There's a law on the books right now — already signed, already passed — that will require every new car sold in America to include technology that monitors whether you're fit to drive. It can track your eye movements, your pupil dilation, your head position, and your driving patterns. And if it decides you're impaired, it can prevent your car from starting or limit how fast you can go.

This isn't a proposal. It's not a bill sitting in committee. Section 24220 of the Infrastructure Investment and Jobs Act was signed into law by President Biden in November 2021. The technology is supposed to be mandatory in new passenger vehicles by 2027.

And the insurance industry is paying very close attention.

Here's what this means for you as a Pennsylvania driver — for your privacy, your premiums, and the future of how insurance companies decide what you pay.

What the Law Actually Says

Section 24220 of the Infrastructure Investment and Jobs Act directed NHTSA — the National Highway Traffic Safety Administration — to issue a final rule requiring all new passenger vehicles to be equipped with "advanced drunk and impaired driving prevention technology."

The stated goal is to prevent alcohol-impaired driving fatalities. And the numbers behind that goal are real: according to NHTSA's own data, 12,429 people were killed in alcohol-impaired driving crashes in 2023 alone. That accounts for roughly 30% of all traffic fatalities in the United States.

The law specifies that the technology must be "passive" — meaning it operates without the driver having to do anything. No blowing into a breathalyzer. No pushing a button. The system simply watches you and makes a determination about whether you should be driving.

The technology being developed falls into two categories. The first uses infrared cameras mounted on the steering column or A-pillar to track your eye movements, pupil dilation, head position, and drowsiness patterns. The second measures blood alcohol concentration through touch-based sensors built into the steering wheel or start button.

If the system determines you're impaired — either because your BAC is at or above 0.08% or because your behavior patterns suggest impairment — it can prevent the vehicle from starting or limit its speed.

Where Things Stand Right Now

The law gave NHTSA three years from enactment to finalize the rules — which means the deadline was November 2024. NHTSA missed that deadline. As of early 2026, the agency is still in the public comment and stakeholder review phase, and it has acknowledged that no current system meets the accuracy requirements for a federal mandate.

Here's why that matters: NHTSA has stated that current detection technology shows unacceptable error rates, particularly around the legal alcohol limit. Americans drive roughly 3 trillion miles per year. Even a system with 99.9% accuracy — which sounds nearly perfect — would produce millions of incorrect determinations each year. That means millions of sober drivers potentially locked out of their own vehicles, and an unknown number of actually impaired drivers slipping through.

Despite the delays, the law remains on the books. A congressional effort to defund Section 24220 failed in early 2026, leaving the mandate intact. Automakers are expected to have two to three years after NHTSA finalizes the rules to achieve full compliance. Realistically, the technology will likely appear in new vehicles starting in late 2027 or 2028.

Your current car is not affected. This mandate applies only to new vehicles manufactured after the effective date of the final rule.

What This Has to Do With Your Insurance Rates

This is where it gets personal — and where Pennsylvania drivers should be paying attention.

The law itself doesn't mention insurance. It doesn't require data sharing with insurers. But the law also doesn't prohibit it. And recent history shows exactly how that gap gets exploited.

In early 2025, the Federal Trade Commission took action against General Motors and its OnStar subsidiary. The FTC alleged that GM collected detailed driving behavior data — acceleration, braking, GPS location, trip times, speed — from millions of vehicles through its OnStar Smart Driver program and sold that data to LexisNexis Risk Solutions and Verisk Analytics. Both companies are major data brokers that package driving data into risk scores and sell those scores to insurance companies.

The consequences for real drivers were immediate. Insurance companies used these risk scores to raise premiums or deny coverage outright. One driver whose case made national headlines discovered that LexisNexis had chronicled 258 of his trips over six months, including specific details about trip duration, speed, and braking patterns — all collected from his Cadillac without his meaningful knowledge. His insurance application was declined by Liberty Mutual based on that LexisNexis report. Some drivers reported premium increases of 20% or more with no traffic incident, no claim, and no moving violation — the only change was that their car started reporting on them.

In January 2025, the FTC banned GM from sharing connected vehicle data with consumer reporting agencies for five years. Separately, in May 2026, GM agreed to pay $12.75 million to settle a California civil lawsuit over the same OnStar data practices — the largest penalty ever under the California Consumer Privacy Act. But the damage was already done for thousands of drivers, and the broader data-sharing pipeline between automakers, data brokers, and insurance companies remains largely intact outside of GM.

