Commerce Department to Allow Volvo Sales Despite Chinese Ownership, Espionage Concerns

Volvo will be staying in the American market despite concerns that its vehicles may vacuum up data for delivery to the firm’s majority shareholders in China.

On May 27, Bloomberg reported that the Commerce Department and Volvo, which is majority-owned by Chinese auto firm Zhejiang Geely Holding Group, had signed an agreement to allow Volvo to sell its latest line of vehicles in the United States. The deal comes despite the Commerce Department banning the sale of Russian or Chinese-produced vehicles that can connect to the internet due to concerns over espionage or sabotage.

Without clearer safeguards on Volvo’s data collection practices, the agreement risks introducing new security vulnerabilities into the American auto market.

Agreement Offers Reprieve From Potential Ban

The agreement will allow Volvo, which holds relatively niche market share, to continue selling in the American market without interruption, though Volvo’s imports may still face high tariff rates on foreign-produced vehicles entering the United States. The deal will also reportedly prevent Volvo from transferring data collected by its vehicles to China, though neither the Commerce Department nor Volvo offered detail on these security measures. While the Commerce Department ban already allows certain internet-connected vehicles or components to enter the United States, it is unclear whether Volvo qualifies for an exemption under this provision, or if other firms will attempt to do so as well.

Geely is one of China’s largest automotive conglomerates. Both Geely and other Chinese car firms such as BYD are effectively banned from selling in the United States due both to a 100 percent tariff on Chinese-produced electric vehicles (EVs) introduced by the Biden administration in 2024 and to the Commerce Department’s 2025 ban on selling Chinese vehicles that connect to the internet. Notably, Volvo’s deal with Commerce will not cover Polestar, another Geely-owned EV firm currently in discussion with the Commerce Department for U.S. market access.

Chinese Autos Pose a National Security Risk

The agreement is in tension with rising concern over the risks posed by internet-connected vehicles produced by firms connected to foreign adversaries. The United Kingdom’s Ministry of Defense banned all EVs with Chinese components from select military bases in 2025 due to espionage concerns, a decision replicated by Israel and Poland due to the vehicles’ capacity to collect and potentially share information obtained by sensors on drivers’ location, conversations, and patterns of life. Chinese-produced vehicles may also maintain links to their manufacturer, allowing them to be remotely manipulated during operation. In November 2025, for example, Norwegian officials discovered that Oslo’s fleet of Chinese-produced buses could be disabled using an embedded software vulnerability.

Addressing these concerns, the Commerce Department in January 2025 finalized bans on the sale of internet-connected vehicles and their associated components produced by Russia and China. Under the terms of the ban, firms would be banned from importing finished vehicles containing Chinese or Russian software beginning in 2027, while any automaker controlled or owned by Russia or China would be barred from selling any internet-connected vehicle in the American market. These restrictions also extend to certain hardware components related to vehicle connectivity produced by Russian or Chinese entities beginning in 2030, particularly those tied to automated driving systems.

Commerce Should Clarify Security Safeguards to Protect U.S. Critical Infrastructure

While the agreement may signal weaker enforcement of Commerce’s new vehicle rule, any security commitments signed by Volvo may present another possible avenue to mitigate the risks posed by connected vehicles produced by firms linked to foreign adversaries. Other national security bans on foreign-produced drones or routers also have waiver programs to allow for regulatory scrutiny without enacting a complete ban.

However, the Commerce Department should ensure that automakers cannot trade rushed mitigation measures for continued market access. In implementing the agreement, Commerce should carefully verify that the data collected by Volvo vehicles is fully insulated from the firm’s Chinese ownership and that its software does not contain significant security vulnerabilities that would allow Geely, or Beijing, to engage in remote access or spy on U.S critical infrastructure.

Jack Burnham is a senior research analyst in the China Program at the Foundation for Defense of Democracies (FDD). For more analysis from Jack and FDD, please subscribe HERE. Follow FDD on X @FDD. Follow Jack on X @JackBurnham802. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.