All Articles

At 7:15 in the morning, you unlock your EV scooter, familiar with its quirks, the startup lag, the way it grips a wet road. Overnight, something changed. Not the firmware, but the intelligence layer shaping how it responds, recommends, and intervenes.

Now your navigation weighs traffic, battery, weather, and riding history before suggesting a route. Your safety system adjusts sensitivity during monsoons based on fleet learning. Your behaviour feeds into a risk profile that could influence insurance or servicing.

Individually, these shifts seem minor. Together, they mark a turning point: over‑the‑air updates are evolving from software maintenance into behavioural adaptation. This is OTA 2.0, a fundamentally different governance challenge.

Traditionally, OTA meant deterministic updates: software changes, performance improvements, engineers audit code, regulators treat it as conventional software. Standards like UNECE WP.29 and ISO/SAE 21434 address cybersecurity, but still assume predictable, auditable systems. Adaptive AI breaks that assumption.

AI in mobility now spans a spectrum, from rule‑based assistants that recommend, to adaptive systems that learn, to autonomous frameworks that decide in safety‑critical moments. Most vehicles today remain assistive or adaptive, but the trajectory is clear: mobility is becoming continuously shaped by data, retraining cycles, and probabilistic decision‑making.

And it changes the nature of over‑the‑air governance entirely. While traditional software updates modify code, adaptive AI systems can modify behaviour. The same system may respond differently tomorrow based on changing environmental conditions, updated models, accumulated fleet data, or evolving optimisation priorities. That distinction matters because governance frameworks designed for static software are poorly suited for adaptive systems operating in the physical world.

Why This Is a Structurally Different Risk

The debate around AI in mobility often gets framed in terms of abstract “risk,” but the real challenge lies in the concrete gaps that emerge when adaptive intelligence meets scale in public environments. India’s mobility ecosystem, anchored by hundreds of millions of riders, illustrates how quickly technical progress collides with questions of consent, liability, cybersecurity, and data governance. These gaps are not theoretical; they define the boundaries of trust, accountability, and resilience in the agent layer of connected mobility.

The first of these is the Consent Gap. For nearly 300 million two‑wheeler riders, a scooter is not a technology product but a livelihood instrument. As vehicles become adaptive, consent is no longer a simple agreement to install new code; it becomes tacit approval of evolving recommendation logic, behavioural profiling, and intervention thresholds. Convenience can slip into behavioural delegation, and delegation can erode user authorship, meaning riders gradually lose meaningful control over how their behaviour is shaped by the system.

Closely linked is the Liability Gap. India’s consumer protection and product liability laws were designed for static products, not distributed AI ecosystems where OEMs, software vendors, cloud providers, sensor systems, and continuously retrained models all interact. In a braking event where an adaptive safety system intervenes and an accident follows, accountability could hinge on calibration, latency, override behaviour, and model logic simultaneously. Responsibility becomes diffuse, making it harder to assign liability and ensure fair redress.

The Cybersecurity Gap compounds this challenge. As vehicles become software‑defined, their attack surface expands. Traditional OTA risks like compromised update channels are joined by adversarial sensor manipulation, model poisoning, and malicious interference with real‑time decision systems. A corrupted infotainment system may be inconvenient, but a compromised adaptive safety system directly threatens rider safety and public trust.

Finally, the Data Governance Gap highlights how connected vehicles function as large‑scale behavioural data systems. Each ride generates telemetry—location, braking, battery performance, environmental conditions, and behavioural signals. India’s Digital Personal Data Protection framework is a step forward, but adaptive AI raises unresolved questions: What counts as meaningful consent for evolving behavioural systems? When does personalization cross into automated decision‑making? And what rights should users have to opt out, audit, or revert behavioural changes?

Together, these concerns show that adaptive intelligence in mobility is not just another technology upgrade, it is a structurally different risk requiring new governance, accountability, and trust frameworks.

OTA 2.0 Governance: What the Agent Layer Actually Requires

Effective governance of adaptive mobility systems must anticipate behavioural change, preserve user agency, and embed transparency into every layer of system design and oversight. Unlike static code, adaptive intelligence evolves continuously, reshaping behaviour, recalibrating thresholds, and learning from fleet-wide data in real time.

Consent Gap: Rider-Facing Change Disclosure

If behavioural logic changes materially, riders should receive plain-language disclosure designed for comprehension, not buried inside legal terms or app permissions. This is not technically difficult; it is a governance and product-design choice.

Liability Gap: Behaviour Versioning, Not Just Code Versioning

Every major AI-behaviour update should include human-readable disclosure explaining what changed in system behaviour, not merely a software version number. “The safety system’s intervention sensitivity has been recalibrated for wet-road conditions using aggregated fleet data” is meaningful to riders and regulators alike. A firmware hash is not.

Cybersecurity Gap: Meaningful Override Architecture

Users should retain meaningful control over adaptive systems wherever safely possible, whether through intervention settings, personalization controls, or behavioural rollback options. There is an important distinction between disabling a feature and retaining agency over how a machine participates in decision-making.

Data Governance Gap: Regulatory Sandboxes Before Scale

India has a narrow but important window to establish testing and governance frameworks for AI-defined mobility systems before deployment complexity increases dramatically. This could include controlled regulatory sandboxes, explainability standards, incident reporting norms, behavioural audit trails, and sector-specific AI guidance for connected mobility. Frameworks built during the growth phase are far more effective than frameworks built after public failure.

Accountability as the Cross-Cutting Principle

Without robust governance, adaptive data systems risk undermining privacy, transparency, and user autonomy at scale. The challenge is not whether adaptive intelligence should exist, but how it evolves transparently and accountably. Adaptive systems may ultimately outperform static ones, learning from fleet-wide safety events, changing road conditions, and environmental variability to improve safety and efficiency at scale.

India’s EV conversation often centres on charging infrastructure, battery economics, and range anxiety. Yet the deeper trust question lies in accountability: when vehicle intelligence evolves continuously, when behavioural systems adapt invisibly, and when algorithmic layers increasingly shape physical-world outcomes, “over the air” can no longer mean invisible and unquestioned. India has a rare opportunity to establish governance norms before adaptive vehicle intelligence reaches irreversible scale. The real test is whether industry, regulators, and standards bodies can define accountability proactively, rather than waiting for a crisis to do it for them.​​​​​​​​​​​​​​​​

Disclaimer:

The post presents insights and reflections drawn from individual experience. The views expressed are my own and should not be attributed to or considered representative of any organizations, employers or institutions I am currently or have previously been associated with.