Now consider what happens when every new car has infrared cameras tracking your eye movements, alertness levels, and driving behavior — by federal mandate.

The Insurance Industry's Telematics Playbook Is Already Here

To understand where this is headed, look at what the insurance industry is already doing with voluntary telematics programs — one of the key forces driving PA insurance rates higher since 2020.

Nearly 30 million auto insurance policies in the United States already include some form of telematics — apps or devices that track your driving behavior in exchange for the possibility of a discount. Companies like Progressive (Snapshot), Allstate (Drivewise), State Farm (Drive Safe & Save), and Liberty Mutual all offer programs that monitor your speed, braking, mileage, and time of day you drive.

These programs are marketed as ways to save money. And some drivers do save. But the data tells a more complicated story. According to one industry analysis, only 31% of drivers enrolled in telematics programs actually receive a discount. Meanwhile, 24% of participants see their premiums increase as a result of the data collected. The rest see no meaningful change.

The voluntary programs also establish a precedent: driving behavior data is now a standard input in insurance pricing models. And the data that a federally mandated monitoring system would collect — eye tracking, alertness patterns, impairment signals, driving behavior over time — is far more detailed than what any current telematics app captures.

By 2026, over 90% of new cars are estimated to have embedded telematics capabilities, according to connected vehicle industry reports. The federal surveillance mandate would add biometric data on top of the driving behavior data that's already flowing.

What This Could Mean for PA Drivers Specifically

Pennsylvania already allows insurers to use telematics data in pricing. Several major carriers operating in PA — including Progressive, Allstate, State Farm, and Liberty Mutual — offer voluntary programs that track driving behavior.

PA law doesn't currently require insurers to offer a "discount only" model for telematics. That means if you opt into a telematics program in Pennsylvania and the data shows risky driving patterns, your rates can go up — not just fail to go down. This is worth understanding when you look closely at what's actually on your PA insurance bill.

What Pennsylvania does offer is strong consumer protection in one important area: PA is one of seven states that prohibits gender-based rating for auto insurance. But the state has no specific law governing how automakers can share biometric driving data with third parties, and no law preventing insurers from purchasing that data from brokers like LexisNexis or Verisk.

PA also allows insurers to use your credit score when setting auto insurance rates — and the same lack of transparency that surrounds credit-based pricing applies to telematics-based pricing. You may not know your rates are being shaped by driving data any more than you know exactly how your credit score is being weighted.

If the federal monitoring mandate takes effect as written, here's the scenario PA drivers should prepare for: your new car collects detailed data on your driving patterns, alertness, and behavior. The automaker stores that data. A data broker buys or licenses it. An insurance company purchases a risk score based on it. Your premium changes accordingly — and you may never know why.

The FTC's action against GM showed this isn't hypothetical. It already happened to real drivers. The federal mandate would simply give the data pipeline more data to work with.

The Privacy Question Nobody Is Answering

Here's what the law doesn't address — and what should concern every driver regardless of their feelings about drunk driving prevention.

The law does not require automakers to disclose how biometric driving data is stored, who it's shared with, or when it's deleted. The Center for Democracy and Technology formally warned NHTSA that the technology could create significant privacy risks and urged strict limits on data collection. But as of now, no such limits exist in the statute.

The law also allows these systems to receive over-the-air software updates. That means the monitoring capabilities of your car could expand after you buy it, through updates pushed by the manufacturer — potentially without your knowledge or consent.

And there is no federal opt-out provision in the current law. If you buy a new car after the mandate takes effect, the monitoring system is part of the vehicle. You can't decline it at the dealership.

What Pennsylvania Drivers Can Do Right Now

You don't need to panic, but you should be informed and proactive.

If you're buying a new car in the next few years, understand that 2025 and 2026 model year vehicles are not subject to the mandate. If the privacy implications concern you, buying before the mandate takes effect gives you a surveillance-free vehicle.

Check your current data exposure. You can request a free consumer disclosure report from LexisNexis (consumer.risk.lexisnexis.com) and from Verisk. Under the Fair Credit Reporting Act, both companies are required to provide you with a copy of the consumer report they maintain about you. Look for sections labeled "telematics," "driver behavior," or "vehicle data." If your driving data appears, note the source — that tells you which automaker or app shared it.

Review your current car's connected services. If you drive a GM, Ford, Honda, Kia, Hyundai, or most other modern vehicles, check whether you're enrolled in any connected driving or "smart driver" programs. Many were enabled by default during the dealer setup process. You may be sharing driving data right now without realizing it. Consumer Reports has published a guide on disabling telematics data sharing by manufacturer.

Understand your telematics options in PA. If your PA insurance carrier offers a telematics program, ask whether the data can only result in a discount or whether it can also increase your rates. Some carriers operate on a "reward only" model. Others don't. Know which one yours uses before you opt in.

Talk to your insurance agent. An independent agent can tell you which PA carriers are using telematics data and how aggressively, which ones offer genuine "discount only" programs, and how your current rate compares to what's available in the market. If your rate has increased unexpectedly, a LexisNexis report might reveal whether driving data played a role.

The Bigger Picture

The federal surveillance mandate exists because drunk driving kills over 12,000 Americans every year. That's a real problem that deserves real solutions. Nobody in the insurance industry — or anywhere else — disagrees with that.

But the way this technology is being implemented raises legitimate questions about privacy, data ownership, consent, and the potential for misuse. The insurance industry has already demonstrated, through the GM-LexisNexis scandal, that it will use driving data to adjust premiums — sometimes without drivers' knowledge or consent. A federal mandate that puts more detailed monitoring systems in every new car, with no data-sharing restrictions and no opt-out provision, creates a pipeline that the insurance industry is positioned to tap into.

Pennsylvania drivers should pay attention. Not because the sky is falling, but because the decisions being made right now — by NHTSA, by automakers, by state legislators, and by insurance carriers — will shape what you pay for coverage and how much privacy you have behind the wheel for decades to come.

Staying informed is the first step. Making sure you're not already overpaying based on data you didn't know was being collected is the second.

Not sure what data is affecting your insurance rate?

Talk to a local PA agent who can review your situation. An independent agent works with multiple carriers and can identify whether telematics data or risk scores are influencing your current premium — and whether you can do better.

No call centers, no 1-800 numbers. Just a licensed Pennsylvania professional who can give you straight answers.

Get a Free Rate Review from a PA Agent →

Frequently Asked Questions

Does the federal car surveillance mandate affect my current car?

No. Section 24220 applies only to new vehicles manufactured after NHTSA finalizes its rulemaking. If you currently own a vehicle, it is not subject to the mandate. However, many newer vehicles already collect and transmit driving data through connected services — it's worth reviewing your automaker's privacy settings regardless of the mandate.

What exactly is Section 24220?

Section 24220 is a provision of the Infrastructure Investment and Jobs Act (P.L. 117-58), signed in November 2021. It directs NHTSA to require all new passenger vehicles to include passive technology that detects and responds to drunk or impaired driving. The system must operate without any action from the driver — no breathalyzer, no button to press. NHTSA missed its November 2024 rulemaking deadline; the rules are still being finalized as of May 2026.

Can car surveillance data actually raise my insurance premium?

Yes — and it already has for some drivers. The FTC's 2025 action against GM documented that driving behavior data collected via OnStar was sold to data brokers who packaged it into risk scores used by insurers. Some drivers saw rate increases of 20% or more with no accident, claim, or moving violation. This is one more reason why understanding why your rate keeps going up matters more now than ever.

How do I find out if my driving data is already being shared with insurers?

Request a free consumer disclosure report from LexisNexis (consumer.risk.lexisnexis.com) and from Verisk. Under the Fair Credit Reporting Act, both are required to provide a copy of any consumer report they hold on you. Look for sections labeled "telematics," "driver behavior," or "vehicle data." You can also check your vehicle's connected services settings — many modern cars have a dedicated privacy or data-sharing section in their infotainment menu or owner's app.

When does the car surveillance mandate actually take effect?

NHTSA missed its November 2024 rulemaking deadline. As of May 2026, the agency is still in stakeholder review and public comment. Once the rule is finalized, automakers will have two to three years to comply — making late 2027 or 2028 the most realistic timeline for the technology to appear in new vehicles sold in the U.S.

This article is for informational purposes only and does not constitute legal or insurance advice. Section 24220 of the Infrastructure Investment and Jobs Act (P.L. 117-58) is federal law. NHTSA rulemaking is ongoing as of May 2026. The FTC's enforcement action against General Motors and OnStar was finalized in January 2025. GM's $12.75 million settlement was with the California Attorney General, announced May 2026. Telematics participation statistics cited from industry analyses by State of Surveillance and consumer advocacy reports. Pennsylvania does not currently have state-specific legislation governing automaker data sharing with insurance companies. Consult a licensed insurance professional for guidance specific to your situation.