The engine stopped being the product

For a century you bought a car for its mechanicals. Today the drivetrain is the easy part — the real product is the computer, the software and the data pipe bolted to it. That quietly rewrites every question worth asking before you sign.

We boiled it down to six, scored every brand out of ten on each, and ranked them. Higher is always better for you, the owner.

• 01 · ACCESS
  Can you reach your own data?
  An open API or Home Assistant link — or are you locked out of the car you bought?
• 02 · COST
  Will they nickel-and-dime you?
  Total connected-service subscriptions after the free trial (we left self-driving out of this one).
• 03 · SECURITY
  Is it actually hard to steal?
  Keyless-theft exposure, unpatched flaws, and how seriously the maker takes it.
• 04 · MONEY
  Will the company survive?
  A computer on wheels needs its maker alive to keep patching it.
• 05 · SAFETY
  Is it safe in the real world?
  Not just the crash-test star — actual on-road outcomes and assist tech.
• 06 · SILICON
  Is the tech any good?
  Software, EV/performance computing and over-the-air updates.

The computer-on-wheels league table

Eight metrics, ten points each, eighty on offer. The brands at the top aren’t the fastest or the flashiest — they’re the ones that are cheap to run, open to your own data, hard to steal, safe, well-built, made by a company that will still be here to patch them — and now also judged on the screen you’ll stare at every day and on how safely they handle your data.

Scored across eight axes. SCREEN rates the in-car display — responsiveness, interface, maps and freedom from lag (Tesla sets the bar; VW’s Cariad and Subaru’s Starlink drag). DATA rates data-security and privacy and is adjusted for data jurisdiction — so the Chinese brands take a hit for the state-access risk detailed in the jurisdiction section below, and no brand scores above 6: on data, nobody is truly clean. Self-driving is excluded from the subscription column. GM/Chevrolet isn’t sold in the UK.

Your car, your data — except it isn’t

Here’s the asymmetry nobody mentions in the showroom: your car streams intimate data out all day — where you go, how you drive, sometimes what you say — but getting it back, or sending a single command of your own, is often blocked.

BMW’s CarData will hand you a feed of your data but won’t let you send one instruction — they log, you observe. Volkswagen broke the popular Home Assistant link in 2026, pushing owners onto an EU Data Act portal to claw their own data back. The open exceptions are exactly the names at the top of the table: Tesla (a proper official API), Volvo (an official Home Assistant integration) and Hyundai/Kia (a community bridge so good it’s the gold standard). Mazda went the other way entirely and had the community project taken down with a legal notice.

The lever slowly forcing this open is the EU Data Act. The escape hatch for anyone technical is older and simpler: a cheap OBD-II reader that talks to the car directly and skips the manufacturer’s cloud entirely — the privacy-maximising way to get your own telemetry.

The subscription trap — what it costs to switch everything on

Once the data’s flowing, the meter starts: the model is to sell you the car, then rent you back the features it already has. We added up the maximum annual cost to switch on every connected feature after the free trial ends — excluding self-driving and optional power boosts. The spread is enormous, from nothing to around £700 a year.

*Indicative annual recurring cost to switch on the full connected-services menu after the trial — UK £ (some converted from US$); varies by model, trim and software. We’ve deliberately excluded optional luxury performance unlocks — Mercedes’ £480–600/yr “Acceleration Increase”, VW’s paid ID.3 horsepower and Tesla’s one-off £1,500 Acceleration Boost — because they sell you power the car already makes and aren’t features you need to switch on. One-off functional unlocks like Audi’s swivel headlights are reflected in the table.

• NissanCut the UK free period to one year, then locks most of the app behind ~£12.99/mo plus £99/yr for stolen-vehicle tracking — and is even switching features off.
• VWThe worst of both worlds: pricey connected packages, a trial of paid horsepower on the ID.3 in Britain, and in 2026 it cut off the API third-party apps relied on.
• BMWTried charging monthly for heated seats — hardware already fitted — and scrapped it after backlash. The à-la-carte menu still tops ~£500/yr.
• Hyundai / Kia / Volvo / BYDThe honourable exceptions: free for life or for years — proof none of this needs to cost what the others charge.

The screen is the car now — and some are dire

You’ll spend every journey staring at it, yet in-car software is wildly inconsistent. The same £40k buys a phone-fast, beautifully judged system in one car and a laggy, half-translated one in another. This is the bit no spec sheet scores — so here’s the honest pecking order.

