v2x Archives - AUTOCRYPT

27 May, 2026 . 2 mins read

AUTOCRYPT Achieves WebTrust Accreditation for V2X PKI Infrastructure

AUTOCRYPT, a leading automotive and AI cybersecurity solutions provider, announced that its V2X Public Key Infrastructure (PKI) service (Link) has officially obtained WebTrust certification through an independent third-party audit, confirming that the company meets globally recognized standards for PKI operations, security controls, certificate issuance, and lifecycle management.

Supporting V2X PKI and SCMS deployments across multiple countries, including nationwide-scale infrastructure projects, AUTOCRYPT’s certified infrastructure enables scalable certificate issuance, renewal, and revocation management (CRL/CTL) while serving as a trusted Root of Trust for V2X message security.

“As V2X ecosystems move from pilot programs to nationwide deployments, trust infrastructure becomes foundational rather than optional,” said Seokwoo Lee, Founder and CEO of AUTOCRYPT. “This accreditation validates our capability not only to issue certificates securely, but also to support scalable, long-term PKI operations across OEM and transportation ecosystems.”

With V2X deployments accelerating globally, AUTOCRYPT plans to continue expanding trusted PKI technologies including large-scale certificate lifecycle management, interoperability support, and future-ready security capabilities. AUTOCRYPT will further highlight these initiatives and its V2X solutions portfolio (Link) at the ITS America Conference & Expo 2026 from June 10–12 at Booth #6045 (Link).

To learn more, visit autocrypt.io.

About Autocrypt Co., Ltd.

AUTOCRYPT is a leading automotive cybersecurity provider delivering trusted security infrastructure for connected and software-defined vehicles. The company provides V2X PKI/SCMS, KMS, cybersecurity validation platforms, IDS/vSOC, and compliance solutions supporting OEMs and transportation agencies globally.

9 June, 2025 . 5 mins read

Global Commercialization of Robotaxis

As consumer attitudes shift in favor of intelligent, software-powered vehicles, there has been a rapid global commercialization of mobility transportation services developed by mobility platform operators. Several autonomous mobility services have emerged, each with their distinct technological, regulatory, and economic profiles.

Among these services, robotaxi commercialization is proceeding faster than that of other autonomous mobility services due to a convergence of regulatory flexibility, scalable profitability models, and accelerated technological innovation. This momentum is further fueled by growing public expectations that robotaxis will emerge as a mainstream urban mobility solution, offering a cost-effective alternative to both traditional taxis and privately owned vehicles.

At the same time, cybersecurity concerns have surfaced around autonomous robotaxi fleets, as a single vulnerability could potentially impact multiple vehicles and pose serious risks to public safety. This article aims to showcase the current status surrounding robotaxi commercialization and emphasize the importance of maintaining safe cybersecurity measures as robotaxis permeate more into everyday life.

Robotaxi Service Development by Region

Across the robotaxi ecosystem, service development among mobility providers spans multiple stages ranging from trials and pilots to commercial operations and mass deployment. Regional regulatory environments have been playing a critical role in shaping business strategies, with service providers typically expanding globally following proven success in their domestic markets.

Among the more regulatory-open regions are China, Dubai, Abu Dhabi and the United States, where governments have actively introduced dedicated frameworks and launched national initiatives to support the commercialization of autonomous robotaxis. Companies such as Baidu, Pony.ai and WeRide have expanded their presence in these markets through strategic partnerships with local taxi operators and public agencies.

Meanwhile, countries such as Japan and South Korea have adopted a more measured approach to autonomous driving regulation, with services providers such as Avride, TIER IV and Motional conducting pilot programs in designated areas as they work toward full-scale commercialization.

Global Robotaxi Commercialization Trends

Observing the activities of global robotaxi service providers across key cities, several emerging patterns in commercialization efforts can be derived.

First, major operators are actively expanding into the United Arab Emirates (UAE), signaling the region’s growing openness to autonomous mobility. WeRide and Uber launched their first international robotaxi service in Abu Dhabi in December 2024, and extended their partnership to Dubai in April 2025, with the goal of integrating robotaxis into the city’s transportation network. Baidu has also partnered with UAE-based Autogo, targeting the start of commercial operations in Abu Dhabi by 2026, with pilot trials expected in Dubai within 2025.

