“The next 10 years will see an automotive technology revolution the likes of which we haven’t seen since the Model T Ford”

Senior Manager at an OEM

According to a March 2015 report by KPMG, written in conjunction with The Society of Motor Manufacturers & Traders, entitled “Connected and Autonomous Vehicles – the UK Economic Opportunity”, the development of connected and autonomous vehicles (‘’C&A vehicles’’) ‘’will provide huge social, industrial and economic benefits to the UK’’. This is estimated by KPMG to be a prize worth £51 billion per year by 2030. These benefits include improved safety, reduced congestion and environmental efficiency, increased productivity and job creation, as well as greater mobility for all.

In order to reap those benefits, the automotive industry in the UK must lead the way in the technological development of C&A vehicles (which is already happening), through collaboration across a wide range of industries1  and stakeholders, including involvement of Government and Government Agencies such as Innovate UK.

The UK has the advantage of having not ratified the Vienna Convention on Road Traffic 1968 (which precludes the use of driverless vehicles), such that testing of C&A vehicles can take place on UK roads without new primary legislation needing to be passed. Many other countries have legislative barriers to such testing taking place, which are in the process of being addressed. But it will take time for them to remove those barriers and catch up. And this is why the UK is presently leveraging this “test bed” unique selling point, with four cities (Bristol, Coventry, Milton Keynes and Greenwich, London) approved and leading the way in trialling a range of autonomous automotive technologies.

However, the regulatory framework in the UK must undoubtedly be updated to support such technological developments and to ensure that there are no legislative barriers to future progress in the field of C&A vehicles. The Department for Transport’s report entitled: ‘’The Pathway to Driverless Cars: A detailed review of regulations for automated vehicle technologies’’ of February 2015 (the “Department for Transport Review”), highlights a number of clear action points, the implementation of which would greatly assist the growth of the autonomous vehicle industry here in the UK. The key action points require fast implementation to ensure that UK legislation remains fit for purpose and ahead of the curve or, at the very least, in tune with such technological advances.

Civil and Criminal liability

Under UK civil law, all drivers are required to exercise the standard of care of a competent and careful driver. If a driver negligently breaches this duty, they assume a civil liability to other road users. Case law provides an indication of how Courts have historically determined liability. In addition, statute (Road Traffic Act 1988) sets down the criminal law offences that a driver is at risk of committing, should their driving fall short of the prescribed standards.

However, UK statute is drafted on the assumption that a vehicle will have a human driver (although this is not a specific requirement). Difficult legal questions therefore arise with autonomous vehicles in the event of an accident, including in terms of allocation of who it is that is deemed to be in overall control and responsible for the vehicle – the human “manual driver” or the “autonomous driver” (and ultimately the manufacturer of that technology)?

There is clearly an emerging issue as to whether the current state of the law is applicable and sufficient as autonomous technology develops apace, and whether it should be specifically updated to address who is to be legally responsible and ultimately liable for the operation and/or use of C&A vehicles – the driver, the owner, the manufacturer or another party? Other tricky questions include whether a higher standard of driving should apply to vehicles operating in an automated mode than is expected of a conventional “manual”  driver?

The UK Highway Code may well need to be updated too to address and guide road users as to how best to interact with C&A vehicles. Vehicle MOT testing may also need to change in the coming years to deal with C&A vehicles.

Product Liability

The Consumer Protection Act 1987 (CPA) provides a cause of action against manufacturers, for compensation, in the event that damage (including death or personal injury) is caused by a “defective product”. As it stands, the CPA will certainly apply to manufacturers of C&A vehicles. Again, the key question of liability in respect of death or injury caused by an autonomous vehicle is likely to arise. For instance, if particular features of an autonomous vehicle are misused, will it be just to find that fault for a collision lies in a vehicular defect? What if an autonomous vehicle is found to have a defect, but a human has, or has not when required, taken control of the autonomous vehicle shortly before a collision occurred? There may be black and white cases where fault clearly lies with the human or the “computer”, but it is the grey areas where responsibility could be argued to move from human to computer or vice versa that will present very difficult civil (and potentially criminal) scenarios.

