Compliance & Security Center

A controlled risk instead of a black box

The hardest questions about Chinese EVs are not car questions: legal certainty, data protection, tariffs, battery regulation, cybersecurity. This center answers them in one place — soberly, verifiably and documented per vehicle. A risk you know and document is no longer one you need to fear.

Documented per modelGDPR assessmentAudit-ready paperworkContinuous regulatory monitoring

The six compliance areas

EU type approval & full inspection

Vehicles without an EC Certificate of Conformity go through individual approval under §21 StVZO with a full inspection by TÜV or DEKRA. You receive the report and all evidence in the vehicle file — every car we deliver is regularly and permanently registered.

Customs & taxes

EU countervailing duties on Chinese EVs, import VAT, clearance evidence: we itemise every duty in the offer and archive the customs documents audit-ready. We monitor tariff changes continuously and price them in transparently — never retroactively for existing contracts.

Data protection & vehicle data

Connected cars transmit telemetry, location and usage data. We document per model which services transmit which data where, what can be switched off and how the car is configured for data minimisation. For fleets and public buyers we deliver this assessment as a decision document.

Battery regulation

The EU Battery Regulation brings due-diligence and documentation duties, and from February 2027 the digital battery passport for new traction batteries. We already document battery data per vehicle today — including a certified state of health — and are preparing our processes for the battery passport.

Cybersecurity & updates

Software updates and remote access raise legitimate security questions. We document the update path per model (OTA or workshop), accompany updates through ServicePlus and assess remote functions soberly — whatever can be disabled, we configure off on request from handover.

Trade & political risk

Tariffs and trade policy can change — that is a real planning risk. Our principle: signed contracts are fixed prices, and we carry the tariff-change risk until delivery. For fleet planning we share our ongoing assessment of the regulatory situation openly.

Three principles

1

Documented, not promised

Every compliance statement exists in writing per vehicle: inspection reports, customs receipts, data-flow documentation, battery data.

2

Honest about limits too

Where a model cannot do something — a service only works with a Chinese account, or an update never reaches Europe — it is written in the documentation. Before the purchase, not after.

3

Kept current

Regulation moves. We continuously track customs procedures, the battery regulation and data-protection practice, update our assessments — and inform existing customers of relevant changes.

Who this center is for

Private buyers

The short version: your car is regularly registered, all duties are paid and evidenced, and you know what your car transmits. The details are in your vehicle file.

Fleets & companies

Per-model compliance assessments as decision documents for procurement, data-protection officers and ESG reporting — on request as a consulting package together with your DPO.

Municipalities & public sector

Audit-ready documents for tenders and committees: type-approval evidence, GDPR assessment, service commitments across the period of use.

The most common compliance questions

Can Chinese EVs even be legally registered in Germany?

Yes. Vehicles without an EC Certificate of Conformity are registered through individual approval under §21 StVZO — an established, regular procedure with a full inspection by TÜV or DEKRA. Every vehicle we deliver goes through it before handover.

Do I pay the EU countervailing duties on Chinese EVs?

The duties are due at import and are included and itemised in our fixed price. You never pay after the fact: we carry the risk of tariff changes between contract and delivery.

What happens to my vehicle data — does it go to China?

It depends on the model, which is exactly why we document it per model: which services transmit which data, what can be switched off, and what a data-minimised configuration looks like. This documentation is part of every vehicle file; on request we configure the car accordingly before handover.

Does the GDPR apply to Chinese manufacturers' apps?

Yes — whoever offers vehicles and services in the EU must comply with the GDPR. In practice, implementation quality varies by manufacturer; our data-flow documentation shows the state per model, and we recommend app configuration accordingly.

What is the battery passport and does it affect my car?

The digital battery passport becomes mandatory under the EU Battery Regulation from February 2027 for newly placed traction batteries: a digital record of the battery's origin, carbon footprint and condition. It does not apply retroactively to earlier vehicles — but we already document battery data per vehicle voluntarily today.

How safe are over-the-air updates?

OTA updates are standard on all modern vehicles and are encrypted and signed as a matter of principle. We document the update path per model and accompany updates through ServicePlus. If you prefer no remote access: much can be disabled — we document what, and set it up on request.

How import and protection fit together: the SafeImport PackageFor municipalities: tenders & pilot projects

A compliance question not answered here?

Ask it concretely — you will get a concrete answer, even if it is 'this model cannot do that'. For fleets and public buyers we prepare per-model assessments as decision documents.


Auto China GmbH

Karlsplatz 3, 80335 München, Niemcy

Umów oddzwonienie