Indian Automotive Regulatory Landscape 2026: Key Standards Every EV OEM Must Prepare For

Modern vehicles carry over 200 million lines of code; Level 5 autonomous vehicles will require close to 1 billion (ARAI/Alpinum Consulting, 2025). This software complexity has made regulatory frameworks more exacting, not less. For Indian EV OEMs in 2026, the compliance landscape is no longer forward-looking. Several critical standards are already in force, key deadlines fall this calendar year, and missing them means delayed homologation, blocked market access, and direct safety liability. This is a practical guide to what every Indian EV program must have on its compliance roadmap right now.

1. Battery Safety: AIS-038 Rev.2 and AIS-156

Already mandatory since December 2022, these standards form the non-negotiable foundation of India’s EV safety framework. AIS-038 Rev.2 governs traction battery safety for M and N category vehicles; AIS-156 covers L category 2-wheelers, 3-wheelers, and quadricycles. Both mandate thermal runaway propagation testing, IPX7 water ingress protection, RFID battery traceability, and a microprocessor-based BMS with full cell-level protections. AISC issued a fourth revision of AIS-038 Rev.2 in August 2024 with updated active parallel circuit requirements, now mandatory. Compliance is a prerequisite for CMVR Type Approval and market entry.

ElectRay’s ZEVonUDS Stack delivers AUTOSAR-compliant EV diagnostics purpose-built for BMS ECUs in AIS-038 and AIS-156 regulatory contexts, while ElectRay’s Cybersecurity and Functional Safety services support ASIL-level assessments aligned with both standards and ISO 26262.

2. CMVR Type Approval: AIS-049 and Performance Standards

AIS-049 Rev.1 is the regulatory gate every new EV model must pass at ARAI or ICAT before production can begin, typically taking 4 to 6 months. Non-compliance can result in fines up to Rs.15 lakh, vehicle impoundment, and production halts. Alongside AIS-049, OEMs must demonstrate compliance with AIS-039 (energy consumption), AIS-040 (range), and AIS-041 (net and 30-minute maximum power), which together define the complete performance envelope an EV must satisfy before sale.

ElectRay’s Vehicle Diagnostics services and Secure Flash Bootloader directly support homologation-readiness at the ECU level, ensuring diagnostic and flashing infrastructure is production-grade before ARAI or ICAT submission.

3. Cybersecurity: AIS-189 and AIS-190

These are now active mandates, not horizon planning. AIS-189 (Cybersecurity Management System, modelled on UNECE R155) is effective for new vehicle types from October 1, 2025, and for all vehicle types from October 1, 2028. It mandates a certified CSMS covering the full vehicle lifecycle, from secure architecture design through post-production threat monitoring and incident response.

AIS-190 (Software Update Management System, modelled on UNECE R156) is a distinct and equally demanding mandate. It requires OEMs to implement secure OTA mechanisms, validate every software update before deployment, and maintain version traceability for up to 10 years across all ECUs, suppliers, and platforms. Building a compliant CSMS takes an average of 30 months (PwC India, 2025). For OEMs not already underway, that window is closing. Fleet buyers and government tenders are already screening for AIS-189/190 readiness as a procurement condition.

ElectRay’s FOTA Solution is architected with secure OTA and software update management principles aligned with AIS-190 and ISO 24089, while ElectRay’s Automotive Cybersecurity engineering services support ISO/SAE 21434-aligned CSMS development for AIS-189 compliance.

4. ADAS Mandate: AIS-162, AIS-184, AIS-186, AIS-187, AIS-188

MoRTH notification GSR 184(E) dated March 2025 mandates a full ADAS suite for M2, M3 (buses) and N2, N3 (trucks) categories, not just a single system. From April 1, 2026 for new models and October 1, 2026 for existing models, these vehicles must include all five of the following:

• AIS-162: Advanced Emergency Braking System (AEBS), active from 25 km/h, with collision warning 0.8 to 1.4 seconds before braking activation
• AIS-184: Driver Drowsiness and Attention Warning System, using cabin cameras, lane detection, and Karolinska Sleepiness Scale assessment
• AIS-186: Blind Spot Information System for detection of cyclists and vulnerable road users during turning manoeuvres
• AIS-187: Moving Off Information System for detection of pedestrians and cyclists during straight manoeuvres from standstill
• AIS-188: Lane Departure Warning System with audio-visual alerts for unintended lane changes

Each system must communicate across the vehicle’s E/E network and be integrated with existing ECU architectures. OEMs deep into 2026 development cycles that have not already incorporated these systems face significant late-stage integration cost and timeline risk.

ElectRay’s Software and E/E Architecture Integration services support OEMs adding ADAS-related features to existing commercial EV platforms, managing network integration across CAN, CAN-FD, and Ethernet domains without disrupting production programs.

