NAIROBI, KENYA – Wednesday, 5 November 2025, 7:59 PM (EAT) – An urgent security investigation in Denmark and Norway has revealed that hundreds of Chinese-manufactured electric buses have a software vulnerability that could allow them to be remotely deactivated, a development with significant implications for Kenya's burgeoning e-mobility sector.

Transport authorities in Europe are scrambling to address the security loophole found in electric buses made by Yutong, a major Chinese manufacturer. The issue was first identified by Norway's public transport authority, Ruter, which discovered that the manufacturer retained remote access to the vehicles' control systems for software updates and diagnostics. In a controlled test, Ruter confirmed this access could theoretically be exploited to immobilize the buses while in transit. Bernt Reitan Jenssen, Ruter's chief executive, stated on Wednesday, 5 November 2025, that the testing revealed risks requiring national-level intervention.

In Denmark, the country's largest public transport company, Movia, operates 469 Chinese electric buses, 262 of which are Yutong models. While Danish authorities have stated there are no known cases of malicious deactivation, they acknowledged that the vehicles' internet-connected subsystems, including GPS, cameras, and microphones, represent potential vulnerabilities. Yutong has stated that it strictly complies with local laws and that its EU data is securely stored in Frankfurt.

Implications for Kenya's E-Mobility Ambitions

This European security alert resonates deeply in Kenya, where Chinese technology is the backbone of a rapid transition to electric public transport. Nairobi-based startup BasiGo, a key player in the country's electric bus rollout, has partnered with several Chinese manufacturers, including BYD and CHTC, to assemble vehicles locally. The company aims to have 1,000 electric buses on Kenyan roads by the end of 2025, a plan heavily reliant on Chinese components and vehicle kits.

While Yutong is not currently the dominant brand in Kenya's matatu sector, the issue highlights a systemic risk. The vulnerability is not unique to one manufacturer but is inherent in many modern, internet-connected vehicles that allow for remote "over-the-air" updates. As Kenya's government actively promotes e-mobility to reduce its petroleum import bill and cut emissions, the reliance on foreign-controlled software and hardware for critical public infrastructure is now under scrutiny.

The Kenyan government's national e-mobility policy aims for at least 5% of all registered vehicles to be electric by 2025. This push is supported by investments from multiple Chinese EV companies, such as Chery's planned $20 million assembly plant in Nairobi. Furthermore, the long-delayed Nairobi Bus Rapid Transit (BRT) system is expected to heavily feature electric buses, with the government actively seeking suppliers.

A Question of Technological Sovereignty

The situation in Denmark and Norway serves as a critical case study for Kenyan policymakers and transport authorities. The core issue is one of technological sovereignty and the potential for disruption of essential services. As vehicles become more integrated with digital systems, the risk of external interference—whether from manufacturers, state-actors, or malicious hackers—grows significantly.

Cybersecurity experts have repeatedly warned about the risks associated with embedding foreign technology in a nation's critical infrastructure. A 2021 INTERPOL report noted that Kenya experienced 72 million cyber threat detections, with critical infrastructure becoming increasingly vulnerable. The potential for a foreign entity to access and control a significant portion of a city's public transport fleet presents a clear national security concern.

Norwegian authorities found that removing the buses' SIM cards could prevent remote deactivation but would also disable other vital systems, illustrating the deep integration of this technology. As Kenya proceeds with its BRT system and the wider electrification of its 22,000-strong matatu fleet in Nairobi, it faces a crucial challenge: how to embrace the benefits of modern, clean transportation without compromising control over its own infrastructure. Ruter's chief executive warned that the next generation of buses will be even "more integrated and harder to secure," a stark reminder for Nairobi to build robust security and oversight requirements into its procurement and technology partnership agreements.