Autonomous Driving

The technical and legal framework for connected, automated and – still limited to approved operating areas – driverless vehicles is undergoing rapid change.

Fully autonomous driving is no longer just a vision, but a realistic scenario. By replacing the human driver, the fully autonomous vehicle will eliminate the greatest risk factor in managing road traffic, which promises sustainable improvements in traffic safety. Automated functions will also increase user comfort and leisure time by enabling the system user, who is no longer driving the vehicle, to focus on other activities. Until then, however, the automotive industry will need to overcome not only technological but also legal challenges.

Vehicle registration

For the first time, German road traffic law provides requirements for the approval of autonomous vehicles at SAE level 4. Their use remains limited to officially approved areas of operation (so-called defined operating areas). During operation, an external supervisor must also be able to deactivate the driving function (so-called technical supervision).

The basis for admission to traffic is a special operating license, which is issued by the Kraftfahrt-Bundesamt (German Federal Motor Transport Authority) upon compliance with extensive design specifications. Pursuant to the pertinent legal requirements, the technical equipment must, inter alia, be able to fully comply with all traffic regulations applicable in the relevant operating area. Furthermore, the legal framework requires a system for mastering dilemma situations that recognises the interests at stake in the event of an unavoidable accident and prioritises them accordingly. In this respect, the protection of human life is a priority and its weighing up based on personal characteristics such as age or gender is prohibited in the case of unavoidable alternative threats to human life. Finally, the legal framework requires vehicle manufacturers to develop a compliance concept to ensure electronic and electric vehicle safety against (cyber) attacks throughout the entire life cycle of the vehicle.

European type-approval legislation

Automated driving systems (ADS) of self-operating vehicles are now also regulated by EU type-approval law, which raises legal conflicts and uncertainties in relation to the national approval law described above. Technical specifications for their type-approval have been part of the so-called ADS Regulation since August 2022, allowing not only traditional vehicle manufacturers, but also technology companies to have ADS type-approved. In addition, regulations on the EU vehicle type-approval of autonomously moving vehicles have now been introduced at European level. To this end, the Framework Regulation (EU) 2018/858 has been extended by a delegated regulation to include technical requirements for self-piloted vehicles. This enables vehicle manufacturers to apply for EU type-approval for fully automated vehicles produced in small series. EU whole-vehicle type-approval of fully automated vehicles produced in unlimited series is to become possible by July 2024.

Liability law- accidents

In case of accidents involving robotic vehicles, questions relating to liability and coverage under insurance laws are particularly pressing. Since automation functions are so new, manufacturers will, for example, have to provide extensive information about the performance and limitations of their systems. Inadequate instruction manuals or insufficient danger warnings could lead to claims against manufacturers.

Completely new liability issues also arise when an AI-controlled robotic vehicle is involved in an accident. First of all, the human driver is no longer available as a potential liability subject. The now obligatory technical supervision, on the other hand, is only liable according to the principles of tort law, which is why its fault is not presumed. This leads to considerable problems of proof for victims of an accident. With regard to damages caused by the malfunction of an automation product, the paradigm shift towards product and producer liability is irreversible and likely to be further promoted by the EU Commission's recent proposal for a revised product liability directive. At the same time, it is important to monitor the general developments in liability law for AI products, such as the current proposal for a directive on AI liability. The self-driving vehicle of tomorrow ultimately represents only one – albeit extremely significant – application of this product group.

Liability law - recourse in the supply chain

With an increased focus on producer liability, seeking recourse in the supply chain will become more of an issue, for example if a laser sensor installed by the vehicle manufacturer or software procured from a third party were to cause damage. Given the numerous parties involved in the operation of automated or self-driving vehicles, which in addition to IT suppliers might include mobile communications, cloud and navigation system suppliers, complex liability and recourse questions are likely to arise.

Liability law - Contractual risk allocation

The large number of parties in the supply chain makes a clear description of the various interfaces indispensable, not only from a technical but also a legal perspective. Similarly, the question of the appropriate contract model in each individual case arises. One needs to distinguish between “multi-party contracts” and networks of multiple individual contracts.

Data protection aspects

Connected vehicles generate enormous amounts of data. Manufacturers, mobile network operators, insurers or even providers of infotainment services can use this data to gain comprehensive insight into the vehicle's location, condition and routes, driving style, internet habits and other preferences of the driver. In practice, this raises new legal questions about permissible access to vehicle data and its use and commercialisation. 

The requirements for the digital data storage of autonomous vehicles are now regulated by special legislation. Manufacturers are obligated to develop a GDPR compliant security concept that includes appropriate technical and organisational measures for personal data protection. "Privacy by Design" solutions are recommended in this context, which already take data protection requirements into account during the development of automation systems. Shortcomings in this area are often difficult to eliminate once the basic design of a system has been established.

Increased M&A activities and joint ventures

Technological progress has a sustainable impact on the value chain in the automotive industry. The interconnectivity and automation of vehicle systems has drastically increased the importance of software suppliers, internet service providers and technology companies. Traditional suppliers and OEMs are increasingly responding by pursuing takeovers and mergers.

Changes in traditional business models

As a result of the convergence between the automotive and technology industries, conventional business models are being put to the test. The traditional vehicle purchase - geared towards a one-time transaction - is increasingly being replaced by the use of connected car services as an independent component. The latter corresponds more to a licence or usage contract to be qualified as a continuing obligation.

Vehicle manufacturers will now have to consider the entire life cycle of their products - not least for regulatory reasons. For example, it is mandatory by type-approval law to ensure the cyber security of a vehicle type until the end of the life cycle of all vehicles of this vehicle type. The same applies to the establishment of so-called software update management systems (e.g. to carry out over-the-air (OTA) updates).

Bird & Bird & Automotive

With experts in all major jurisdictions in Europe, Africa, the Middle East, Asia-Pacific and North America, our automotive experts have in-depth knowledge and comprehensive expertise related to the technical, commercial and legal challenges in the automotive sector. We work hand in hand to provide pragmatic and commercially viable solutions that are aligned with our clients' individual business models.

We advise on all legal issues relating to connected, automated and autonomous driving, including:

  • Vehicle registration law and regulatory aspects;
  • Product liability and product safety: assessment of product liability risks, handling dispute resolution, recall and field actions as well as advice on product liability and cyber risk mitigation;
  • Drafting and negotiating commercial contracts and agreements, including cooperation, supply, development, logistics and distribution agreements;
  • M&A and joint ventures;
  • Protection and exploitation of IP rights; and
  • Data security and data protection, big data and data ownership.

Show More Show Less

What's on TwoBirds TV?

More Videos

Quantum Computing in the Automotive Industry

Read more

Related capabilities

At a Glance: Autonomous Vehicles

Latest developments around the world regarding driverless cars

Read more


Bird & Bird offers support in the full range of product liability matters, and regularly acts for manufacturer, designer, distributor and supplier clients. The team has notable know-how in the technology, IT and automotive industries.

Legal 500 2022