5. Functional Safety: ISO 26262

ISO 26262 is not yet explicitly named in India’s CMVR, but is functionally mandatory in practice: required by OEMs and Tier-1 suppliers as a condition of program entry, aligned with AIS-038 Rev.2, and a prerequisite for European and Asian export markets. ASIL classification for BMS, motor controllers, and braking ECUs is non-negotiable for any credible EV safety case.

ElectRay’s Functional Safety engineering team delivers ISO 26262-aligned HARA, ASIL decomposition, and safety-case documentation, de-risking homologation at ICAT and ARAI and ensuring defensibility in both Indian and global regulatory contexts.

6. Charging Infrastructure: IS 17017 and AIS-138

IS 17017, mandated by BIS for all chargers sold or imported in India and harmonised with IEC 61851 and IEC 62196, is the regulatory backbone for EV charging systems. It covers four power levels aligned to vehicle segment: low-power AC for 2W and 3W platforms, standard AC and DC for passenger EVs and LCVs, and ultra-high-power DC exceeding 250 kW for electric buses and trucks. IS 17017-Part 24 governs digital communication between the EV and DC supply equipment. Where CCS2 is deployed, IS 15118 defines the vehicle-to-charger communication protocol and underpins plug-and-charge and future V2G capability. AIS-138 (Part 1 for AC, Part 2 for DC) is harmonised with IS 17017 and defines the on-vehicle interface requirements for conductive charging across 2W, 3W, and 4W platforms.

These standards directly affect vehicle-side ECU software. The OBC and charge port controller ECUs must handle charge request messaging, current limit negotiation, authorisation, and connector lock status reliably over CAN or PLC protocols. With 29,277 public charging stations across India as of August 2025 (Ministry of Power, 2025), yet a vehicle-to-charger ratio still well below the global benchmark, interoperability faults at the vehicle-charger interface are a real-world diagnostic challenge OEM software teams must design for from the start. BIS certification under IS 17017 is also mandatory for subsidy eligibility under FAME and state EV policies, making this a commercial gate, not just a safety exercise.

ElectRay’s UDS Stack provide diagnostic coverage of OBC and charge port controller ECUs, ensuring charging communication parameters are monitored, versioned, and fault-managed throughout the vehicle lifecycle. The Secure Flash Bootloader ensures authenticated firmware updates for OBC and charge port ECUs in both production and field environments, while the FOTA Solution enables secure over-the-air firmware delivery to charging-related ECUs as interoperability standards and charge protocols evolve post-homologation.

7. Three More Standards to Watch

These are not yet fully mandatory but are actively shaping Indian EV program decisions right now:

• AIS-153 (Bus Body Code, mandatory September 2025): Covers safety, NVH limits, fire suppression systems, emergency exits, lighting, and certification for bus body builders. Already in force and directly relevant to electric bus OEMs integrating body systems with EV powertrain architectures.
• Battery Swapping Standards (BIS, in development): BIS has initiated dedicated standards for swappable battery systems covering form factor, interoperable connectors, BMS-to-EV communication, and network management. Applicable to 2W and 3W OEMs exploring swappable battery platforms; worth tracking for program planning.
• IS 15118 (Plug-and-Charge and V2G Communication): Governs secure vehicle-to-charger communication for plug-and-charge and bidirectional V2G capability. As India moves toward smart charging and grid integration, IS 15118 will become a vehicle-side ECU engineering requirement, particularly for passenger EVs and commercial fleet depot charging.

Across all three areas, ElectRay’s UDS and ZEVonUDS Stack, Secure Flash Bootloader, and Automotive Cybersecurity and E/E Architecture Integration services provide the ECU-level diagnostic, authentication, and integration capabilities that OEMs will need as these standards move from development to mandatory implementation.

The 2026 Compliance Timeline at a Glance

Every Indian EV OEM should have the following dates fixed on their program calendar:

• Already mandatory: AIS-038 Rev.2 / AIS-156 (Battery Safety, since December 2022; fourth revision August 2024 now in force)
• Already mandatory: IS 17017 / AIS-138 (EV Charging Infrastructure and On-Vehicle Charging Interface; BIS certification mandatory for all chargers sold in India)
• Already mandatory: AIS-153 (Bus Body Code, mandatory since September 2025; fire systems, NVH, safety and certification for electric bus body builders)
• Already in force: AIS-189 (Cybersecurity CSMS, effective October 2025 for new vehicle types)
• April 1, 2026: Full ADAS suite (AIS-162, 184, 186, 187, 188) mandatory for new M2, M3, N2, N3 models
• October 1, 2026: Full ADAS suite mandatory for all existing M2, M3, N2, N3 models
• October 1, 2028: AIS-189 and AIS-190 effective for all vehicle types

Regulatory compliance is not a box-ticking exercise at the end of a program. It is a software architecture decision made at the beginning. OEMs that embed AIS-038 BMS requirements, ISO 26262 ASIL classification, and AIS-189/190 cybersecurity controls from day one will move through homologation faster and into a market that increasingly treats compliance as a commercial gate.