Mounting worries regarding reliance on technology are transforming Europe’s strategy for public transit and digital security. A sector that was previously calm and effective in Scandinavia is now the focal point of an intense discussion concerning national defense and digital autonomy.
Growing concerns regarding Chinese-manufactured buses
Public transportation operators in Denmark and Norway are confronting a potential security flaw in their electric bus fleets, specifically in vehicles produced by Yutong, the world’s largest bus manufacturer based in Zhengzhou, China. The issue stems from the buses’ ability to receive remote software updates and diagnostic checks — a feature that, while technologically advanced, also raises concerns that the vehicles could be immobilized or manipulated from afar.
Movia, Denmark’s leading public transit agency, has acknowledged that this over-the-air functionality could allow a third party — either the manufacturer or a hacker — to remotely disable a bus. Jeppe Gaard, Movia’s chief operating officer, explained that the problem is not unique to Chinese manufacturers but is a broader challenge tied to the increasing digitalization of modern vehicles. Electric cars and buses alike, he noted, rely heavily on online systems that can, in principle, be accessed and deactivated remotely.
Since 2019, Movia has integrated over 260 Yutong buses into its operational fleet for Copenhagen and eastern Denmark. Comparable worries were voiced in Norway, where Ruter, a prominent public transport operator, conducted an independent inquiry. The firm executed controlled evaluations of both Yutong and Dutch-manufactured VDL buses within protected, subterranean facilities. The results indicated that while the Dutch models lacked the functionality for remote updates, Yutong retained direct digital connectivity to its vehicles for software enhancements and diagnostics — implying that, at least hypothetically, the buses could be disabled remotely, despite not being capable of remote driving.
China’s response and data protection assurances
Yutong has addressed these allegations by asserting its adherence to global standards and underscoring its dedication to data protection and digital security. The company declared that all vehicle-related data within the European Union is safely stored in an Amazon Web Services data facility situated in Frankfurt, Germany. Yutong additionally guaranteed that all retained information is encrypted, safeguarded by stringent access limitations, and cannot be accessed without explicit customer consent.
Despite these assurances, European officials and transportation firms maintain a wary stance. This event has amplified conversations regarding Europe’s increasing reliance on Chinese technology—a connection marked by reciprocal economic advantages yet overshadowed by profound geopolitical suspicion. Beijing’s purported participation in cyber espionage, intellectual property theft, and surveillance operations has prompted numerous European leaders to reevaluate the enduring consequences of their dependence on Chinese providers for essential infrastructure.
A broader European dilemma
The examination of Yutong’s buses represents just one recent chapter in Europe’s intricate technological ties with China. Throughout the continent, political leaders are striving to achieve a careful equilibrium: harnessing China’s sophisticated production prowess while simultaneously safeguarding national interests. Recent occurrences, such as the Netherlands’ move to take over the Chinese-owned chip manufacturer Nexperia, have intensified worries that Europe’s automotive and tech industries might encounter significant disturbances should diplomatic or commercial disputes arise.
Many governments have already taken steps to limit exposure to potential vulnerabilities. Several European nations, following the example of the United States, have removed Huawei and ZTE equipment from their 5G networks, citing risks of espionage and data manipulation. Now, attention has shifted to the rapidly growing market for Chinese electric vehicles. According to consultancy JATO Dynamics, Chinese EVs doubled their market share in Europe in early 2025, reaching over 5% — a figure that highlights both consumer interest and regulatory unease.
China, for its part, has dismissed Western fears as unfounded and politically motivated. Earlier this year, a spokesperson for China’s Foreign Ministry criticized U.S. restrictions on Chinese automotive technology, arguing that such measures “overstretch the concept of national security.” Chinese officials maintain that their companies operate transparently and pose no threat to foreign nations.
Western intelligence concerns
Security specialists throughout Europe, however, maintain a degree of skepticism. Richard Dearlove, the former head of MI6, cautioned that Western administrations are confronting a predicament akin to the one presented by Huawei during the deployment of 5G technology. From his perspective, the growing ubiquity of internet-connected automobiles produced by Chinese companies might introduce novel points of weakness. He posited that, under the most dire circumstances, China could hypothetically incapacitate numerous electric vehicle fleets in prominent urban centers — a situation capable of paralyzing transit systems during an emergency.
Still, some cybersecurity professionals argue that such a scenario, while technically feasible, is unlikely. Ken Munro, founder of the British-American firm Pen Test Partners, noted that any internet-connected vehicle — whether produced by a Western or Chinese company — carries inherent risks of remote interference. Even well-known brands like Tesla, he explained, depend on software connectivity that could be exploited under specific conditions.
In response to these concerns, Ruter has implemented a series of protective measures, including enhanced cybersecurity protocols, firewalls, and stricter oversight of future vehicle acquisitions. The company is also working with national authorities to establish clearer cybersecurity standards for public transport systems. However, experts remain divided on whether such precautions are sufficient. Munro cautioned that the only foolproof method to eliminate the risk would be to completely remove online connectivity from vehicles — a move that would also hinder the ability to perform critical updates and maintenance remotely.
Where groundbreaking ideas meet susceptibility
The debate unfolding in Scandinavia underscores a broader paradox of the digital age: the same technologies that enable efficiency and innovation can also expose systems to new forms of risk. As cities strive to modernize public transport and reduce carbon emissions through electrification, they must also grapple with questions of technological sovereignty, data privacy, and national security.
Europe’s dependence on Chinese-manufactured parts and programs reaches well beyond its public transportation systems. From its communication grids to its green energy facilities, the continent’s advancement is profoundly linked to China’s industrial framework. As international conflicts escalate, the task for European countries will involve safeguarding their technological autonomy while continuing their journey towards ecological balance and pioneering development.
The debate over Yutong’s bus fleet highlights a critical point: cybersecurity is now as vital as sustainable power in defining the trajectory of city transportation. This challenge extends beyond a single nation or producer, marking a pivotal moment for the subsequent stage of Europe’s digital evolution.
In the end, as Ken Munro aptly summarized, the debate boils down to one word — trust. And in an increasingly interconnected world, trust may prove to be the most valuable and fragile asset of all.
