The rapid development of intelligent and connected vehicles is transforming them into data-rich information carriers, which generate and store vast amounts of sensitive information. However, the frequent sharing of resources within these vehicles poses substantial risks to user privacy and data security. Should sensitive resources be accessed maliciously, the consequences could be severe, leading to significant threats to the safety, property, and reputation of both drivers and passengers. To address these risks, this paper proposes an adaptive risk-based access control with Trusted Execution Environment (TEE) specifically designed for vehicles, aimed at managing and restricting access permissions based on risk assessments. Firstly, this paper designs an adaptive risk model in accordance with ISO 21434, taking into account factors such as the security levels of subjects and objects, context, and the risk history of subjects to separately quantify threats and impacts. By adjusting the model’s weighting factors, the model can adapt to various application scenarios and security requirements, enabling dynamic and adaptive risk evaluation. Based on the risk model, an Adaptive Risk-Based Access Control with TEE (AdRbAC-TEE) is proposed, featuring a globally distributed and locally centralized architecture. This model leverages the physical isolation characteristics of TEE to securely protect and store risk logic and sensitive data. Additionally, a comprehensive design is presented for the data flow model and access control process, along with key security considerations for practical deployment. Finally, the effectiveness and reliability of the proposed method are validated through an automotive diagnostic access control case study, demonstrating its ability to ensure both security and efficiency.