• Tesla / RivianThe benchmark: fast, clean, genuinely well-designed and improved over the air. The trade-off is lock-in — neither offers Apple CarPlay or Android Auto, so you live entirely in their world (Tesla’s is good enough that few mind; on a worse system it’d be a dealbreaker).
• Google built-inVolvo, Polestar, newer Honda, Ford & Renault run Android Automotive — native Google Maps, Assistant and Play, slick and familiar. Caveat: GM dropped CarPlay/Android Auto on its EVs to force you onto its own, rougher system.
• German luxuryMercedes MBUX, BMW iDrive and Audi are powerful and sharp-looking, but increasingly menu-heavy and touch-dependent — and the best maps and voice often sit behind the very subscriptions listed above.
• Built-in sat-nav, broadlyFrequently worse than your phone, with live traffic locked behind a paid connection. Which is why most people just plug in CarPlay/Android Auto and never touch the native nav.
• Some Chinese systemsModern and feature-packed on the likes of BYD and XPeng — but cheaper or early-import models can ship with clunky menus, machine-translated “Chinglish” labels and maps that lag well behind Google. Improving fast, but check the actual car.
• VW Group’s early softwareCariad became a byword for laggy, buggy infotainment that shipped unfinished and took years of patches — part of why VW’s whole digital strategy has been such a mess.

There’s also a data catch nobody warns you about. The moment you pair a phone — by cable or wirelessly — most cars quietly copy your contacts, call history and sometimes text messages onto the car’s own storage so they show on screen. That data stays in the car.

Theft is now a software problem

The smash-and-hotwire is history. In 2025, 54,145 cars were stolen in the UK — about one every ten minutes — and 60–70% involved keyless exploitation, not force. The methods are electronic: relaying the key fob’s signal from inside your house, or reaching the car’s wiring through an external panel (the “headlight” attack that specifically targets Toyota and Lexus).

The most-stolen car in Britain is now the Toyota C-HR hybrid, hit for its valuable parts; a Range Rover Sport was taken every 54 minutes in 2024. The standout the other way is Tesla — barely stolen, because over-the-air security and embedded tracking genuinely work. It’s the one place Tesla’s relentless connectivity is a clear win.

Makers are responding (motion-sensing “sleeping” fobs from BMW, Mercedes and Audi; ultra-wideband keys from Land Rover), and the law caught up in 2025 — simply possessing relay or signal-jamming kit is now an offence. Your cheapest, most effective defences remain low-tech: a Faraday pouch for the keys, a Thatcham-approved tracker, and a ghost immobiliser (a hidden PIN sequence that defeats relay, wiring and key-cloning attacks alike).

Worse than theft: when someone else can drive it

Stealing a car is one thing; driving it while you’re sitting in it — from the other side of the world — is another. In 2025, researchers at PCAutomotive hacked a Nissan Leaf over the internet through its infotainment Bluetooth: they could track it, screenshot the dashboard, listen to conversations in the cabin through the microphone, and work the doors, wipers, horn and even the steering while it was moving. The infamous benchmark is worse still — the 2015 Jeep Cherokee hack reached the brakes, engine and transmission of a car doing 70 mph from miles away, and triggered a 1.4-million-car recall.

Unnerving — but the question that actually matters to a buyer is blunt: did the manufacturer fix it? Mostly yes, and fast. With one glaring exception.

• Fixed in 24hSubaru — patched its Starlink flaw within a day of being told; never exploited.
• FixedKia — closed the number-plate flaw within weeks; the proof-of-concept tool was never released.
• Fixed · OTATesla — patched its remote-control research over the air within days. Over-the-air updates are a security feature.
• Fixed16+ brands (BMW, Mercedes, Ford, Toyota and more) — a 2022 remote-control study, all fixed before going public.
• RecalledJeep — a 1.4-million-vehicle recall plus a network-level block. Decisive, if forced.
• Slow · unclearMazda — six infotainment flaws disclosed in 2024, reported unpatched, in keeping with a poor track record.
• UnresolvedNissan — acknowledged the Leaf takeover-and-eavesdropping flaws back in 2024, but still won’t confirm a fix and gave the researchers no patch details.

Safety and performance are computing problems now

Real-world safety belongs to Volvo, the German luxury set and now Tesla — whose Model Y and Model 3 won their Euro NCAP classes in 2025 with some of the highest Safety Assist scores ever recorded, and the Model Y is also an IIHS Top Safety Pick+. (Tesla’s optional Autopilot / “Full Self-Driving” remains under US federal investigation — a separate question from how the car protects you in a crash.) The real differentiator now is software: driver-assist that prevents the crash, not just survives it. That same sensor suite is why insurance has crept up — a minor knock that disturbs a windscreen camera can turn a £300 repair into £1,500 of recalibration.

