Few areas of technological advancement catch the public imagination quite like driverless cars. Perhaps it’s the sense that, until recently, autonomous driving seemed like science fiction or perhaps it’s because it seems that technology is about to give us back some of the endless personal time lost in the daily commute.

When is a vehicle autonomous?


Before looking at some of the specific legal challenges, we should be clear as to what we mean by an “autonomous vehicle”. While most people’s imaginations will immediately spring ahead to a fully automated vehicle which requires no human involvement, SAE International has developed a 6 level classification system for vehicle autonomy as follows: • Level 0: Effectively a standard vehicle that can issue warnings to the driver but has no control. • Level 1: Fairly commonplace technologies such as Adaptive Cruise Control, Parking Assistance with automated steering, and Lane Keeping Assistance. At this level, the driver must be ready to take control at any point. • Level 2: The driver must keep track of objects and events, in case the automated system fails to respond properly. However, the car can accelerate, brake and steer by itself. • Level 3: The car is capable of monitoring its surroundings and within relatively predictable contexts, such as motorway driving, the driver can safely do other things, although the driver must still be ready to take back control if needed. • Level 4: The vehicle can drive by itself in all but the most unpredictable environments. The driver does not normally need to pay attention once the autonomous system is activated. • Level 5: No human intervention is required, other than setting the destination. The vehicle is capable of driving safely by itself and making appropriate decisions. Only Level 5 vehicles are “fully” automated and they are already being trialled. For example, the California Department of Motor Vehicles recently approved steering wheel-less, foot pedal-less, mirror-less, driver-less vehicles to be tested on California roads in 2018 while the Tesla founder and serial entrepreneur Elon Musk has stated that Tesla’s Model 3 will be capable of Level 5 automation this year.

Legal liability in a driverless world


While engineers race to get us away from the wheel, lawyers and risk assessors are scrambling to figure out what this will mean for liability and insurance. Traditional road traffic liability issues centre around the core principle that, save in fairly rare cases of a vehicle defect, it is the driver who is responsible for damage caused by his or her vehicle. Every day in every county, bad driving results in criminal and civil liability. To cover civil liabilities, drivers purchase insurance, in fact vehicle insurance is one of only a few areas where insurance is compulsory, reflecting the reality that driving is dangerous and that victims of road traffic accidents caused by negligence should have access to monetary compensation. However, given that human error accounts for around 94% of motor vehicle accidents (mainly drunk driving and speeding), if we assume that autonomy will lead to safer roads, does this mean we can expect our car insurance bills to decrease?

What happens if we remove the driver from the equation?


As driving decisions move from humans to machines, it is not yet clear who is responsible for those decisions. Is it the manufacturers of the vehicle, the software engineers who write the algorithms and/or the hardware designers who build the sensors and does this all mean that the driver get off scot free? These concepts will test the minds of the courts who will be required to re-examine long-held legal principles of duties of care and negligence in light of the gradual displacement of drivers by machines. While it is too early to say, perhaps the earlier hypothesis of cheaper insurance is too optimistic – maybe it is only the nature of the insurance, and not the price, that will change as drivers are required to purchase product liability or cyber liability policies to cover the differing risks presented.

Regulation


As was the case when the first motor cars took to the streets, flag bearers to the fore, it takes time for regulators come up with policy positions and hard laws to answer these legal challenges. Existing road safety conventions such as the 1968 Vienna Convention on Road Traffic (Ireland is not a member) assume that a driver is fully in control and responsible for the behaviour of a vehicle in traffic. However, recent amendments to the Convention allow for the use of automated driving technologies or “driver assistance systems” which transfer driving tasks to the vehicle, provided that these technologies do not breach UN general safety requirements for vehicles or can be overridden or switched off by the driver. Another example of the changing face of regulation is the SELF-DRIVE Act which was unanimously approved by the US House of Representatives in September 2017. This Act is aimed at streamlining the rules governing self-driving cars, at least until permanent regulations can be adopted.

Road safety meets cyber safety


Another striking feature of the SELF-DRIVE Act is that car manufacturers will be required to provide a written cybersecurity plan to explain how they will address the potential threat to public safety and network security caused by any malicious access to the code operating their autonomous vehicles. As more vehicles become reliant on the Internet of Things for their functionality, the scale of damage which could be caused by hackers, terrorists or other malicious actors grows.

Big data, big brother


The artificial intelligence required to safely drive an autonomous vehicle is largely reliant on data. Smart cars are already pumping out terabytes of data on driver gestures, location, direction of travel, journey history, average speed and mileage. While much of that data relates to the vehicle and its surrounding environment, increasingly vehicles are able to gather vast quantities of real time data about the driver and other occupants of the vehicle. This is an area where Europe’s data protection laws are already lying in wait, with the commencement of the General Data Protection Regulation (GDPR) on 25 May 2018. The GDPR will enhance Europe’s existing stringent rules governing the collection, use, disclosure of personal data while imposing very significant sanctions (up to 4% of worldwide turnover) for non-compliance. As was the case with the advent of smartphones, the privacy law implications of vehicles that can accurately record the activities of their passengers will be a journey of its own. Consider questions such as whether law enforcement should have access to journey logs, whether all internet browsing history in a vehicle entertainment system should be owned by the vehicle manufacturer or whether a vehicle owner could create secret automated alerts when a specified person entered his or her vehicle. As with many aspects of autonomous driving, the technology already exists, but the law is gradually catching up. Authors: Rob Corbet is a Partner and Head of Technology & Innovation and Ciara Anderson is an Associate solicitor in Arthur Cox in Dublin. Rob.Corbet@arthurcox.com Ciara.Anderson@arthurcox.com