The development of autonomous vehicle (“AV”) technologies has been a recent focus of automotive and tech companies alike. One of the main driving forces for such development is its potential to bring major improvements to transportation safety. While undoubtedly promising, the new technology comes at some risk, impacting certain liability profiles.
Product liability risk
AV manufacturers must prepare for potential product liability risk when individuals or property are damaged by or in circumstances surrounding autonomous vehicles. Such product liability matters are most likely to centre around the AV technology, as opposed to driver, road, and weather conditions (thereby limiting defences). Product liability plaintiffs will likely pursue what a company did to fully understand its artificial intelligence (“AI”) capabilities, what inputs were used to guide AI, and how a product was programmed to react to various inputs.
As responsibility for accidents shifts away from drivers and toward those that design, manufacture, and maintain AVs, the pool of companies potentially liable for accidents will deepen—as will the complexity of sorting out who should be held responsible. One anticipated challenge will be assessing whether software or hardware caused a particular event, which will require litigants and courts to delve into, among other fairly novel subjects, the interactions between them. This may be particularly troubling for entities within the supply chain that lack access to proprietary source code, which often sits at the root of sorting this out.
AV manufacturers must prepare for potential product liability risk when individuals or property are damaged by or in circumstances surrounding autonomous vehicles
Product liability-based and related risks are also expected to have profound effects on how insurers approach AVs. Insurers are likely to increase focus on the AV market in the coming years—coverage will be important at each stage of AV-deployment, from the component and software manufacturers, to passengers.
US regulatory landscape
Despite these interrelated legal risks, there has been little in the way of concrete legislation introduced to address them in the US.
While the US National Highway Traffic Safety Administration (NHTSA) has offered guidance to the AV industry, its recommendations have been broad and voluntary, as seen in its January 2020 publication, Ensuring American Leadership in Automated Vehicle Technologies: Automated Vehicles 4.0 (“AV 4.0”), meant to unify efforts in automated vehicles across the federal government. NHTSA is actively researching unintended regulatory barriers to AV development and plans to update the Federal Motor Vehicle Safety Standards (FMVSS) and associated hurdles so that both accurately reflect new AV technology. NHTSA issued its first such proposed rule on 18 March 2020, which seeks to clarify ambiguities in applying current crashworthiness standards to vehicles without traditional manual controls.
Importantly, the US Department of Transportation’s (DOT) recent policies have established six automation principles that will be applied to DOT’s role in overseeing AV development: (1) prioritising safety; (2) remaining technology-neutral; (3) modernising regulations; (4) encouraging consistent federal and state regulatory environments; (5) providing guidance, research, and best practices to government and industry partners; and (6) protecting consumers’ ability to choose conventional and autonomous vehicles.
Insurers are likely to increase focus on the AV market in the coming years—coverage will be important at each stage of AV-deployment, from the component and software manufacturers, to passengers
At the state level, there has been more formal legislative activity around AVs. 29 states and the District of Columbia have enacted some form of AV legislation, and governors in 11 states have issued executive orders on AVs (five states have issued both). Most of that legislation, however, focuses on commercial activity, such as how closely autonomous vehicles can follow each other when they are coordinated (truck platooning).
Regulatory developments in China
7,000 miles away, the Chinese government has undertaken numerous efforts to promote AV development. Among these efforts is the 10 February 2020 release by China’s National Development and Reform Commission and ten other governmental agencies of the Strategies for Innovation and Development of Intelligent Vehicles (the “Strategies”).
The Strategies lay out a two-step plan for AV development in China: first, by 2025, China plans to create a systematic framework for technological innovation, industrial ecology, infrastructure, regulations and standards, product regulation, and network security in the AV market; second, from 2035 to 2050, China plans to fully establish an ecosystem for AVs.
The Chinese government has undertaken numerous efforts to promote AV development. Among these efforts is the release of the Strategies for Innovation and Development of Intelligent Vehicles
Notably, the Strategies additionally call for: enhanced research on legal and ethical issues, such as the nature of “robot drivers” and the apportionment of liability; the clarification of legal rights and obligations for all involved; the enactment of laws and regulations regarding testing, access, use, and supervision of AVs; and revision of existing laws and regulations to ease AV deployment.
