Driving Towards an Autonomous Future – a Regulatory Perspective

With car manufacturers, software developers and governments all seemingly involved in a technological arms race, Tesla rarely out of the headlines, and the European Commission recently suggesting that the first fully autonomous driverless vehicles may be available commercially by 2020, (and go on to become commonplace within 10 years), this article considers the current regulatory climate in the UK. 

The European Commission’s suggestion of 2020 for commercial availability may seem feasible for vehicles such as simple airport shuttle vehicles, where there are clear, designated driving areas, and use-cases with minimised daily variables scenarios. However, mainstream consumer adoption of autonomous vehicles on public roads and highways clearly introduces a multitude of new risks and issues, which must be considered.

Autonomous vehicles: issues to consider

1. Safety

The European Commission believes that automated driving will increase road safety significantly, as human error is involved in more than 90% of all traffic accidents on Europe's roads. However, regulators must grapple with how autonomous vehicle safety can be verified on an ongoing basis, for example by changing the MOT and updating the Highway Code to include a section on automated vehicle technologies. Adding technology and connectivity to cars introduces a layer of testing that the existing MOT framework was never envisaged to check. 

With press reports of serious crashes involving the testing of autonomous vehicles, concerns around safety have not been addressed to date. The UK Highway Code tries to address this by providing that those testing vehicles on the roads, switching from a highly automated mode to a manual mode (as opposed to remaining at full automation throughout), should be trained specifically for the transitioning phases between levels of automation – particularly as the need to switch to manual mode is likely to arise in an emergency. Until we reach the point where all autonomous vehicles are permanently in a highly automated mode, there remains an elevated safety risk.

The common question asked from an ethical perspective is whether a machine and its underlying software should be able to decide whether to hit a 5 year old or elderly person when avoiding both is unavoidable. A counter argument to this is, if the machine can make a determination as to who is most likely to survive the accident, perhaps yes, but the efficacy of the underlying artificial intelligence will likely receive increased scrutiny as we move closer to widespread consumer adoption.

2. Insurance 

Traditional car insurance primarily works by covering the damage the driver has caused to another party (and, in the case of comprehensive insurance, to themselves). Liability in an accident involving a fully automated car is more likely to occur not as a result of human fault, but because of failure of the vehicle. Clearly, previously settled positions on liability need to be revisited. 

In order to address the liability and insurance position, the government's Automated and Electric Vehicles Bill (AEV Bill) proposes to extend compulsory motor vehicle insurance to cover the use of automated vehicles in automated mode so that all the victims of an accident caused by a fault in the automated vehicle will be covered. There are also provisions on contributory negligence, with the insurer initially liable to pay compensation to the victims, with the right to recover costs from the liable party. Under the AEV Bill, the Secretary of State is required to keep a list of automated vehicles. This will allow manufacturers, owners of vehicles and insurers to know whether the legislation applies to a specific vehicle.

3. Cybersecurity

Clearly the threat of a cyberattack carried out on an autonomous vehicle travelling at speed on a public road will terrify many people, e.g. a malicious third party obtaining control of a vehicle containing a helpless passenger. As vehicles will be reliant on incoming data and electronic communications networks, the cybersecurity perspective is critical. In its 2015 review, the government said it would consider how the existing regulatory framework might be developed, to ensure automated vehicle technologies are protected from cyber threats. The concern around the lack of cyber readiness reached a heightened level last year when the NHS’s ability to carry out its day to day functions were seriously impacted by the WannaCry virus. The UK government adopted (in August 2017), cyber security principles for autonomous vehicles, that it has asked the industry to adopt at all levels.  

The AEV Bill potentially makes end users responsible for failing to apply patches or other necessary cybersecurity updates, where failure to do so leads to an accident.  Although this may work where fleets of vehicles are being used by sophisticated owners, such an approach is likely to cause fear and confusion if applied to consumers, where there is a significant level of fear and confusion about basic cybersecurity. Additionally, the scenario where due to the network failing, an update fails to download without warning, introduces yet another complexity to an ecosystem of technology providers, car manufacturers, roadworthiness test centres, network providers and the end user, let alone a rogue third party intent on causing chaos. Industry will need to work hard to allay such cybersecurity concerns – it remains to be seen whether the cyber security principles offer a sufficient framework.