Second, the global autonomous vehicle industry is increasingly defined by a two-track development model – China emerging as a leading hub for commercial deployment, and the United States serving as a focal point for research and development. AutoX, headquartered in San Jose, California, launched its Level 4 driverless robotaxi service to the public in Shenzhen, China in 2021. Similarly, Pony.ai operates dual headquarters in the US and China, with large-scale robotaxi fleets running in cities like Beijing and Guangzhou, while pilot programs continue in California cities such as Fremont and Irvine.

Third, US-based companies are steadily expanding robotaxi operations across state lines, navigating a fragmented regulatory landscape in the absence of a unified regulatory framework. As of May 2025, Waymo provides over 250,000 paid driverless rides per week across cities including San Francisco, Los Angeles, Austin, Phoenix and Austin, with plans to enter new markets such as Atlanta, Miami and Washington, D.C. by 2026. Meanwhile, Tesla is preparing to launch its robotaxi service in Austin in June 2025, with expectations that the service expand to additional cities once operational stability is achieved.

Cybersecurity Concerns around Robotaxis

While autonomous robotaxis hold significant promise for improving urban mobility through enhanced convenience and accessibility, cybersecurity risks remain a critical concern. Although no confirmed cases of malicious hacking specifically targeting autonomous robotaxis have been reported to date, incidents involving software malfunctions have nonetheless heightened public unease around the reliability of these systems.

This growing apprehension is reflected in the ‘Electric Vehicle Intelligence Report (EVIR) 2025 May Edition’ where 71% of respondents showed reluctance to riding a robotaxi. Among the key concerns regarding robotaxi rides, 28% of respondents cited safety issues related to robotaxi use, while 18% expressed worry about over-reliance on sensors.

Unlike privately owned autonomous vehicles, cyberthreats to robotaxis carry heavy significance as a vulnerability in one model or system could potentially affect the city-wide transportation systems connected with internal and external data streams. As these services scale, it becomes vital to implement robust, end-to-end cybersecurity measures to ensure the safety of the vehicles, passengers and ultimately the entire mobility ecosystem.

Autocrypt’s Technical Expertise

Through a multi-layered approach that integrates advanced technologies, regulatory compliance, and industry collaboration, Autocrypt is well positioned to address the cybersecurity challenges associated with public mobility services.

With solutions spanning the entire autonomous ecosystem – from securing V2X communication security with AutoCrypt V2X, to safe-guarding in-vehicle security systems through AutoCrypt IVS, and overseeing operational data from AutoCrypt FMS – potential risks around mobility services can be prevented beforehand, enhancing the overall safety of connected mobility environments.

As the rapid advancement of robotaxi services marks a pivotal step toward the integration of autonomous vehicles into mainstream mobility networks, it is critical to raise cybersecurity awareness and implement preventive safeguards. Doing so will be essential to ensuring public trust and unlocking the full potential of autonomous mobility.

To learn more about the latest news on mobility tech and software-defined vehicles, read our blog for more technology insights or subscribe to AUTOCRYPT’s monthly newsletter.

13 May, 2025 . 2 mins read

AUTOCRYPT Selected as Top 3 Automotive Cybersecurity Innovator by Frost & Sullivan

AUTOCRYPT, a leading automotive software solutions provider, announced that the company had been named in Frost & Sullivan’s “Frost Radar™ Report for Automotive Cybersecurity 2024,” placing third overall in indices for Innovation, and fourth in Growth.

A leading global consulting firm, Frost & Sullivan releases the Frost Radar to offer strong market research evaluating companies across Innovation & Growth in their respective industries. The 2024 report for Automotive Cybersecurity assessed over 20 global companies, and Autocrypt was the only company from the Asia-Pacific region to rank among the top seven performers.

Seokwoo Lee, Founder and CEO of Autocrypt, said regarding the report, “The recognition is a validation of our technological excellence in delivering innovative standards and regulatory compliant solutions. Our commitment to comprehensive cybersecurity for our OEM and Tier-1 customers drives us to support the industry’s shift to software-defined vehicles.”

Senior Industry Analyst at Frost & Sullivan, Dorothy Amy remarked, “With the increase in countries that mandate cybersecurity, manufacturers and suppliers will have to prove a strong foundation of cybersecurity before vehicles can go on the market. Autocrypt is emerging as a key company in ensuring compliance-ready, product-grade security for vehicles worldwide.”

