What's different about the IoT liability chain?
- Complex chain of stakeholders – where does the risk/liability sit?
- OEM (car) manufacturer?
- Hardware supplier?
- Software supplier?
- App developer?
- Connectivity provider?
- Cyber risk/hacking - security vulnerabilities inherent in the connected environment.
- Tangible impact of technology and connectivity failures/cyber-attacks on the physical world (a malfunctioning connected car will crash potentially causing damage to property and people).
- Use of "big data" (for example sensor data and location data) to inform decision making/prevent harm.
- Product Liability
- Autonomous vehicles will likely comprise products and components manufactured at different levels (and across different industries) in the supply chain. These will include traditional automotive parts and new technological products which will need to be integrated in the completed vehicle.
- Who is liable for the 'product' in the event of a crash caused by a malfunction of a vehicle that is steering itself? Is it the manufacturer of the vehicle itself, the manufacturer of the vehicle's ECU or other hardware, the company that designed the software or interfaces that the vehicle uses, or someone else?
- The algorithms that determine how the vehicle will 'behave' during a collision raise challenging questions. If the vehicle determines that a collision is inevitable, should it continue on course, or swerve to hit another vehicle or mount the pavement, potentially reducing harm to the occupants, but increasing the risk of harm to others?
- The introduction of automated alert systems complicates these issues still further. At what level of automation is the vehicle still under the driver's actual control? It may be a complex question of fact as to what (or who) has caused a collision.
- Negligence and Vicarious liability
- Does the recipient of large amounts of intelligent data generated by a vehicle that it owns or operates have a duty to act upon it on a real time basis? As an example, if a haulage driver at the end of a shift is constantly triggering lane departure warnings, and the haulage company can identify that fact in real-time, are they obliged to do anything with that information?
- In the event of an accident, could that company be in breach of its duty of care to third parties for failing to do so?
- Connectivity Failures
- What happens in the event of a connectivity 'outage' in an environment where milliseconds matter? In circumstances where that infrastructure is predominantly operated by third parties who do not owe any duty to the manufacturer, what should the manufacturer build in to the vehicle as a fail-safe in the event of an 'outage'?
- How will the insurance industry meet the challenges identified above for both the manufacturers and the users of this technology?
- Will we see a trend away from insuring the driver or user of autonomous vehicles, and towards the manufacturer?
How can IoT stakeholders mitigate against the risk?
- Adoption of clear contractual risk allocation models across the IoT supply chain
- Insurance cover
- Managing security and other vulnerabilities across the product lifecycle, by:
- building precautionary steps into product design (by using encryption and virus protection technology, for example)
- implementing regular software patches and updates
- use of 'big data' to enable predictive maintenance?
- Implementation and use of automated alert systems to enable early identification and resolution of issues?