The automotive sector is currently experiencing a profound shift towards software-defined vehicles (SDVs) with cloud-based operating platforms and over-the-air (OTA) updates becoming standard. According to recent forecasts by multiple studies, SDVs are expected to account for most vehicles sold by the end of this decade. This transformation is driving significant R&D efforts as legacy companies look to remain competitive in an increasingly digital era. According to estimates by Deloitte, investments in the design and development of SDVs reached over US$4 billion in 2024. OEMs are also prioritising investments in digital technologies such as artificial intelligence (AI), machine learning (ML), digital twins, and internet of things (IoT), as they assume critical importance in augmenting vehicle intelligence, personalisation, and autonomous driving capabilities.
This evolution has enabled novel opportunities for data monetisation, with additional revenues available to suppliers expected to grow to around US$700 billion by 2035. Monetising features such as better navigation, infotainment, and safety functions gives OEMs an opportunity to diversify their revenue streams beyond traditional vehicle sales. The key monetisation strategies being employed by SDV OEMs include features as a service, services around a vehicle, and data monetisation.
Even though the shift towards SDVs brings unprecedented opportunities for innovation, monetisation, customer experience, and operational efficiency, it also exposes manufacturers and suppliers to a rapidly evolving cyber threat landscape. In fact, the complexity of achieving comprehensive cyber security has already increased to such a level that even large OEMs are struggling to keep up with evolving threats. According to a 2024 Gartner study, vehicle cyber threats have increased by 600% over the past four years, with attacks now targeting everything from infotainment systems to remote vehicle takeovers and critical ECUs. Therefore, SDV manufacturers have started adopting novel technologies, processes, and business models to curb costs, while ensuring vehicle safety and security. These include edge AI, cyber security standards such as ISO 21434 and UNECE R155/R156, cyber security management systems (CSMS), the zero-trust model, and adherence to security by design principles.
AI and edge computing are by far the most suitable solutions that OEMs are increasingly adopting to detect and respond to threats autonomously, reducing dependency on the cloud and lowering operational costs. Notably, the AI-based cyber security is projected to be a US$135 billion market by 2030.
Compliance Updates
International automotive cyber security regulation is becoming increasingly harmonised and comprehensive, shaping compliance requirements and product development strategies. The foundation is laid by ISO 21434, which mandates end-to-end cybersecurity risk management throughout the vehicle lifecycle, from concept to decommissioning. Compliance is now a prerequisite for market access in most regions, with a second edition expected by 2028 to address evolving threats. Complementing this, UNECE R155/R156 regulations require all vehicles produced from July 2024 onward to incorporate Cyber security Management Systems (CSMS) and Software Update Management Systems (SUMS). Special-purpose and small-series vehicles must comply by July 2026.
At a broader digital product level, the EU Cyber Resilience Act (CRA) expands obligations for secure software development, vulnerability handling, and incident reporting for connected vehicles. This is reinforced by the updated Product Liability Act, which holds OEMs accountable for software defects and cybersecurity breaches, with only limited legal exemptions.
Meanwhile, China's GB 44495 regulation integrates elements of ISO 21434 and UNECE R155 but adapts them to national priorities, forming a localised cyber security framework with mandatory compliance.
Strategic Focus Areas
To meet growing consumer demand for faster vehicle delivery without compromising product integrity and security, OEMs are adopting agile, parallel development models like “shift-left” and “software-first.” These allow software to be developed and tested virtually before hardware is finalised, significantly accelerating time-to-market. Central to this transformation is the integration of AI into daily product development. AI models are now embedded throughout the software lifecycle, from code generation and static analysis to real-time anomaly detection, enhancing cyber security by continuously assessing vulnerabilities, performing predictive diagnostics, and enabling secure over-the-air (OTA) updates.
AI’s role is even more critical in autonomous vehicles, where machine learning and deep learning algorithms improve sensor data interpretation, support real-time threat detection, and ensure secure decision-making under unpredictable conditions. AI is also optimising cost and development time. GenAI-powered simulations that replicate real-world driving scenarios significantly reduce dependence on costly road testing. IBM estimates that these efficiencies could potentially shorten launch timelines by 21% and enhance productivity by nearly 40%.
These technologies also strengthen the safety of advanced driver assistance systems (ADAS) and automated driving, from AI-driven sensor fusion to platforms like Nvidia’s DRIVE AGX. Supporting this is a transition from domain-centric to zonal-centric architecture, which simplifies wiring, reduces weight, and improves OTA update performance. Tesla and Volkswagen have leveraged zonal designs to halve production time and boost efficiency.
These advancements, from faster delivery and AI integration to enhanced safety architectures, are reshaping how value is delivered to the end user. Consequently, consumer perception is evolving, and buyers are increasingly willing to pay a premium for SDVs, not only for their intelligent features but for ongoing updates, better security, and a seamless digital experience. This shift is unlocking new monetisation avenues for OEMs through subscriptions, feature unlocks, and data services.
Future Prospects
The SDV industry is poised for exponential growth, driven by advancements in AI, 5G connectivity, and edge computing. By 2030, nearly 90% of vehicles are expected to feature software-defined architectures, reshaping the competitive landscape. Leading OEMs have already announced an ambitious SDV pipeline, including Hyundai’s global SDV rollout by 2030, Volkswagen’s Golf and Audi A4 e-tron by 2028–2029, and Scout Motors’ zonal-architecture-based Traveler and Terra models in 2028. Other anticipated launches like the Lexus LF-ZC, Volvo EX60, and Tata’s Avinya indicate strong momentum across Asia, Europe, and North America.
Cyber security will remain a critical differentiator, with prospects centred on quantum-resistant algorithms, AI-powered threat intelligence, and real-time system resilience. Regulatory alignment across global markets will intensify, compelling OEMs to embed cyber security from design through decommissioning. With evolving customer expectations and increasing willingness to pay for digital features, SDVs are set to become platforms for continuous innovation, personalised mobility, and recurring revenue models.
To read the full report, click here.