Autonomous Vehicles rely heavily on their sensors’ information to navigate correctly. Autonomous driving requires the support of infrastructure-based systems to provide extra sensor information, which cannot be collected by vehicles.We expect that such infrastructure-based systems are typically not provided by the same manufacturer as the vehicle using them. In this paper, we propose a first of its kind, compositional threat analysis and risk assessment method, called C-TAR, and illustrate the method using a simplified example from an autonomous driving context. The proposed method extends a common threat and risk analysis method by statements of dependency on interfacing systems and provides a compatibility check of two systems working together. C-TAR allows the user to identify whether two independently developed systems can interact together securely based on the extended threat and risk analysis.