Worldwide: Connected And Autonomous Vehicles – Recent Regulatory Developments

Last Updated: 6 November 2017
Article by Philip Pfeffer, Joseph Falcone, Andrew Moir and James Allsop

The development of connected and autonomous vehicle technology continues to progress at a pace that legislators and regulators are struggling to match. Regulators are looking to develop standards to govern the design, testing and deployment of autonomous vehicles that will promote public safety while not impeding innovation. As described below, among recent developments, US lawmakers have just passed legislation that, if enacted into law, would provide standards for the nationwide introduction of automated vehicles. In addition, the UK government has proposed key cyber security principles for connected and autonomous vehicles and the German government has adopted an action plan to implement ethical guidelines regarding automated vehicles.

US House of Representatives passes package of bills relating to highly autonomous vehicles

Legislation that would pave the way for nationwide testing and deployment of "highly automated vehicles" ("HAVs") on US roads was passed on Wednesday 6 September by the US House of Representatives, marking the first effort by US lawmakers to impose federal regulation in this fast-moving area. The "Safely Ensuring Lives Future Deployment and Research In Vehicle Evolution Act,'' or the "SELF DRIVE Act," would establish the federal government's primary role in regulating HAV design, construction and performance, and replace the current patchwork regulation at the state level with a uniform system of HAV rules that HAV manufacturers and other stakeholders have sought, and which should enhance the innovation and deployment of HAVs in the US.

Key provisions of the SELF DRIVE Act include:

  • Clarification of federal and state regulatory responsibilities

    • The Act puts regulations addressing HAV design, testing, safety and performance squarely under the authority of the US National Highway Traffic Safety Administration ("NHTSA"), the federal agency responsible for road safety in the US, and pre-empts contrary state laws in these areas. This occupation of the HAV field by the federal government would supplant the often inconsistent and contradictory state regulations, which nearly all stakeholders deem an impediment to HAV innovation and testing.
    • The states would retain authority to regulate HAV registration, licensing, driver education, insurance, inspections and traffic laws, as they do for conventional vehicles.
  • Updated/new safety standards for HAVs

    • The NHTSA, within one year, is to issue a regulatory and "safety priority plan" for the development and deployment of HAVs in the US, with safety standard regulations to follow. Within two years, the NHTSA is to require submission of safety assessment certifications by HAV manufacturers reflecting safety-related test results and other data.
  • More HAV exemptions from current vehicle safety standards

    • Since current federal motor vehicle safety standards contemplate the presence of a human driver and consequently a steering wheel and brake pedals (among other things), certain HAVs would require exemptions from such standards prior to deployment. Under current law, the NHTSA can exempt up to 2,500 vehicles per year. The Act would increase the exemptions for HAVs, starting at 25,000 in the first year, and gradually increasing to 100,000 HAV exemptions three to four years after the Act takes effect. To secure an exemption, HAV manufacturers would need to show that the "overall safety level [of the HAV is] at least equal to the overall safety level of nonexempt vehicles."
  • Cyber security and privacy protections

    • The Act would require HAV makers to develop a written privacy plan regarding the collection, use, sharing and storage of information about vehicle owners or occupants collected by a HAV or automated driving system, and outlining how owners and occupants of the vehicle will receive notice of this policy. It also would require a written cyber security plan with respect to the practices of the manufacturer for detecting and responding to cyber attacks, unauthorised intrusions and "false and spurious messages and malicious vehicle control commands." The Act would create the Highly Automated Vehicle Advisory Council, which as part of its mandate would advise on whether the practices introduced by HAV manufacturers are effectively protecting consumer privacy and security.
  • Consumer education

    • To promote safety and consumer understanding of HAVs, the NHTSA is to issue regulations requiring HAV manufacturers to inform consumers of the "capabilities and limitations" of a vehicle's driving automation system or features.

The unanimous passage of the SELF DRIVE Act by the House reflects the broad and bipartisan support for this HAV initiative. Attention now turns to the US Senate, which is expected shortly to consider companion legislation to the Act (which then must be reconciled with the Act before it can be sent to the President for review and approval). Key Senate leaders have previously indicated support for federal legislation that would reinforce the federal government's primary regulatory role for HAVs while promoting innovation and safety. It remains to be seen whether any Senate legislation would track the House bill, or whether, for example, any Senate action would include larger commercial trucks, which were not part of the Act. While favourable Senate action is not a certainty, HAV manufacturers and related stakeholders can be cautiously optimistic that the US is on the path toward uniform federal HAV regulation.

UK Department for Transport issues guidance on cyber security requirements for connected and autonomous vehicles

In August 2017, the UK Department for Transport, in conjunction with the Centre for the Protection of National Infrastructure, published guidance setting out key principles of cyber security for use throughout the automotive sector, the connected and autonomous vehicles ("CAVs") and intelligent transport systems ("ITS") ecosystems and their supply chains.

