Comprehensive safety testing of electric buses in Oslo

A Yutong bus in a testing location

  • Updated5 November 2025
  • News, Oslo

Ruter in Oslo has conducted a test of two electric buses in an isolated environment inside a mountain. The purpose was to identify risks in electric buses.

“This comprehensive and unique test enables us to build the right protection into the buses. Public transport in Oslo and Akershus should have access to the best technology – and the best safety”, says Bernt Reitan Jenssen, CEO of Ruter.

A brand new Yutong bus from China and a three-year-old VDL bus from the Netherlands were tested, and Ruter wanted to investigate two specific scenarios:

  • Surveillance: The bus cameras are not connected to the internet – there is no risk of image or video transmission from the buses.
  • The Chinese supplier has digital access to control systems for software updates and diagnostics. In theory, this could be exploited to influence the bus.

The testing revealed risks that Ruter is now taking action against. National and local authorities have been informed and must assist with further measures at a national level.

The main findings of the test are:

  • VDL bus and software: The Dutch bus from VDL does not have the option of independent software updates Over The Air (OTA), so it is not that interesting.
  • Yutong bus and software: The Chinese bus from Yutong, on the other hand, has the option of independent software updates (Over The Air). This means that the manufacturer has direct digital access to each individual bus for software updates and diagnostics. There is access to the battery and power supply management system via mobile networks through a Romanian SIM card. In theory, this bus can therefore be stopped or rendered unusable by the manufacturer. There is little integration between the systems in the bus and there is only one way out and to the bus’s critical functionality. This makes it easy to isolate it from contact with the outside world. We can also delay the signals to the bus, so that we can gain insight into the updates that are sent before they hit the bus. Such mechanisms are now being implemented.
  • Yutong bus and platform: Experts have uncovered vulnerabilities in a Chinese software update platform that has Yutong on its customer list. The vulnerabilities were reported to the platform provider and have now been fixed.
  • Optimism among experts: The experts are optimistic about the future, as Norway is now at a crossroads where it is possible to introduce requirements for buses and regulations that significantly reduce safety. Buses currently have the same functionality as a car from 2016. It is true that the further we move towards driver assistance systems and autonomy, the more the risk increases if measures are not introduced before we reach this level. Ruter has had a meeting with the Ministry of Transport and Communications about this, who want to solve this together with us.

After testing, Ruter is already taking concrete measures. Here is what is being done now:

  • Setting even stricter security requirements in future procurements
  • Developing firewalls that ensure local control and protect against hacking
  • Collaborating with national and local authorities on clear cybersecurity requirements
  • Exploiting a technological window of time before the next generation of buses becomes more integrated and more difficult to secure.

“After this testing, Ruter goes from concern to concrete knowledge about how we can build in security systems that protect us against unwanted activity or hacking of the bus’s computer systems”, says Jenssen.

Photo: Eilif Swensen / Ruter