On July 15, the Senate Commerce Committee will sit down in Room SR-253 and vote on a bill that sounds like just another round of China trade posturing but is actually a fight over who gets to write the code running your car. The Connected Vehicle Security Act of 2026, introduced by Sen. Bernie Moreno (R-Ohio) and Sen. Elissa Slotkin (D-Michigan), is scheduled for markup as part of the committee’s 23rd executive session of the year, sandwiched between unrelated aviation and broadband bills. Twenty senators have signed on as cosponsors so far.
Strip away the headline and the bill is narrower than “no Chinese cars,” though that’s the shorthand everyone’s using. It targets connected vehicles and the specific software and hardware tied to China, Russia, Iran, or North Korea, including anything routed through joint ventures or entities those governments control. The hardware in question isn’t the engine or the suspension, it’s the vehicle connectivity system: the telematics control unit, cellular modem, and GPS module that let a modern car phone home. That’s the only part of a vehicle with an active, always-on link to a server outside the country, which is exactly why it’s the piece lawmakers want under control rather than the whole car.
The bill splits its ban into two clocks. Software tied to a foreign adversary would be prohibited starting in 2027, with hardware following in 2030. That gap isn’t arbitrary. Code can be rewritten and pushed out in an over-the-air update cycle measured in months, but swapping a physical supplier for telematics hardware means requalifying parts, rewriting contracts, and rebuilding a supply chain that took years to establish. Giving hardware three extra years is Congress admitting that automakers can’t rewire a global parts network overnight, even one Washington has decided it no longer trusts.
None of this is starting from scratch. The Commerce Department’s Bureau of Industry and Security already finalized a rule banning the same connectivity hardware and software from China and Russia, published in January 2025 and in effect since that March, using authority from a 2019 executive order and emergency economic powers law. What the Moreno-Slotkin bill does is take that agency rule and weld it into statute. That distinction matters more than it sounds. An agency rule lives and dies by whoever runs the executive branch; a future Commerce Secretary could narrow it, pause it, or rewrite it without asking Congress. A law requires an act of Congress to undo, a much higher bar, and the whole point of a bipartisan Ohio Republican and Michigan Democrat teaming up to lock it in before any administration gets cold feet on China policy.
The list of groups cheering the bill tells its own story. UAW President Shawn Fain backed it as a way to put “common sense guardrails” on a threat to organized auto labor. General Motors issued a statement of support. So did the CAR Coalition, the trade group representing the automotive aftermarket parts industry, which has its own reasons to care: aftermarket telematics units, infotainment retrofits, and replacement modules increasingly come from the same global electronics supply base this bill is trying to wall off. When the union, an automaker, and the parts aftermarket all show up in the same press release, that’s a bill with very little organized opposition left standing.
Here’s the part that gets lost in the “banning Chinese cars” framing: American showrooms don’t currently sell Chinese-brand vehicles in any real volume, thanks to steep tariffs already stacked on Chinese-made vehicles and EVs. Enthusiasts have mostly encountered machines like BYD’s Yangwang U8 as an internet curiosity rather than a dealership option. What this bill actually closes is the side door: the version of a Chinese-connected vehicle that shows up wearing a joint-venture badge, gets assembled in a third country, or ships with a Chinese-sourced telematics module bolted into an otherwise unrelated vehicle. It’s a supply-chain law dressed up as a trade ban.
If you’re driving anything built before these compliance dates, none of this touches your car. The bans are prospective, tied to model years and import dates, and the civil enforcement lands on manufacturers and importers, not owners. But it’s worth filing this next to the ongoing fight over software-locked vehicles and repair rights, because both stories are really about the same question: who controls the code running underneath you, and how much say you get in that arrangement.
Slotkin’s pitch for the bill leans hard on the idea that connected cars are “surveillance packages on wheels,” collecting geolocation and driving data a foreign government could access. That’s not a hypothetical worry confined to Beijing. Anyone who followed the Milwaukee officer caught running a woman’s plate 179 times already knows vehicle location data is a live privacy problem no matter which government or department is doing the collecting. The bill’s authors are betting voters find the foreign-adversary version of that risk easier to act on than the domestic one.
A committee vote isn’t a finish line. Even if the Commerce Committee advances S.4429 next week, it still needs a full Senate floor vote, and the House companion bill has to clear three separate committees, Energy and Commerce, Ways and Means, and Foreign Affairs, before the two chambers can reconcile their versions. Bipartisan sponsors and an unusually unified industry coalition make this one of the more plausible pieces of automotive legislation moving through this Congress, but plausible and scheduled have never meant the same thing on Capitol Hill.