A clear way of presently addressing these issues appears to be to permit manufacturers to fit “black box” Event Data Recorders (EDR) to vehicles as an industry standard. This would provide for the recording/analysis of data in the event of a collision, confirming the specific circumstances of that collision and assisting in allowing fault to be appropriately attributed accordingly. This would need incorporating into UK regulations. It is fair to say that the introduction of EDR as an industry standard will be somewhat of a minefield in all areas – from data protection to insurance and liability. And where such data is disputed or unreliable, it could result in lengthening  trials and increasing and disproportionate legal costs.

Computerised Decision Making?

This is both an opportunity and a challenge. Advanced software, algorithms and data analytics will undoubtedly be required to make sense of the ‘big data’ generated by C&A vehicles and vehicle sensors. Interesting legal and ethical dilemmas abound too in terms of computerised decision making and the least-worst options taken in the event of a crash scenario. OEMs, software and mapping providers face key challenges in meeting these challenges and the associated reputational risks.

Regulations on Vehicle Use

UK legislation also needs to address who can operate autonomous vehicles. Autonomous vehicles have the benefit of vastly increased social inclusion if those who are currently excluded from driving (e.g. the profoundly disabled, banned drivers, under-aged drivers) can operate them – but, whether or not an individual who does not currently hold a driving licence can operate an autonomous vehicle unfettered will clearly need to be addressed. Questions to consider when extending the current scope of the UK driving licence will include: (i) whether the current age for applying for a driving licence will change, (ii) whether those with disabilities which currently preclude them from driving will be included in the extended scope, and (iii) whether a new, specifically designed, driving test will need to be introduced.

In addition, in order to ensure that C&A vehicles are operated safely, legislation needs to clearly define the required standard of use of C&A vehicles. For instance, can a user of an autonomous vehicle drink in excess of the current legal limit, given that they will not technically be “driving” the vehicle? Will the human driver still need to be sufficiently compos mentis and/or be physically able to take over the vehicle controls if required?

Privacy and Data

The whole question of “big data” generated by autonomous vehicles, including who actually owns and can share that big data (and who can potentially monetise the value of it), remains the million dollar issue that the industry is currently wrestling with.

In addition to the fitting of EDRs to C&A vehicles, further data will be transmitted to and from C&A vehicles – for instance, locational data.

Data collected by a C&A vehicle from which an individual can be identified must be handled in accordance with the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR).

Broadly speaking, UK data protection law requires that: (i) personal data should only be obtained for specified lawful purposes and when personal data is collected, individuals should be informed about how it is going to be used, (ii) personal data should be relevant and not excessive in respect of the purpose for which it is collected, and (iii) personal data is kept securely and is not stored for longer than is necessary. The consequences for breaching the DPA include: monetary penalties of up to £500,000, prosecution for criminal offences, audits conducted by the Information Commissioner’s Office, and enforcement/“stop-now” orders.

Therefore, drivers and keepers of C&A vehicles must be made aware of and understand what data their vehicle is collecting and what it might be used for, and manufacturers of such C&A vehicles will need to ensure that the technology they are developing is capable of strict compliance with these DPA and PECR requirements.

The ability for some degree of mandatory data sharing may require incorporation into EU law to assist the development of technology – for instance, the EU’s eCall initiative (due to be implemented in April 2018), which requires new cars to be equipped with technology that will automatically dial the EU’s single emergency number in the event of a serious collision, providing the emergency services with details of the vehicle’s exact location. It is fair to say that increasing connectivity, data generation and sharing of data across borders is both an interesting opportunity and an undoubted challenge for regulators and industry alike.

