The expansion of Chinese electric vehicles (EVs) in Brazil continues to accelerate, fueling growing concerns related to cybersecurity and the possible dual-use — civilian and strategic — nature of the technologies integrated into these vehicles. Unlike traditional automobiles, modern EVs increasingly function as mobile digital platforms capable of collecting, processing, and transmitting vast amounts of sensitive data in real time.
“In many cases, consumers know the vehicle is connected, but they do not clearly understand what data is generated, why it is transmitted, how long it is stored, or with whom it is shared,” Thiago Guedes, CEO of DeServ, a Brazilian company specializing in information security and data privacy, told Diálogo.
Chinese hybrid and electric vehicles already occupy a dominant position in the Brazilian market. According to the Brazilian Electric Vehicle Association (ABVE), Brazil registered 223,912 electrified light vehicles in 2025. During the same year, BYD registered 112,915 units in the country, equivalent to nearly 50 percent of that market. The company has also provided vehicles to Brazilian institutions ranging from the Presidency of the Republic to the Chamber of Deputies and the Superior Court of Justice, increasing concerns among security specialists about potential access to sensitive data related to the movements, routines, and activities of Brazilian authorities and politicians.
According to experts, the growing dependence on Chinese technology is already creating vulnerabilities in strategic sectors, including critical infrastructure, logistics systems, and sensitive areas linked to national security. Concerns are further intensified by China’s 2017 National Intelligence Law, which requires companies and citizens to cooperate with state intelligence services when requested. Added to this is the heavy reliance of Chinese EVs on remotely updated software, increasing exposure to cyberattacks, digital intrusions, and potential acts of digital sabotage.
Cybersecurity specialists also warn that Brazil still lacks a sufficiently robust regulatory framework to address the risks associated with highly connected vehicles. Although the country has data protection legislation, significant gaps remain regarding independent software audits, local storage of sensitive data, cybersecurity standards for smart vehicles, and restrictions on the use of connected automobiles within government institutions or strategic sectors.
Access to geospatial data
Among the latest Chinese companies to enter the Brazilian market was Jetour, which in March stated that it is evaluating the possibility of establishing local vehicle production in the country. Its electric models are equipped with advanced connectivity systems based on sensors, cameras, radars, and over-the-air (OTA) software updates.
Among these models, the Jetour 2 uses an intelligent all-wheel-drive system called “Fully Automatic Intelligent XWD,” designed to automatically adapt the vehicle to different terrain conditions. The system analyzes surfaces such as mud, sand, snow, or dirt roads and autonomously selects the most appropriate configuration while continuously collecting environmental data.
Privileged access to detailed geospatial data also carries broader strategic implications for Brazil. Information related to logistics routes, rural infrastructure, export corridors, mobility patterns, and territorial transformations can contribute to building a highly detailed map of sectors critical to the Brazilian economy and national security.
In a country where agribusiness, ports, and export supply chains hold strategic importance, the large-scale collection of territorial data through foreign technological platforms is generating growing concerns regarding technological dependence, data sovereignty, and exposure of sensitive infrastructure.
Digital surveillance
The evolution of cameras and sensors installed on the exterior of EVs — which, compared to internal systems, possess a much greater capacity for data storage and transmission — has also increased risks associated with potential surveillance operations. It is no coincidence that China itself restricts the use of foreign EVs in sensitive areas, implicitly recognizing the potential use of these technologies for espionage activities.
“Extended access […] to camera-captured data almost in real time could allow detailed mapping of critical infrastructure,” warned Chris Miller, nonresident senior fellow at the American Enterprise Institute in Washington, during his April testimony before the U.S.-China Economic and Security Review Commission.
A recent investigation conducted by Norwegian cybersecurity expert Tor Indstøy also revealed that some EV models from the Chinese company NIO, available in Brazil as well, are equipped with external cameras capable of facial recognition and license plate reading. The study also concluded that nearly 90 percent of the data collected by these vehicles is transmitted to China, even when the car appears to be turned off. In addition, around 70 percent of communications are encrypted, making it extremely difficult to verify what information is actually being transmitted.
Cyberthreats
In addition to the risks of espionage and the collection of sensitive data, security experts warn that the growing spread of Chinese EVs could also expose Brazil to cyberattacks and large-scale sabotage operations due to the increasing dependence on software that controls essential functions ranging from navigation systems to battery management.
According to Guedes, “the risks increase with OTA software updates, meaning remote updates via wireless connection, which expand the attack surface and the ability to collect data.”
These software systems allow manufacturers to remotely modify vehicle behavior. A compromised or malicious update could alter vehicle performance, limit functionalities, or even completely disable the vehicle. Experts’ concerns are also growing due to the integration into vehicles of dual-use technologies — usable for both civilian and strategic purposes — originating from Chinese companies such as Huawei and Hikvision, both of which have already been involved in international controversies related to security and surveillance.
Particularly sensitive are Battery Management Systems (BMS), software platforms that control the safety and operation of electric batteries. When modifiable through remote updates, these systems could be used to block vehicle operations or trigger dangerous malfunctions, including battery fires. Norwegian researchers recently discovered that the Chinese manufacturer of batteries used in some electric buses operating in Norway maintained extensive remote-access capabilities over the system, including functions that, according to researchers, would allow limiting or even disabling certain vehicle operations remotely.
According to Guedes, the possibility of disabling vehicle fleets, compromising security systems, or accessing cameras, microphones, and personal data makes it necessary for Brazil to strengthen its data protection and cybersecurity standards. “A formal plan is needed to respond rapidly to possible cyberattacks or data breaches,” he warned.
With the growing integration of electric mobility, mass data collection, and remote connectivity, specialists warn that the rapid expansion of Chinese electric vehicles is no longer merely a commercial or technological issue. Without stricter controls, independent audits, and stronger digital-security guarantees, Brazil risks incorporating strategic vulnerabilities directly into its transportation networks, public institutions, and critical infrastructure.