On self-driving, the reality is far narrower than the hype. Mercedes’ Drive Pilot is the only true eyes-off system you can legally use, and in Britain Ford BlueCruise is the only approved hands-free motorway system — with full self-driving not expected before late 2027 under the Automated Vehicles Act. Performance has gone digital too: instant-torque EVs and over-the-air updates mean the quickest, smartest car in the range is increasingly defined by its code, not its cylinders.

Why the badge’s bank balance is now your problem

A computer on wheels needs its maker alive to keep the lights on — security patches, app servers, over-the-air updates. So a brand’s finances quietly become your risk.

Nissan is in open crisis — analysts have called it “flirting with catastrophe” — and has dropped out of the UK top ten. Stellantis (Peugeot, Vauxhall, Fiat) has been described as in a “death spiral”, and Ford slipped to a net loss. Meanwhile Toyota, Hyundai-Kia and China’s BYD are pulling away — and BYD has now overtaken Tesla in UK sales for the first time.

Behind BYD comes a second Chinese wave now landing in Britain — Chery (a Fortune Global 500 firm and China’s biggest car exporter, parent of Jaecoo and Omoda), GWM (Great Wall — privately owned, ~1.3 million cars a year, behind Ora and Haval) and the tech-first XPeng. On the survival test, Chery and GWM look financially solid; XPeng is growing fast but still loss-making, the usual EV-startup caveat. Their bigger asterisk isn’t money, though — it’s where your data lives, which is the next section.

America has its own challenger in Rivian — software-first, Tesla-rivalling on tech and screen, and the firm whose stack VW now licenses — which lands in the UK around 2027. The catch is the same as XPeng’s: it’s brilliant kit from a company still losing billions a year, betting its survival on the cheaper R2.

Whose government can reach your car’s data?

A connected car constantly phones home — location, trips, voice, sometimes cabin camera. The question buyers rarely ask is which country’s laws govern that data once it lands, because that depends on where the maker is headquartered, not where you drive. It’s the one axis where the newest, cheapest, most impressive cars carry the biggest asterisk.

The clearest official signal comes from Washington. In a final rule, the US Commerce Department is banning connected-vehicle software with Chinese or Russian links from model year 2027, and the hardware (the cellular, Wi-Fi, Bluetooth and satellite modules) from 2030 — effectively keeping Chinese smart cars off American roads. The reasoning is the same as this whole article’s: cars now have “cameras, microphones, GPS tracking… connected to the internet,” and the worry is a foreign state could use them to reach sensitive data.

Israel has gone further in practice: it is phasing Chinese vehicles — Chery, Jaecoo, BYD and MG among them — out of government and security fleets, and intelligence-unit staff are already barred from arriving at bases in Chinese cars. The EU has hit Chinese EVs with trade tariffs and is weighing whether to force their data to be stored inside the bloc.

The notable outlier is the UK. After a “pragmatic reset” in early 2026 it imposed no heavy tariffs and no consumer ban, so Chinese EVs remain markedly cheaper here than across the Channel and now take roughly a tenth of the market. Buy one and nothing stops you — the decision is left to you.

For balance: security analysts warn that any Chinese-made comms module could, in theory, have its data extracted by the Chinese state or be remotely disabled — but there is no public evidence this is actually happening, and the same “computer on wheels” applies to a Tesla (which is itself restricted near Chinese government and military sites). For a private owner the day-to-day risk is low; for sensitive work it’s a genuine consideration.

Three things the spec sheet won’t tell you

Reliability has split by fuel. Hybrids are now the most reliable thing on the road (~15% fewer faults than petrol), while EVs average ~80% more — overwhelmingly software and 12-volt gremlins, not worn-out batteries (degradation is only ~3% a year). The Korean EVs share a charging-control fault, and Tesla’s reliability is genuinely disputed: top of one major survey, bottom of a German one.

Insurance punishes EVs and luxury hardest. Subaru and the Hyundai i10 are among the cheapest to cover; Porsche, Land Rover and Tesla are the dearest — driven less by sticker price than by how expensive they are to repair.

And privacy is the elephant in the garage. Mozilla rated cars the worst product category it has ever reviewed — every brand failed. GM was caught selling drivers’ data to insurers (some saw premiums jump 80%) and now sits under a US federal order, with Ford, Hyundai, Toyota and Stellantis under investigation. That’s why no brand scores above 6 in the league table’s DATA column — on privacy, there’s no winner, only degrees of bad.

Ten questions to ask before you sign