Growing concerns about technological dependence are reshaping Europe’s approach to public transportation and cybersecurity. What was once a quiet and efficient sector in Scandinavia is now at the center of a heated debate about national security and digital sovereignty.
Growing concerns regarding Chinese-manufactured buses
Public transport providers in Denmark and Norway are facing a possible security vulnerability within their electric bus fleets, particularly in vehicles manufactured by Yutong, the globe’s leading bus producer headquartered in Zhengzhou, China. The problem arises from the buses’ capacity to accept remote software updates and perform diagnostic assessments – a functionality that, despite its technological sophistication, also sparks worries that the vehicles could be disabled or controlled remotely.
Movia, Denmark’s leading public transit agency, has acknowledged that this over-the-air functionality could allow a third party — either the manufacturer or a hacker — to remotely disable a bus. Jeppe Gaard, Movia’s chief operating officer, explained that the problem is not unique to Chinese manufacturers but is a broader challenge tied to the increasing digitalization of modern vehicles. Electric cars and buses alike, he noted, rely heavily on online systems that can, in principle, be accessed and deactivated remotely.
Since 2019, Movia has incorporated more than 260 Yutong buses into its fleet serving Copenhagen and eastern Denmark. Similar concerns were echoed in Norway, where Ruter, a major public transportation provider, conducted its own investigation. The company carried out controlled tests on both Yutong and Dutch-made VDL buses in secure, underground facilities. The findings showed that while the Dutch models lacked remote update capabilities, Yutong maintained direct digital access to its vehicles for software updates and diagnostics — meaning that, at least theoretically, the buses could be rendered inoperable remotely, even though they could not be remotely driven.
China’s response and data protection assurances
Yutong has responded to these claims by affirming its compliance with international regulations and emphasizing its commitment to data privacy and cybersecurity. The company stated that all vehicle data within the European Union is securely housed in an Amazon Web Services data center located in Frankfurt, Germany. Yutong further assured that all stored information is encrypted, protected by strict access controls, and inaccessible without explicit customer authorization.
Despite these reassurances, European authorities and transit companies remain cautious. The incident has intensified discussions about Europe’s growing dependency on Chinese technology — a relationship characterized by mutual economic benefits but shadowed by deep geopolitical mistrust. Beijing’s alleged involvement in cyber espionage, intellectual property theft, and surveillance activities has led many European leaders to reconsider the long-term implications of their reliance on Chinese suppliers for critical infrastructure.
A broader European dilemma
The scrutiny surrounding Yutong’s buses is only the latest episode in Europe’s complex technological relationship with China. Across the continent, policymakers are attempting to strike a delicate balance between leveraging China’s advanced manufacturing capabilities and protecting national interests. Recent events — including the Netherlands’ decision to seize control of the Chinese-owned chipmaker Nexperia — have fueled concerns that Europe’s automotive and technology sectors could face major disruptions in the event of diplomatic or trade tensions.
Many administrations have already implemented measures to restrict susceptibility to potential weaknesses. Several European countries, emulating the United States, have purged Huawei and ZTE apparatus from their 5G infrastructure, citing espionage and data manipulation hazards. Currently, focus has shifted to the rapidly expanding sector of Chinese electric vehicles. As per JATO Dynamics, Chinese EVs saw their market penetration in Europe double in early 2025, surpassing 5% — a statistic that underscores both consumer demand and regulatory apprehension.
China, for its part, has dismissed Western fears as unfounded and politically motivated. Earlier this year, a spokesperson for China’s Foreign Ministry criticized U.S. restrictions on Chinese automotive technology, arguing that such measures “overstretch the concept of national security.” Chinese officials maintain that their companies operate transparently and pose no threat to foreign nations.
Western intelligence concerns
Security experts across Europe, however, remain skeptical. Former MI6 chief Richard Dearlove warned that Western governments are facing a challenge similar to the one posed by Huawei during the 5G rollout. In his view, the increasing prevalence of connected vehicles built by Chinese manufacturers could create new vulnerabilities. He suggested that, in a worst-case scenario, China could theoretically disable fleets of electric vehicles in major cities — a scenario that could disrupt transportation networks during a crisis.
Still, some cybersecurity experts contend that such a situation, though technically possible, is improbable. Ken Munro, the creator of the Anglo-American company Pen Test Partners, pointed out that any vehicle connected to the internet—regardless of whether it’s manufactured by a Western or Chinese firm—inherently carries dangers of distant manipulation. Even prominent names such as Tesla, he clarified, rely on software connections that could be compromised under particular circumstances.
In light of these worries, Ruter has put in place several safeguards, such as improved cybersecurity measures, firewalls, and more rigorous scrutiny of upcoming vehicle purchases. The organization is also collaborating with national agencies to define more precise cybersecurity guidelines for public transportation networks. Nevertheless, specialists are still split on the adequacy of these preventative steps. Munro warned that the sole guaranteed way to eradicate the danger would be to entirely disconnect vehicles from the internet — an action that would simultaneously impede the capacity to carry out essential updates and remote upkeep.
Where groundbreaking ideas meet susceptibility
The debate unfolding in Scandinavia underscores a broader paradox of the digital age: the same technologies that enable efficiency and innovation can also expose systems to new forms of risk. As cities strive to modernize public transport and reduce carbon emissions through electrification, they must also grapple with questions of technological sovereignty, data privacy, and national security.
Europe’s reliance on Chinese-made components and software extends far beyond public transport. From communication networks to renewable energy infrastructure, the continent’s modernization is deeply intertwined with China’s industrial ecosystem. As global tensions rise, the challenge for European nations will be to secure their technological independence without stalling their progress toward sustainability and innovation.
The controversy surrounding Yutong’s buses has made one thing clear: cybersecurity is now as crucial as clean energy in shaping the future of urban mobility. The issue is not confined to any one country or manufacturer — it represents a defining test for the next phase of Europe’s digital transformation.
In conclusion, as Ken Munro so aptly put it, the core of the discussion centers on a single concept—trust. And in our progressively intertwined global landscape, trust could very well emerge as the most precious and delicate commodity.