The recognition from Frost & Sullivan highlighted AUTOCRYPT’s comprehensive suite of security solutions that covers the wide breadth of the transportation ecosystem, covering V2X, in-vehicle systems, to EV charging security. The company most recently announced that its offerings would extend to PQC-compliant solutions, preparing the automotive industry for a post-quantum future.

Learn more about Autocrypt’s security solutions at autocrypt.io.

29 April, 2025 . 5 mins read

Cyber Resilience Act Explained: What It Means for the Automotive Industry

With the rapid rise of products utilizing AI, IoT, and connected technology, there has been growing concern across all industries of the cybersecurity risks associated with embedded technology. In response, in December 2024, the European Union put into force the Cyber Resilience Act (CRA), aiming to raise the baseline for security for all digital products and solutions sold in the EU.

Though the regulation originated in Europe, its impact will be global, as today’s interconnected market and supply chain crosses borders. Here’s a closer look at the CRA, why it matters, and its implications on the world’s automotive sector.

What is the Cyber Resilience Act?

The CRA is a legal framework that outlines cybersecurity requirements for products (both hardware and software) with digital elements sold within the European Union. The CRA casts a much wider net than requiring cybersecurity for traditional IT systems, covering everything from smart watches, refrigerators, to agricultural vehicles. In fact, the regulation not only applies to the products themselves, but the full lifecycle of IoT and digital products.

The objective of the CRA is to improve consumer safety, build trust in the digital marketplace, and ensure that manufacturers are held accountable for the security of their products. With this overarching regulation, the hope is that the CRA will foster more transparency for the digital ecosystem, ultimately encouraging innovation while still protecting both businesses and consumers from emerging cyber threats.

The CRA mandates a “security-by-design” approach, which means that companies must integrate cybersecurity from design through the end-of-life (EOL). It also requires vulnerability management and updates, along with compliance and documentation.

Key Implications for Industries Utilizing Connectivity

More and more industries are implementing connected technologies into their supply chain, which means the CRA targets a wide range of industries, including defense, IT infrastructure, and robotics/smart factory, to name a few.

Healthcare & Medical Devices: Many healthcare products now boast connectivity and dedicated user support. Products like remote monitoring tools, smart implants, and other medical devices must secure processed data and ensure device integrity.

Smart Manufacturing: Factories often use IoT and smart automation to optimize their factory lines. Networks and real-time operations must protect against cyberattacks that could disrupt industrial processes.

Space & Defense Systems: Satellites and mission-critical technologies must use robust protection to safeguard against cyber threats and protect sensitive operations for national security.

Agricultural Machinery: Like connected vehicles, agricultural transport is becoming much more connected and software-driven, meaning vehicles like autonomous tractors and sensor-based farming equipment must comply with the CRA as well.

CRA: More than the Law

The CRA represents more than just regulation within the EU. It signals a global shift towards mandatory cybersecurity standards for connected solutions, including all types of vehicles. Early preparation will be key, as manufacturers must utilize security-by-design principles from the development stage of all products.

The CRA introduces a risk-based product classification system, allowing a transition period until December 2027 for full compliance.

A lack of cybersecurity resilience increases likelihood of a cyber attack, which can not only lead to operational disruption and financial loss within a company’s supply chain and sales funnel, but can also result in legal ramifications. Non-compliance will result in fines of up to €15 million or 2.5% of global turnover and potential EU market bans, which could also result in a lack of brand awareness or worse, negative brand image.

Why the Automotive Industry Should Care

While most automotive vehicles are excluded from the CRA due to the overlapping nature of the CRA regulations with existing regulations (like the WP.29 R155 and EU General Safety Regulation, GSR), certain automotive components like digital components, aftermarket software, and connected services, as well as vehicles not covered under R155 (like construction or agricultural vehicles) are still subject to the CRA.

Vehicles are complex digital ecosystems, and with more and more technology being embedded into the architecture, compliance will also become more complex. While the details of the CRA are still being worked out, the automotive industry will have to move quickly, as the impacts of the regulation will be wide-ranging. Manufacturers and suppliers can begin by aligning with existing guidelines for cybersecurity resilience in vehicles:

• Standard and Regulation Compliance: Automotive manufacturers will have to ensure that they comply with the existing regulations like UNR-155 and GSR, and are recommended to follow standards like ISO/SAE 21434 when it comes to vehicle architecture and connected platforms.

• Secure OTA Updates: Manufacturers can ensure that their Over-the-Air (OTA) capabilities are secure and efficient, and ensure that vulnerabilities are patched in real-time.

