Autonomous Vehicles and the UK: Rise of the Machines

Although fully autonomous vehicles are not expected on the roads until 2025 (and some consider even that date to be optimistic), elements of the underpinning technology are already in use, for example, autonomous emergency braking systems. In any event, there is no doubt that the rise of autonomous vehicles will provide a number of benefits ranging from increased road safety and more streamlined transport networks to creating new jobs in the technology and automotive sectors.

However, in conjunction with these benefits, there will also be a number of challenges to overcome on the road to Level 5 automation ². This note will focus on some of them:

1. How will existing laws adapt to this emerging technology?
2. What will stakeholders do to exploit Big Data opportunities?
3. How will liabilities be backed-off across supply chains?

International framework - the need for change

The existing international framework is in need of a refresh. The challenge is whether the UK waits for the international community to agree an update to the existing framework or takes the initiative by updating its domestic legislation.

The current law in many parts of the world relating to traffic rules for vehicles is either governed by the Vienna Convention on Road Traffic, 1968 (Vienna Convention) or its predecessor the Geneva Convention on Road Traffic, 1949 (Geneva Convention). Both treaties share the concept of a driver being in charge of vehicles and that the driver must at all times be able to control their vehicles.

However, several important countries, including the UK and US, did not sign and ratify the Vienna Convention. This has some important consequences because the Vienna Convention is seen as being more restrictive than its predecessor (which has been signed and ratified by the UK) - although it should be noted that a recent amendment has been agreed which allows for autonomous driving provided there is a manual override option present in the vehicle. Therefore, for countries that only ratified the Geneva Convention, there is more scope to develop their laws independently as we move away from conventional driving. 

However, in order to move towards fully automated driving – where there is no driver present or the driver is relegated to the role of occupant – the current law (with its focus on driver control or manual overrides) needs to evolve.

The UK Government has acknowledged the need for legal amendments in its publication, "The Pathway to Driverless Cars" ³. It has promised that it will review and amend domestic regulations by summer 2017 to accommodate certain aspects of driverless technology. And this acknowledgement is not just limited to the UK; in 2015 the Transport Ministers of the G7 states and the European Commissioner for Transport approved a declaration highlighting the need to take steps to implement a uniform legislative framework which could apply across borders.

All these acknowledgements and declarations are laudable but the timetable for some, in light of the changes required, appear to be very ambitious and careful consideration is required to ensure a consistent international framework is developed (especially in relation to the testing of autonomous vehicles) which will be difficult given that different countries are at varying stages of implementation.

The UK is already making progress: for example, the Vehicle Technology and Aviation Bill has introduced a new insurance framework which requires insurance cover for autonomous vehicles for both times when the driver is in control and when the vehicle takes charge in the automated mode. The Bill has received positive feedback from the insurance industry, providing clarity as to how they should design their insurance products to cater for the autonomous vehicle revolution.

Big opportunities

In the "Internet of Things" world, where connected autonomous vehicles are sharing large volumes of structured and unstructured data at high speeds from a variety of sources (e.g. collecting data from car sensors, computing data using on-board IT systems, and sending/receiving data using electronic communications systems), Big Data opportunities represent big business.

This Big Data will vary, ranging from information on driver behaviour and traffic data to environmental data (e.g. weather conditions) and data on obstacles/emergencies ahead. Clearly, some of this data will include personal data and so vehicle manufacturers (OEMs) will need to consider data protection laws when it comes to the processing and storing of such data. This is especially true in light of the new General Data Protection Regulation (GDPR) coming into force in May 2018.

The main issues to consider from a data protection perspective are likely to be: (i) how to ensure individuals are properly notified about what personal data is collected, how it is used and who it is disclosed to; (ii) whether individuals are given any choice about the data collection; (iii) whether personal data could be used in a way which is potentially damaging or intrusive to the individuals (e.g. if their movements are mapped in order to target them for particular goods or services); and (iv) ensuring personal data is appropriately protected and secured. In any event, driver personal data collected for Big Data purposes will need to be subject to robust documented risk assessments so that organisations can demonstrate their compliance with the strict new rules in the GDPR. Failure to comply with the GDPR could give rise to very serious penalties, including fines of up to 4% of annual worldwide turnover.

