Legal implications of digital twins in the supply chain

Through IoT and connected sensors, a digital twin can be connected to its real world counterpart and replicate the physical scenario in which the copied object is functioning or operating in a digital format that can be used for many different purposes: 

• Digital twins could be applied for example to test different solutions and applications, to monitor the functionality of a real product and prevent accidents or malfunctions, to predict the need of maintenance and to simply gather data and information that can then be used and monetised.

• A digital twin copy of a vehicle with live connection to the real product can be used to store a number of critical data, and then become a testing platform on which experiments can be continued or new settings or parts can be tried on.

• A digital twin of a logistic system can be used to test alternative routing and storage solutions, monitor its functioning and check critical activities.

• A digital twin of a production line can monitor in real time the same, predicting possible failures, and be the testing environment in which changes or new tools can be digitally tried before being ordered to suppliers.

• A live digital twin can help identify the cause of a malfunction and become evidence to be used in Court to settle disputes.

Legal implications and solutions

Legal implications are many and can be quite challenging, especially in the absence of a regulated legal framework that could set standards and provide a safe common base to rely upon. It is therefore required to regulate relationships between users of a digital twin technology through carefully written contracts.

Normally a supplier of the technology would like to minimise its exposure and provide limited warranties, while the customers of a digital twin would usually ask for the exact opposite, and all other parties involved in the use of the system will sit in between, trying to avoid liability as much as possible.

Data used to set up and feed a digital twin must be as precise and complete as possible and constantly updated and controlled to ensure the reliability of the output obtained from the twin.

Data protection implications must be taken care of by applying privacy by design principles, making sure that no unauthorised personal data processing is triggered by mistake or by the unwanted use of AI or other automated solutions.

Cyber security must also be built in the system to protect the digital twin solution from being used as an entry point to the actual real world product, tool or system that is being mirrored, and to avoid the digital twin to be used as a perfect blueprint of its physical counterpart.

Although intellectual property of the digital twin technology will normally stay with its provider, a very careful regulation must be put in place not only for the rights on the various datasets but also to regulate the trade secrets or other IP rights that are contained and manipulated through the digital twin , to avoid that the most precious assets of a digital twin user are not lost or exposed.

EU Trade Secret legislation can be successfully used to protect essential data and information that cannot be otherwise be protected using other intellectual property rights, and this includes manufacturing and assembly secrets, usage data, IoT sensor data and the combination of all the information.   

Liability must also be carefully taken into account in all digital twin contractual regulations, to make sure that it is correctly segregated and shared between all the stakeholders that are taking part in the development of the solution or are in some form contributing or using the same.

Real world serious consequences can in fact derive from a mismanaged or unregulated digital twin solution, especially when it is used to monitor or control a complex system (like a critical infrastructure, or a live real world system) or when it is used to manufacture or modify a physical product that is then used or commercialised on the market.

Contracts will therefore have to govern the peculiarities of digital twin solutions and should be granular enough to cover the most important risks and legal implications, but they also have to be flexible enough to adapt to the technology and the real world connected counterpart evolutions. A good faith continuous negotiation and monitoring of the contract should be considered and put in place between the parties, to follow the evolution of the system and to keep track and manage all the valuable information that can be obtained by this technology that allows to build a digital back up or the real world.