Cyber Security Standards

Such advances in technology bring with them the attendant risk of a “cyber hack”, which theoretically has the potential to endanger lives. C&A vehicles will be connected to the Internet, to each other and with digital infrastructure, and features such as Wi-Fi and Bluetooth connectivity are being termed the “attack surface” – i.e. features  that could be vulnerable to hackers seeking to access vehicle control systems2. A recent example of the risk of a “cyber hack” is the report by a prominent security researcher that some of Nissan’s electric “Leaf” cars are easy to hack, potentially allowing their heating and air-conditioning systems to be hijacked and details about recent journeys made to be accessed.  This highlights likely future risks to be considered when developing technology in this area. Hardware, software and networks (including telecommunications standards) must be developed that embed security protections and which are resistant to and capable of withstanding cyber-attack.

Coupled with this, it is likely that higher legislative security standards than presently exist will need to be developed and implemented in the UK to protect C&A vehicles from hacking. Those higher security standards should seek a uniform approach across all manufacturers  to ensure that there is no “weak link” if vehicles connected to one another are targeted at the same time. Industry collaboration and joint ventures will need to meet this challenge.

In addition to malicious cyber hacking, there is a risk of personal data hacks in respect of data obtained and stored by C&A vehicles. The regulatory framework may need to become more bespoke and stringent to ensure tight security controls, protections and penalties are established; as well as more generally, appropriate physical, cyber-physical and regulatory and compliance systems infrastructure being developed to meet the needs of this burgeoning autonomous technology.

This is not just a UK legislative issue. It will undoubtedly need to be addressed at EU level by regulators in Brussels to deliver consistency across Europe and to help shape global “best practice” standards.


C&A vehicle technology has the potential to completely disrupt and transform the insurance industry as “big data”, including telematics about driver behaviour, journeys, accident events and safety, becomes more easily available. Directive 2009/103/EC obliges the insurance of all vehicles in the EU against third party liability and is implemented in England and Wales by virtue of The Road Traffic Act 1988. Again, the question of liability arises in respect of insurance.  A driver would clearly need to retain insurance for any vehicle that still had manual features and/or could be switched between modes. However, when a “driver” becomes a “user” of a vehicle, it becomes far less clear cut as to whether it is the user, or the manufacturer, who should be ensuring that the autonomous vehicle is insured.

Before the autonomous automotive industry can become the norm in the UK, the question of liability will need to be determined from an insurance perspective, as well as from a civil/criminal liabilities perspective. Liability could well shift from drivers to manufacturers (i.e. driver risk to product risk), with establishing cause becoming complex and urgent and in-car technology being the primary driver  of risk. The Department for Transport Review indicates that the Government will be working alongside the insurance and automotive industries when developing key requirements in this area. Whether or not insurance premiums will really fall as C&A vehicle technology advances remains to be seen, but it is an expected benefit.


The UK undoubtedly remains very well placed to be a key player in the growing C&A vehicle industry in the UK, EU and globally. And unlike many other nations, the Code of Practice already developed by the UK Government leaves the UK extremely well placed in terms of continuing to test and develop driverless cars and the technologies  of tomorrow on UK public roads today3. Nevertheless, time is of the essence in further addressing the key action points identified by Government and industry to date – and not least because: (1) C&A vehicle technologies are already being tested on UK public roads and other public places, and (2) technology is already being developed that will very quickly move ahead of existing legislation, regulation and regulatory frameworks.

Legislation can and must adapt quickly as new technological features are developed, and prior to fully autonomous vehicles becoming universally accepted in the UK. Indeed, it is vital that workable regulatory and legal frameworks for C&A vehicles are quickly established4; so that clear, “fit for purpose” legal, regulatory, compliance standards and frameworks are in place in good time and which can more easily keep pace with the rapid development of the connected, autonomous and semi-autonomous technology that is going to be developed by premium brand OEMs5 over the next few years.

The UK should act now to ensure that it does not surrender its present unique advantages as a technology test-bed and, beyond that, must not lose out on the significant financial, industrial and societal benefits of leading the way in the development of these exciting, innovative and paradigm shifting C&A vehicle technologies6.