1、 Connected and Automated Vehicles 30 January 2026 EU Coordinated Risk Assessment P a g e 2|38 Executive summary This is a coordinated Union level security risk assessment of connected and automated vehicles(CAVs)and their supply chains carried out under Article 22 of the NIS2 Directive by the Networ
2、k and Information Systems(NIS)Cooperation Group in cooperation with the European Commission and ENISA.The primary objective of this report is to provide a comprehensive overview of the cybersecurity risks and their consequences,as mitigating measures which are considered necessary to efficiently add
3、ress them.As digitalisation and connectivity spread through the automotive sector,CAVs are increasingly being used in the EU.CAVs offer numerous potential benefits,including improved road safety by reducing human error and their contribution to environmental sustainability through more efficient dri
4、ving patterns and reduced emissions.However,CAVs also come with new and significant cybersecurity risks.CAVs process troves of personal and sensitive data,making them potential targets or vectors for surveillance and espionage and in possibly allowing even for their weaponisation.Member States,the C
5、ommission and ENISA identified and assessed 107 risks associated with CAVs,of which 14 are identified as top risks.The assessment expounds on each risk,reviewing related incidents,existing scientific literature and existing measures in place for each of the top-ranking risks.The assessment identifie
6、s vehicle control systems and processing and decision-making systems are particularly critical asset groups.Attacks on these asset groups are linked to severe consequences,including loss of life and significant material damage.Communication and connectivity systems,as well as cloud and backend syste