How Rust Accelerates the Path to the SDV

The shift towards software-defined vehicles continues to pose numerous challenges for the automotive industry. A growing number of companies are now turning to a programming language that could greatly ease this transition: Rust. “One of the core promises of SDVs is the ability to deliver updates rapidly across all areas of the vehicle and to allow for a seamless data flow between components to support the development of data-driven functions,” explains Frédéric Ameye, Cybersecurity & Embedded Systems Expert at Ampere, the Renault Group’s electric mobility brand. He notes that these benefits come with strict demands in terms of safety and functional safety.

Ampere seized the opportunity to design its SDV platform in collaboration with Google and Qualcomm. “We were able to build some new developments from scratch, establishing a framework that serves as the backbone for all our apps,” Ameye reports. The team opted for Rust and trained over 200 developers in its use. This strategic commitment enabled them to integrate Rust into various components of the platform, gradually improving time-to-market and developer satisfaction.

What are Rust’s advantages over other languages?

From the perspective of Stefan Nürnberger, Co-Founder and CEO of Veecle, Rust represents a quantum leap. When founding the start-up, the team took the risk of embracing this relatively new language. “We were pioneers in making Rust viable for safety-critical automotive use,” says Nürnberger. “Volvo, Hyundai, Kia, Genesis, and Renault were among the early adopters, mandating that new development should preferably be carried out in Rust.” According to Nürnberger, Rust’s primary advantages include its significantly lower error rate – with debugging time reduced by roughly 50 percent. Furthermore, it offers a more robust framework for ensuring that over-the-air updates are strictly limited to those authorised by the manufacturer, thereby substantially reducing the risk of backdoors.

“The language allows hardware and operating systems to be largely abstracted, meaning that previously written code can still be run on future, as-yet-unknown hardware,” Nürnberger adds. This could help European OEMs to close the gap to the much shorter development cycles of their Chinese counterparts.

What’s ahead at the Automobil-Elektronik Kongress 2025?

On 24 June, it's finally that time again: Decision-makers in the fields of electricity, electronics, and software in cars will meet in Ludwigsburg for the Automobil-Elektronik Kongress, the annual networking event of the industry.

Sabine Synkule

“Typically, you must choose two out of three: safety and reliability, performance, or user-friendliness (e.g. cost). With Rust, you get all three,” says Ameye. Ampere uses Rust particularly in performance-sensitive or safety-critical areas, such as cryptographic operations, internet-facing code (handling direct inbound requests), and firmware update processes. “We successfully combined Rust with existing C and C++ codebases, as well as model-based generated code,” recalls Ameye. “This allowed us to benefit from the new technology without compromising the functionality of tried and tested legacy code.”

Overall, such a transition is not without its difficulties, as many industry processes are still closely tied to decades of experience with other programming languages. “However, our ecosystem was very receptive to the idea,” says Frédéric Ameye. He explains that Google had already fully committed internally to using Rust, while other Tier 1 and Tier 2 suppliers had also launched several Rust initiatives of their own. “Our project gave them the opportunity to apply Rust in a real production context. Some of our partners reported a 20 per cent cost reduction thanks to improved productivity compared to C++,” the cybersecurity expert summarises. Since Rust can eliminate around 70 per cent of typical programming errors, more time becomes available to focus on testing the remaining 30 per cent.

How can GenAI support the adoption of Rust?

According to Nürnberger, the strategic decision to adopt a new programming language must be made at management level. One current obstacle is the limited number of developers proficient in Rust. This is why many OEMs are currently partnering with start-ups to bridge this gap. However, large language models may soon accelerate this process. Nürnberger’s company enhances its AI stack with vehicle-specific context to improve the quality of generated results.

“I believe it’s important to invest in groundwork now, so developers can more easily create software-defined functions,” Nürnberger says. As a practical example, he cites a function allowing users to move their windscreen wipers into service position via app for blade replacement. “With a language model, working code for that feature can be produced in just ten minutes. Previously, a team of 20 would need nine months to achieve the same level of perfection.”

Everything about the Software-Defined Vehicle

From Architectures to Certification - whether standardization, OTA updates, vehicle lifecycle, or cybersecurity: Find the answers to the most important questions about the Software-Defined Vehicle here.

Timo Gilgen

Where are Rust’s current limitations?

From Ameye’s perspective, there are still some hurdles to overcome in the long term. One of these is the lack of a stable Application Binary Interface (ABI) in Rust, which often necessitates continued use of C interfaces. For the next generation of systems, the plan is to deploy Rust in safety-critical contexts (up to ASIL B) to support the development of advanced driver assistance functions. This area requires highly complex code, for example to fuse camera and radar data, and such systems must also meet stringent functional safety standards.

“There is still a significant amount of work required across the industry to align ISO 26262 processes with Rust-based development. Even though there are no major technical obstacles for ASIL B, we still need to jointly adapt our practices, coding guidelines and toolchains,” explains the Ampere specialist. For the highest safety level, ASIL D, however, there may be technical limitations. He recommends following the work of the Rust Foundation’s official Safety-Critical Consortium.

“We also need to improve the adoption of Rust among our suppliers. Some of their components are highly critical for the safety of our platforms, and we know that Rust’s enhanced safety mechanisms can help reduce the overall system complexity of our vehicles,” Ameye adds. Technologies such as SoC firmware, hypervisor drivers (virtualisation software), and connectivity stacks are particularly well-suited to strengthening the vehicle’s overall resilience against cyber threats.

This article was first published at automotiveit.eu