• Regular testing: Testing current architecture for vulnerabilities can be a great starting point to analyze where mitigation is needed.

• V2X security and Security Credential Management Systems: While a Security Credential Management System (SCMS) isn’t explicitly required by the CRA, it can support compliance by demonstrating security best practices.

AUTOCRYPT has been closely involved in cybersecurity regulatory compliance from the early stages, focusing on practical, optimized solutions for manufacturers and suppliers. Our expertise in automotive and IT cybersecurity empowers our partners to seamlessly meet regulatory requirements while strengthening their product reliability, market competitiveness, and maintain a positive brand image.

To learn more about the CRA, click here. To contact our team about how your company can get started with CRA compliance, contact global@autocrypt.io.

15 April, 2025 . 6 mins read

Post-Quantum Cryptography, and the Future of Automotive Cybersecurity

As of late, there’s been a lot of worried and concerned discussion regarding quantum computing. There are concerns that once quantum computers become available, all IT systems will collapse and be hacked; some blockchain enthusiasts worry that cryptocurrencies will become obsolete; governments worry that national security systems may be compromised. Are these valid concerns? In today’s blog, we’ll explore what quantum computers are and what we can do to manage concerns about the future.

What is Quantum Computing?

The modern-day computer uses “bits” as the basic unit, while quantum computers use “qubits.” The key difference is the way that qubits exist. For example, a bit can be a 0 or a 1, but a qubit can be a 0, 1, or both at the same time. Imagine a spinning coin. While spinning, a coin can be both heads and tails. In quantum mechanics, this is called the principle of superposition, and this superposition allows for quantum computers to process many possibilities simultaneously.

Another interesting property of qubits is entanglement. When qubits are “entangled,” the state of one qubit is directly related to the state of another. This means that if a qubit changes its state, it will instantly affect the other. This phenomenon of qubits enables quantum computers to perform complex calculations far more quickly than a computer using bits, which processes information in a linear, sequential manner.

Quantum computers are still in the early stages of development, and larger tech companies have already begun to create and use quantum computers for research and experimentation. Many experts will say that the quantum computers available today have a relatively small number of qubits and are susceptible to errors. However, some are optimistic that the technology will achieve more accuracy and broader use very soon.

What is Post-Quantum Cryptography (PQC)?

While quantum computing holds great promise for solving more complex problems, it also presents a great risk. If misused, quantum computers could, in theory, break encryption methods that secure sensitive data like personal communications, banking transactions, and even confidential government data.

This is why the development of Post-Quantum Cryptography is crucial to safeguard against this potential threat.

Post-quantum cryptography (PQC), in simple terms, refers to cryptographic algorithms that are secure even in quantum computing environments. Unlike the traditional cryptographic systems we use today, such as RSA or ECDSA, PQC algorithms rely on mathematical structures that quantum computers are less likely to break, such as lattice-based, hash-based, code-based, or multivariate polynomial-based.

Developing PQC for different use cases is essential because if we wait until quantum computing reaches supremacy, it could quickly render current cryptographic systems obsolete, leaving data vulnerable. The transition to PQC should begin now, as preparing for a quantum future will require proactive effort to ensure cybersecurity frameworks remain intact and resilient.

PQC Standardization and Regulatory Development

In 2016, the National Institute of Standards and Technology (NIST) launched a competition to standardize PQC. Researchers from all over the world submitted algorithms and through several rounds, 82 proposals were reviewed and in 2022 four algorithms were chosen: SPHINCS+, CRYSTALS-DILITHIUM, CRYSTALS-KYBER, and FALCON. They are incorporating these standards into the Federal Information Processing Standards (FIPS) document, and additional rounds will likely select new algorithms for digital signatures or other uses.

In April 2024, the European Commission published a recommendation for member states to develop a strategy for implementing PQC, which would define clear goals and timelines for the implementation. This has led several workstreams and think tanks to actively participate in developing and implementing PQC into the European digital infrastructure.

In 2022, the U.S. passed the “Quantum Computing Cybersecurity Preparedness Act,” which included a federal mandate for federal agencies to transition to PQC. The NSA announced that by 2035, all national security systems should implement PQC.

In South Korea, the transition to PQC is being actively addressed by the National Intelligence Service and the Ministry of Science and ICT. They released their roadmap for transitioning to quantum-resistant cryptographic systems in 2020, and the roadmap was designed to span over a 15-year period, setting the goal of fully integrating PQC by 2035.