Currently, AVs are permitted only in designated areas in China for road testing, as stipulated in the Administrative Rules on Intelligent and Connected Vehicle Road Testing, issued by the Ministry of Transport in 2018. Per these rules, where a traffic violation or accident occurs in the course of road testing, the “test driver” will generally be liable. As such, “test applicants” are required to secure insurance with coverage of no less than approximately US$700,000, and must report any accidents to regulatory authorities within a designated time.
Privacy and security
Today’s vehicles collect, store, and transmit data on vehicles, drivers, passengers, and even nearby pedestrians. Protecting and securing that data is critical to the growth of the global AV industry. To prevent data-related disruptions, governments in the EU and US have introduced legislation and AV industry-focused guidance on cyber security and data privacy.
An important part of the European strategy on AVs is the creation of a common European mobility data space, to be further developed in the Q4 ‘Smart and Sustainable Transport Strategy’. Several related EU legislative initiatives seek to regulate the handling of data critical to the AV space.
Though Europe is further advanced in its effort to enact legislation to ensure data protection, in the US, multiple federal agencies have sought to address questions of data privacy and cyber security in the AV industry
Securing AV-related datasets has been a major focus for EU legislators as well. In January 2020, the European Data Protection Board adopted its guidelines on processing personal data via connected vehicles and mobility related applications. In November 2019, the influential European Union Agency for Network and Information Security (ENISA) published, ‘ENISA puts Cybersecurity in the driver’s seat’, aimed at identifying relevant AV data assets, emerging threats, and potential security measures and mitigation strategies.
Though Europe is further advanced in its effort to enact legislation to ensure data protection, in the US, multiple federal agencies have sought to address questions of data privacy and cyber security in the AV industry. NHTSA has established a Vehicle Cybersecurity Response Process for Incidents Involving Safety-Critical Systems. Moreover, DOT’s AV 4.0 reports that NHTSA is conducting cyber security research to identify and secure entry points at every layer of an AV’s network infrastructure.
NHTSA has also published non-binding guidance that urged all those involved in AV manufacturing and deployment to adopt the general cyber security recommendations published by the National Institute of Standards and Technology (“NIST”). Over the past two years, NIST has homed in on the security challenges presented by the increasingly robust Internet of Things (the foundational network on which AVs rely), and has published multiple papers on how both manufacturers and other IoT participants can address those challenges.
Since AV technology is an emerging field, its legal landscape is still evolving. AV manufacturers, companies designing and building AV-related systems, and all related suppliers must be cognizant of potential product-liability risks, and the shift of liability
Outside the West, China is planning to take major steps to develop a robust AV data management system, and to establish a wide-reaching framework for securing AV data—two efforts addressed in its Strategies. China also plans to establish a security responsibility framework covering AV manufacturers, electronic component suppliers, network operators, and service providers.
What AV industry participants need to know
Since AV technology is an emerging field, its legal landscape is still evolving. AV manufacturers, companies designing and building AV-related systems, and all related suppliers must be cognizant of potential product-liability risks, and the shift of liability with AVs that takes away certain user-centric legal defences that have traditionally been available.
In particular, those involved in the AV industry should bear in mind the following:Consumer warnings and disclaimers do not necessarily provide protection from liability, and the current race to market can drive companies to add functionalities that are sometimes unproven. If you can design away a product defect, companies cannot avoid liability simply by sticking a warning on the product. Pay close attention to the volumes of data generated by smart and connected vehicle components, and what needs to be preserved in the event of litigation. Consider other ways to use data to mitigate liability. Be ready to address hacking vulnerabilities and software problems as they become evident. Consider embedding in contracts with software suppliers the right to see pertinent source code if needed. On the cyber security front, strive to develop and achieve the cyber security measures outlined by NIST. Be familiar with AV-related reporting mechanisms in the event of a data breach. Consider investing in specialised areas of insurance coverage tailored to AV technology. Indemnification and subrogation issues are also likely to loom large as AV technology continues to develop. Be ready to provide such data to regulators at short notice, accompanied by any necessary analysis. Such data should include how often the vehicles are being used; maintenance schedules; which product issues are being reported and how quickly the company responds; and detailed cyber security measures implemented to secure vehicle data. AV developers should be forward-looking as regulators continue to catch up; legislative obstacles are likely to continue to fall, offering ample opportunities for innovation.
About the authors: Rebecca Chaney, Maarten Stassen and Evan Chuck are Partners at Crowell & Moring LLP