4. Privacy

As autonomous vehicles will be heavily reliant on a multitude of sensors which will constantly gather data, user privacy must also be considered. The Information Commissioner's Office (ICO) has stated that collision data, telematics, geolocation data and driver settings collected by on-board data storage devices or transmitted to the vehicle manufacturer, or other third parties, are likely to be "personal data". The ICO has pledged to work with the DfT to understand the type of data being collected and the application of data protection law, but already it has indicated that, at the outset, privacy safeguards should be implemented into the technology by design, to remove the need to make costly modifications at a later stage.

Is current legislation fit for purpose?

Clearly, existing vehicle legislation developed over many years and before autonomous vehicles were anything more than something that appeared in cartoons. There is a natural tension, as regulators struggle between regulating too early or too late. If legislation is introduced too early, there is a risk the market can be stifled or shaped in a certain way which might be at odds with the evolution of the technology – however regulate too late, or failure to regulate at all, risks commercial and regulatory uncertainty, which in turn discourages investment and could lead to consumer harm. 

Legislative developments

In the UK, the government's support for automated vehicles is led by the Department for Transport (DfT) and the Centre for Connected and Autonomous Vehicles (a joint policy unit of the DfT and the Department of Business, Energy and Industrial Strategy).

Previously, in February 2015, the DfT published a review of regulations for automated vehicle technologies, together with a summary report and action plan under the heading ‘The Pathway to Driverless Cars’. The review set out the government's plan to update UK laws and regulations to permit the sale of automated vehicles to the public and to encourage technology and automotive industries to locate in the UK as an attractive place to develop, test and manufacture driverless technologies.

More recently, in the 2017 Queens’ Speech, the Automated and Electric Vehicles Bill was announced – this is currently being scrutinised by parliament. The Bill aims to address challenging concepts thrown up by the new technologies – including how liability is apportioned in relation to autonomous vehicles, including technical failures of the hardware and software, plus obligations in relation to installing safety-critical software updates. Indeed, insurers may be able to limit their liability where a person has altered software controlling the vehicles. 

And from an EU perspective (Brexit aside), the European Commission has proposed this year, as part of its “Europe on the Move” strategy, that it will start working on the development of a new approach for safety certification – one that is less design-specific when assessing safety. Equally it is the Commission’s view that new technologies can already be validated under the EU vehicle approval framework, and new technologies not foreseen by EU rules can be approved through an EU exemption granted through ad hoc safety assessments carried out at the national level. Nevertheless, this type of safety validation will equally need assignment of additional skills and expertise.

Conclusion – legislative evolution or revolution?

Research has suggested that autonomous vehicles have the potential to contribute £51 billion per year to the UK economy by 2030. Additionally, a recent study by KPMG created an “Autonomous Vehicles Readiness Index”, which weighs up issues including (i) policy and legislation; (ii) technology and innovation; (iii) infrastructure; and (iv) consumer acceptance. In this index, the UK was ranked as the jurisdiction 5th most ready for autonomous vehicle roll-out (interestingly the Netherlands was ranked 1st). 

It should also be noted that the assisted driving systems available in certain vehicles now, although undoubtedly a significant step towards automation and greater safety, are still some distance away from vehicles that can navigate all situations safely without a driver. Phrases such as “connected and autonomous vehicles” and “driverless cars” seem to be used interchangeably in the media, which is leading to confusion among consumers. 

However, in the interim, a gradual evolution in current road laws, rather than complete regulatory overhaul, may be appropriate. Last month the government updated existing legislation to allow remote parking to be used lawfully on UK roads for the first time (previously, drivers were prohibited from holding mobile devices within their vehicles) – now such devices may be used, subject to drivers being within 6 meters of the vehicle. This reflects the law striving to keep up with technological developments, while simultaneously trying to anticipate consumer risks and market implications – however it is also an indication that a rule introduced some years ago banning the use of mobile phones had unintended consequences.  This is likely to be the first of many changes to legislation as governments try to anticipate where driverless cars will take us.