PQC in Automotive Cybersecurity

The global implementation of PQC roadmaps is ongoing, and use cases can vary across governments and organizations, but one of the most important areas is the automotive industry. As modern vehicles are increasingly becoming software-centric, vehicle architecture is becoming increasingly sophisticated, integrating advanced connectivity features like OTA updates and V2X communications. These advancements enable smarter and more convenient mobility but also create a myriad of cybersecurity challenges if the vehicle architecture is breached, as many of the cryptographic methods were designed for more traditional computing environments.

However, though regulations and standards do not yet mandate its implementation, manufacturers, suppliers, and solution providers in the industry have already begun to explore and evaluate PQC implementation:

NXP Semiconductors is developing quantum-resistant firmware updates for vehicle applications

Vodafone is testing PQC-secured VPNs, which is focused more on network security, but the company states it could be extended to connected vehicle applications

LG U+ showcased its PQC-based applications like secure digital keys and infotainment systems at CES 2023, and continues to develop quantum-resistant technology for network and cellular applications

As with traditional IT systems, once quantum computing reaches supremacy, vehicle systems could be vulnerable to attacks. Transition to PQC before quantum computing reaches practical implementation is crucial, as many worry that bad actors could already be stockpiling encrypted automotive data, waiting for quantum computing to enable them to decrypt, a long-term attack strategy known as “Harvest Now, Decrypt Later” (HNDL).

Preparing for the Post-Quantum Future

While there’s no way to know when quantum computers will reach practical supremacy, one thing is clear: the transition to PQC is no longer a theoretical need but an urgent necessity, especially in–vehicle applications.

However, transitioning to PQC–based solutions comes with its own set of challenges. PQC algorithms require a greater amount of computational power, which can be a concern for existing automotive hardware. This is why early testing, standardization, and collaboration will prove to be invaluable for realistic integration.

The dilemma is not whether we should implement PQC but how quickly we can make it a reality. The automotive sector has a lot of work to do, and security solutions providers like AUTOCRYPT are on track to ensure that the transition happens efficiently and securely.

To stay informed about the latest news on mobility tech and software-defined vehicles, read our blog for more technology insights or subscribe to AUTOCRYPT’s monthly newsletter.

21 March, 2025 . 2 mins read

AUTOCRYPT Launches India-Compliant V2X Security Certification System, Expanding Global Reach

AUTOCRYPT becomes the only company to support V2X security standards across North America, Europe, China, Korea, and India.

AUTOCRYPT, a leading automotive cybersecurity company, announced its successful development of its India-compliant V2X (Vehicle-to-Everything) security certification system, optimized for cloud-native environments. The system is now in delivery to Indian automotive manufacturers, further expanding the company’s global footprint in the V2X landscape.

As the only company worldwide that supports all major V2X security credential management system standards, including North America (US-SCMS), Europe (EU-CCMS), China (C-SCMS), Korea, and now India, AUTOCRYPT continues to set new industry benchmarks. This achievement not only marks the company’s entry into an emerging market, but also validates its expertise in V2X security technology.

The global V2X market is projected to grow and amid this changing landscape, Indian automakers and suppliers have made their presence known. India is increasing its demand for robust V2X technology as a key component in its smart city initiatives.

“India is the world’s fourth-largest automotive producer, with nearly 6 million vehicles manufactured in 2024. The Indian market represents a key opportunity for growth, but this also means that ensuring security and compliance will be critical,” said Seokwoo Lee, CEO of AUTOCRYPT. He continued, “With extensive expertise across V2X security deployment for multiple regulatory requirements, we are committed to advancing and playing a key role in India’s V2X ecosystem.”

AUTOCRYPT most recently showcased its technological capabilities to DOT and industry leaders in Wyoming, successfully demonstrating V2X interoperability. AUTOCRYPT is well-positioned to ensure compliance with India’s security and type approval standards, allowing automotive manufacturers to seamlessly integrate secure V2X communications into vehicles.

Learn more on how AUTOCRYPT secures V2X communications by contacting global@autocrypt.io.

About Autocrypt Co., Ltd.

AUTOCRYPT is the industry leader in automotive cybersecurity and connected mobility technologies. The company specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and mobility platforms, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides consulting and testing services along with custom solutions for UN R155/156 and ISO/SAE 21434 compliance.