The guidance aims to (i) address the potential risks of hacking and data theft associated with the development of connected and automated vehicles; and (ii) provide all stakeholders, including designers, engineers, retailers and senior level executives, with consistent guidance on cyber security.

The guidance is divided into the following eight key principles:

  1. Organisational security is owned, governed and promoted at board level.

    The guidelines place responsibility for product and system security at board level. The board should ensure that security programs are sufficient and that a 'culture of security' is fostered within the organisation. Crucially, the guidance advocates that members of the board will ultimately be held personally accountable for the product and system security.

  2. Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain.

    Organisations must ensure that an understanding of current and relevant security threats influence engineering practices, collaborate with third parties to enhance threat awareness and ensure that security risk assessment and management procedures are in place to deal with such threats.

  3. Organisations need product aftercare and incident response to ensure systems are secure over their lifetime.

    Organisations must plan how to maintain security over the lifetime of their systems and ensure that incident response plans are in place to respond to compromises of safety critical assets.

  4. All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system.

    Organisations must be able to provide assurances that security processes and products are sufficiently robust. Plans must be made as to how systems will safely and securely interact with external devices.

  5. Systems are designed using a defence-in-depth approach.

    The system security should not rely on single points of failure or anything which cannot be readily altered. Instead, defence-in-depth and segmented techniques should be applied to mitigate potential risks.

  6. The security of all software is managed throughout its lifetime.

    Organisations must adopt secure coding practices to manage software security risks. It must be possible to safely and securely update the software throughout its lifetime and return it to a known good state in the event it becomes corrupt.

  7. The storage and transmission of data is secure and can be controlled.

    Data must be sufficiently secure and personally identifiable data must be managed appropriately. Users must be able to delete any sensitive data held on the system.

  8. The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail.

    The system must be fail-safe and able to withstand receiving any corrupt, invalid or malicious data.

The publication of this guidance represents a further step by the UK government to regulate CAVs, having previously issued a code of practice for testing CAVs in 2015. The UK government also seems set to tackle the issue of insurance for CAVs, having announced in the Queen's Speech this year that a new insurance framework will be dealt with in an Autonomous and Electric Vehicles Bill.

German government adopts action plan to implement ethical guidelines for connected and autonomous vehicles

In June 2017, the German Ethics Commission on Automated and Connected Driving, which was appointed by the Federal Minister of Transport and Digital Infrastructure, published a report containing the world's first ethical guidelines for CAVs. The Ethics Commission is led by Dr Udo di Fabio, a former Federal Constitutional Court Judge and Professor at the University of Bonn, and is made up of representatives from law, philosophy, social sciences, technology, the automotive industry and software.

Last month, Germany's Federal Minister of Transport and Digital Infrastructure, Alexander Dobrindt, presented the report and the German Cabinet has adopted an action plan to implement its findings.

The report sets out 20 ethical guidelines, which will be reviewed after two years of use. Key principles of the guidelines include:

  • The protection of individuals takes precedence; the licencing of CAVs is not justifiable unless it reduces harm.
  • A balance must be struck between maximum personal freedom, development and the freedom of others and their safety.
  • Protecting human life is the first priority and systems must accept damage to animals or property in a conflict if necessary to prevent personal injury.
  • Technology should prevent accidents wherever practically possible and should be designed so that critical situations (e.g. dilemma situations where a vehicle must "decide" between two evils) do not arise – the spectrum of technological options should be used and evolved.
  • The "right" decision to make in a genuine dilemma (e.g. deciding between human lives) depends on the particular situation and cannot be standardised or programmed in an ethically sound manner; an independent public sector agency should process the lessons learned.
  • In the event of an unavoidable accident, any distinction based on personal features (age, gender, physical or mental constitution) is prohibited.
  • The law must reflect the shift of accountability from individual motorists to system manufacturers and operators and bodies responsible for making infrastructure, policy and legal decisions.
  • Liability for damage caused by CAVs is governed by product liability principles so manufacturers and operators must continuously observe and improve their systems where technologically possible and reasonable.
  • Vehicle users should be able to decide whether their vehicle data is forwarded and used.
  • It must be possible to identify when the system or the driver is responsible (e.g. where the driver can overrule the system); international standardisation of the handover process and its documentation is required.
  • The software and technology must be designed so that situations of abrupt or emergency handover are avoided and systems should adapt to human communicative behaviour.
  • In emergency situations, vehicles must be able to enter into a safe condition without human assistance.

The advent of CAV and ITS technology raises a number of novel and challenging ethical questions. There have been calls by a number of stakeholders for these issues to be taken out of the hands of manufacturers and addressed by government. Consistent with its desire to be at the forefront of the development of CAV and ITS technology, Germany is the first country to tackle this difficult issue. It will be interesting to see whether other countries now take up the task and, if so, whether they adopt a different approach.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Related Topics
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions