AV roll-out is littered with legal potholes


Up to now, the legal landscape surrounding automated vehicles (AVs) in the UK could be seen in various shades of grey, with uncertainty over the introduction of coherent regulation and the continuing safety of trials.

The recently published report into automated vehicles by the Law Commission of England and Wales and the Scottish Law Commission aims to change this, with new clarity provided on the development, management and roll out of AVs onto UK roads.

The report’s main recommendation – grabbing the media headlines – was that when an automated driving system is in use in a car, the person in the driving seat should no longer be legally responsible for how the car drives.

This recommendation seemed to be welcomed by the industry, if for no other reason than because it provides a delineation of responsibility between the driver and the vehicle.

While providing a basis to legislate from, the 315-page report delves far deeper into the legal web surrounding automated vehicles – with prominent questions arising on data privacy, cybersecurity, and how the commission of driving offences are managed.

These are just a few of the barriers identified by the report that will need to be overcome to ensure the UK develops an AV safety system that is robust, but which avoids unnecessary red tape and regulatory barriers that could stifle innovation and customer choice.

Data privacy

The report’s main recommendation on legal responsibility is predicated on being able to clearly identify whether an automated driving system is in use at a particular point in time.

This determination is made possible through real-time data collection, analysis and transmission – the backbone of any automated vehicle. Even now, a typical car can feature over 60 different data probes (sensors), all collecting and interpreting data relating to hundreds, if not thousands, of vehicle metrics.

While important for law enforcement purposes, insurance and other public goods such as monitoring road user behaviour, the use and transmission of automated vehicle data raises major privacy concerns.

The report acknowledges this and recommends that an Authorised Self-Driving Entity – a vehicle manufacturer and/or AV software designer – must present regulators with details of how data will be recorded, stored, accessed, and protected to comply with data privacy laws.

The report also acknowledged that, due to the scale of data use, further privacy safeguards will need to be considered from the ground up.

One measure, referenced in the report, could involve a combination of data storage – with some data being stored locally on the AV, and other data being collected by the vehicle manufacturer, over-the-air, on an anonymised basis. This could allow the most sensitive data to remain in an on-board, secure ‘black box’. Cybersecurity

Though the report highlights cybersecurity as outside of its remit, its inclusion in the request for responses reaffirms the risk a cyber-attack could pose to an AV, its passengers and other road users.

The majority of consultees inputting into the report agreed that any safety assurance scheme should be responsible for cybersecurity and covered by an in-use regulator.

Many consultees expressed concern that any appropriate regulator must have the necessary AV tech expertise and resources to carry out its role successfully. AV technology is a complex and rapidly evolving area. A regulator must understand this and ensure it remains at the forefront of the market to enable it to both protect or enforce against breaches.

The key to this will be in ensuring any regulator co-operates closely with other government agencies, such as the National Cyber Security Centre.

It is also important to require the investigation and remediation of cyber-security incidents involving AVs, even where they have not directly caused traffic infractions. This can enable those in the industry to better understand and safeguard against cyber risks.

Cyber-attacks are not limited to AVs themselves. The same risk also applies to the external infrastructure that is needed for AVs to operate, such as traffic co-ordination technology. While likely to constitute separate offences, a regulator could help to ensure all offences involving AVs are investigated and handled in a consistent way.

Product liability law

The rate of technological advancement for AVs also provokes questions around whether current legislation is fit for purpose. For example, product safety laws may find themselves somewhat outdated in the face of AV technology.

Adding to this, is the fact that AVs stray over the legal line between goods and services, with the AV technology being contingent on continual Firmware Over-The-Air connectivity and software updates. A consumer may buy a vehicle, defined as goods, but then go on to purchase software or functionality upgrades that could be considered as services.

These limitations are not unique to AVs. Indeed, new technologies are coming to market all the time, with increasing interrelation between software and hardware.

Seeking to construct an AV-only framework to deal with these legal challenges could lead to inconsistencies with other consumer products.

This inconsistency is likely to be detrimental in an area of law where consumer expectation plays a major role.

The report recommends that a review of product liability law is not essential for the successful introduction of automated vehicles, opting instead to call for a wider review of the way that product liability law applies to new technologies generally.

The road ahead

The UK may see AVs tested on a large scale in the coming decade; however, it is clear that they are already having a significant impact on society. The Law Commission report successfully outlines many of the technical and legal barriers that need to be overcome, while utilising the consultation responses to chart a way forward for the industry.

There are questions still to be answered. The situation surrounding product liability law is a great example of the uncertainty ahead. This has to be expected.

Like at the outset of any new innovation or technology, a combined effort between designers, manufacturers, regulators, law firms, government and other stakeholders is needed to ensure the safe and successful roll out of automated vehicles on UK roads.

Sam Henegan is an associate at Shoosmiths.

Register now for full access

Register just once to get unrestricted, real-time coverage of the issues and challenges facing UK transport and highways engineers.

Full website content includes the latest news, exclusive commentary from leading industry figures and detailed topical analysis of the highways, transportation, environment and place-shaping sectors. Use the link below to register your details for full, free access.

Already a registered? Login

comments powered by Disqus