The risks associated with non-personal data are also increasing. The Network and Information Security Directive, which will need to be implemented by EU member states by May 2018, will require operators of critical national infrastructure (including in the transport sector) to implement appropriate technical and organisational measures to manage network security risk, and to notify regulators of network security breaches regardless of whether personal data is affected. Failure to comply with the Directive could also lead to serious penalties: regulators will be able to impose penalties on infringing operators that are "effective, proportionate and dissuasive" (although we will need to wait for Member States' implementing legislation before knowing the precise level of such penalties).

Aside from understanding the data protection issues, OEMs, insurers and other stakeholders will also need to improve their capabilities when it comes to analysing Big Data efficiently so they can leverage its benefits to better understand their customers and their needs and create stronger relationships (e.g. personalised products and services to vehicle owners or cheaper car insurance for good drivers). This could be through internal changes (hiring data scientists to help analyse data sets) and/or external changes (procuring new software technologies to help them analyse data better). The latter requires an understanding of negotiating and contracting with software suppliers, including:

• agreeing an appropriate scope of licence aligned to the licensee's needs (e.g. is it sufficient for the software to be used for internal business purposes only or is a broader use required?);
• where data is also hosted by the supplier, understanding how data is kept secure, where it is hosted from and how it will be accessed post-termination (e.g. will the supplier back-up data and be liable for loss or corruption of data, will the format the data is provided in post-termination be capable of use by the licensee or any replacement supplier without incurring additional cost or effort?);
• appropriate warranties and indemnities need to be provided by the supplier to protect the licensee (e.g. third party IP infringement indemnities); and
• robust service levels need to be agreed (e.g. the supplier must commit to ensure the software is available for use by the licensee and all users during agreed times).

Liability - its shift and potential impact

In the fully autonomous driving world, where the vehicle is taking control out of drivers' hands, we will see a shift from personal liability to product liability with a focus on OEMs ensuring their products are designed safely to avoid accidents that could damage property or cause injury to people.

This shift will impact subcontracting relations as OEMs seek to back-off their enhanced liability to customers across increasingly complex supply chains. Historically, OEMs have benefitted from a powerful negotiating position vis-à-vis their supply chain: often imposing contractual indemnities on their subcontractors that are triggered in the event the OEM suffers loss or damage due to a subcontractor act or omission. However, as supply chains become more and more complex and technology dependant, we anticipate a shift in that balance of power as OEMs find themselves opposite larger and more sophisticated technology providers. Complex negotiations will no doubt arise as subcontractors seek to carve-out liability in specific circumstances (e.g. where a vehicle owner has failed to update software with new patches to resolve defects). Both suppliers and OEMs will need to carefully consider the risks to determine what can be accepted in this new world.

Insurance premiums and insurance cover will also be disrupted. Given that the majority of accidents are caused by humans (see "Key Statistics" above), motor insurance premiums will drop due to the reduced number of accidents. Thatcham Research has estimated that insurance premiums could fall by as much as 50% by 2025 ⁴. Although, on the plus side, the number of times insurers have to pay out on accidents will also fall due to the reduced number of accidents.

Despite this disruption to a core source of revenue for motor insurers, we anticipate new insurance opportunities arising as a result of this shift to product liability to cover risks such as software defects, negligent acts or omissions committed by in-house software developers and cybersecurity as well as the more prosaic risks that will continue to apply to autonomous vehicles such as insurance cover for weather-related risks, theft and vandalism.

What next?

Digital technologies are disrupting the traditional automotive industry. Whilst Level 5 autonomous vehicles are years away, OEMs, suppliers, insurers and other stakeholders need to start thinking now about how they will adapt to take advantage of Big Data opportunities, appropriately back-off enhanced liabilities across supply chains and open up new sources of revenue as traditional business models fall-away.