manufacturer’s products from Europe, the United States or Asia.”
The dealership adds that any operator of Yutong vehicles that is not happy with over-the-air functionality can disconnect the i-card reader or unplug the SIM card. That will isolate the vehicle and stop it from receiving any data with no impact to on-road performance.
“There is absolutely nothing for operators or stakeholders to worry about in these reports,” adds Pelican Managing Director Richard Crump.
