Growing concerns about technological dependence are reshaping Europe’s approach to public transportation and cybersecurity. What was once a quiet and efficient sector in Scandinavia is now at the center of a heated debate about national security and digital sovereignty.
Growing concerns regarding Chinese-manufactured buses
Public transport providers in Denmark and Norway are facing a possible security vulnerability within their electric bus fleets, particularly in vehicles manufactured by Yutong, the globe’s leading bus producer headquartered in Zhengzhou, China. The problem arises from the buses’ capacity to accept remote software updates and perform diagnostic assessments – a functionality that, despite its technological sophistication, also sparks worries that the vehicles could be disabled or controlled remotely.
Movia, the premier public transportation authority in Denmark, has conceded that this wireless capability could enable an external entity—be it the producer or a cybercriminal—to remotely incapacitate a bus. Jeppe Gaard, Movia’s chief operating officer, clarified that this issue isn’t exclusive to Chinese manufacturers but represents a wider concern linked to the growing digital integration in contemporary vehicles. Both electric cars and buses, he pointed out, are heavily dependent on networked systems that are, theoretically, susceptible to remote access and deactivation.
Since 2019, Movia has integrated over 260 Yutong buses into its operational fleet for Copenhagen and eastern Denmark. Comparable worries were voiced in Norway, where Ruter, a prominent public transport operator, conducted an independent inquiry. The firm executed controlled evaluations of both Yutong and Dutch-manufactured VDL buses within protected, subterranean facilities. The results indicated that while the Dutch models lacked the functionality for remote updates, Yutong retained direct digital connectivity to its vehicles for software enhancements and diagnostics — implying that, at least hypothetically, the buses could be disabled remotely, despite not being capable of remote driving.
China’s reaction and data security guarantees
Yutong has responded to these claims by affirming its compliance with international regulations and emphasizing its commitment to data privacy and cybersecurity. The company stated that all vehicle data within the European Union is securely housed in an Amazon Web Services data center located in Frankfurt, Germany. Yutong further assured that all stored information is encrypted, protected by strict access controls, and inaccessible without explicit customer authorization.
Despite these reassurances, European authorities and transit companies remain cautious. The incident has intensified discussions about Europe’s growing dependency on Chinese technology — a relationship characterized by mutual economic benefits but shadowed by deep geopolitical mistrust. Beijing’s alleged involvement in cyber espionage, intellectual property theft, and surveillance activities has led many European leaders to reconsider the long-term implications of their reliance on Chinese suppliers for critical infrastructure.
A broader European dilemma
The scrutiny surrounding Yutong’s buses is only the latest episode in Europe’s complex technological relationship with China. Across the continent, policymakers are attempting to strike a delicate balance between leveraging China’s advanced manufacturing capabilities and protecting national interests. Recent events — including the Netherlands’ decision to seize control of the Chinese-owned chipmaker Nexperia — have fueled concerns that Europe’s automotive and technology sectors could face major disruptions in the event of diplomatic or trade tensions.
Many governments have already taken steps to limit exposure to potential vulnerabilities. Several European nations, following the example of the United States, have removed Huawei and ZTE equipment from their 5G networks, citing risks of espionage and data manipulation. Now, attention has shifted to the rapidly growing market for Chinese electric vehicles. According to consultancy JATO Dynamics, Chinese EVs doubled their market share in Europe in early 2025, reaching over 5% — a figure that highlights both consumer interest and regulatory unease.
China, for its part, has dismissed Western fears as unfounded and politically motivated. Earlier this year, a spokesperson for China’s Foreign Ministry criticized U.S. restrictions on Chinese automotive technology, arguing that such measures “overstretch the concept of national security.” Chinese officials maintain that their companies operate transparently and pose no threat to foreign nations.
Western Intelligence Worries
Security experts across Europe, however, remain skeptical. Former MI6 chief Richard Dearlove warned that Western governments are facing a challenge similar to the one posed by Huawei during the 5G rollout. In his view, the increasing prevalence of connected vehicles built by Chinese manufacturers could create new vulnerabilities. He suggested that, in a worst-case scenario, China could theoretically disable fleets of electric vehicles in major cities — a scenario that could disrupt transportation networks during a crisis.
Still, some cybersecurity professionals argue that such a scenario, while technically feasible, is unlikely. Ken Munro, founder of the British-American firm Pen Test Partners, noted that any internet-connected vehicle — whether produced by a Western or Chinese company — carries inherent risks of remote interference. Even well-known brands like Tesla, he explained, depend on software connectivity that could be exploited under specific conditions.
In response to these concerns, Ruter has implemented a series of protective measures, including enhanced cybersecurity protocols, firewalls, and stricter oversight of future vehicle acquisitions. The company is also working with national authorities to establish clearer cybersecurity standards for public transport systems. However, experts remain divided on whether such precautions are sufficient. Munro cautioned that the only foolproof method to eliminate the risk would be to completely remove online connectivity from vehicles — a move that would also hinder the ability to perform critical updates and maintenance remotely.
The intersection of innovation and vulnerability
The debate unfolding in Scandinavia underscores a broader paradox of the digital age: the same technologies that enable efficiency and innovation can also expose systems to new forms of risk. As cities strive to modernize public transport and reduce carbon emissions through electrification, they must also grapple with questions of technological sovereignty, data privacy, and national security.
Europe’s dependence on Chinese-manufactured parts and programs reaches well beyond its public transportation systems. From its communication grids to its green energy facilities, the continent’s advancement is profoundly linked to China’s industrial framework. As international conflicts escalate, the task for European countries will involve safeguarding their technological autonomy while continuing their journey towards ecological balance and pioneering development.
The controversy surrounding Yutong’s buses has made one thing clear: cybersecurity is now as crucial as clean energy in shaping the future of urban mobility. The issue is not confined to any one country or manufacturer — it represents a defining test for the next phase of Europe’s digital transformation.
In the end, as Ken Munro aptly summarized, the debate boils down to one word — trust. And in an increasingly interconnected world, trust may prove to be the most valuable and fragile asset of all.