The future car
Policy and regulation: trying to keep up
Vehicle manufacturers already face a wide range of rules on how their products are built and operate, many of which stem from environmental and safety concerns.
For connected autonomous vehicles (CAVs), the latter is paramount. But with the rules of the driverless road evolving at different speeds around the world, successfully completing the millions of miles of testing needed is a challenge.
Automotive players are also caught by data protection rules. A connected vehicle generates a huge amount of data that could be monetised. But so far car companies have chosen not to go down this route – partly because data processing and sharing is fraught with regulatory complexity.
So how can automakers bring products to market in this uncertain landscape while also gaining an advantage over their rivals?
Connected cars raise a range of challenges for manufacturers and suppliers. With technology comes data, but they will only be able to take advantage of it with the right strategy.
The data generated by connected cars has huge potential value to car companies, mobile operators, insurers and content providers alike. Google has built an all-conquering information business on its knowledge of our internet habits. Similar insights into our behaviour behind the wheel offer huge potential for monetisation.
At present, a combination of solutions – embedded (where the processing power and connectivity come from the vehicle), tethered (intelligence from the vehicle, connectivity from the driver’s SIM, phone or USB key) and integrated (intelligence and connectivity provided by a mobile device) – are used to deliver different connected services to the dashboard.
Embedded systems tend to provide ‘always on’ services (eg emergency alert systems and remote access) while tethered and integrated systems typically enable navigation, communication and infotainment. Each of these systems gathers information on our music tastes, interests, location and driving style. Autonomous driving generates yet more data – not only about what is going on in the car but also about the vehicle’s surrounding environment. So how do manufacturers and suppliers take advantage of this intelligence – and what regulations do they need to be aware of?
The holy grail for manufacturers is a car with an embedded internet connection that can move seamlessly from region to region, delivering services on the move and harvesting valuable data in return. Embedded systems become even more important in the push for CAVs. After all, what use is a self-driving car if it needs a phone to operate?
All the major automakers provide embedded connectivity solutions – from GM’s Onstar to Renault’s R-Link and Audi’s Connect.
A range of different models have emerged, each with a different regulatory risk profile.
Some manufacturers have developed their own systems that include an in-built SIM card and collect and process data themselves, entering into contracts with drivers and the mobile companies that provide the network access.
Others fit technology provided by a mobile operator, which collects and processes the data and charges the driver as they would one of their standard telecoms customers.
The third model involves outsourcing the connectivity to a specialist machine-to-machine (M2M) provider, which then enters into agreements with the end user and the network operator. The M2M company installs its technology in the car, collects and processes the data, and passes it back to the manufacturer for analysis.
In the first model, the car company has full access to the data but must invest in developing the technology and build servers to store and process it.
According to Christoph Werkmeister, partner in Freshfields automotive group and telecoms expert, this route also brings some novel legal risks. ‘Once a car manufacturer provides bundled connectivity services including network access to end-users, they could be regarded by the authorities as a telecoms service provider,’ he says.
A car manufacturer that provides bundled connectivity services could be regarded by the authorities as a telecoms service provider.
Christoph Werkmeister, Freshfields principal associate
This of course means they may therefore be subject to stringent telecoms regulations. ‘These can bring specific notification or licence issues, data protection requirements as well as technical and public security obligations,’ Christoph continues. ‘On the other hand, if a carmaker leaves the customer relationship for connectivity services to third parties, it loses an important element of the value chain, and the product might be less attractive because it’s less integrated and not as easy to use.’
Modern cars are fitted with sensors and systems that generate huge amounts of data. Most of the information never goes beyond the vehicle itself. But with their business models under threat, some carmakers must be tempted to monetise that data.
If so, who can access and process this data? This is not clearly addressed in most jurisdictions, so manufacturers and suppliers have some tricky judgement calls to make. For example, they might want to share the data with third parties such as repair businesses and insurance companies.
But in the EU for example, that requires consent from the data subjects, ie car owners/drivers. And that requires carmakers to convince customers that they stand to benefit from handing over information about their driving habits.
Most modern cars have telematics systems that measure vehicle performance and notify their owners when the more routine issues need addressing, such as the oil needs changing, tyres are losing pressure or a service is due. Carmakers are also offering enhanced telemetry services as an add-on to customers, potentially adding another revenue stream. But can a carmaker really only warn a driver that their brakes are about to fail if they are being paid to do so?
Rolf Trittmann, co-head of Freshfields’ automotive group, says: ‘Manufacturers have affirmative reporting obligations in many jurisdictions if they know of a defect or they think they may have to recall vehicles. These obligations are driven by what the manufacturers know, so if they’re collecting more and more information, they are also raising their disclosure obligations.’
Manufacturers that collect telemetry data about their products might detect more faults and therefore raise their disclosure obligations.
Rolf Trittmann, co-head of Freshfields’ automotive group
Freshfields data protection partner Norbert Nolte adds: ‘If a company that wants to repair a vehicle requires access to telemetry data, the data owner would need to hand it over. But if it only makes the information available to its preferred suppliers, this could be construed as anticompetitive behaviour.’
Data regulation poses a huge challenge for the makers of connected vehicles. Anything that can be associated with an identifiable natural person is subject to data privacy laws. So if a manufacturer wants to process, for example, the geolocation data from a vehicle, there is a high chance that this will only work with consent from the data subject.
That itself throws up a number of issues. First, where would that data be stored? If it is stored within the vehicle in a ‘black box’ device that needs to be accessed physically, the manufacturer might need the consent of the vehicle owner before doing so. But how can this be obtained when a car is not only used by its owner but also by people who are not known to the service provider and cannot be directly addressed by them?
Automated-driving data – what Germany is doing
Like many other countries, Germany wants to become a leading market for autonomous driving. To support this aim, it amended its driving laws in 2017, helping remove legal uncertainty for drivers, owners and manufacturers.
As well as now defining and allowing automated driving, Germany’s revised Road Traffic Act states that vehicles with an automated driving system must be equipped with a black box to help allocate fault and liability in the event of an accident. The box records when the system switches between automated and manual modes, when the system prompts the driver to take back control and whether any technical malfunctions occur. The box also records where and when these events happen via the vehicle’s GPS data.
The Act allows for the data to be transferred to the authorities in the event of a traffic incident. It also allows for the registered owner to transfer the data to other interested third parties, such as insurers.
The data must be deleted within six months – or within three years if the vehicle is involved in an accident.
Further detailed, technical rules on data collection, storage and security are expected in due course.
Further issues arise if the vehicle data was uploaded automatically to a data storage facility managed by the manufacturer or by a third party. Having such live information could be the foundation for new data-based business models, but it significantly raises the level of compliance risk. This could be reduced by anonymising or pseudonymising the data, but may not be appropriate following an accident, for example.
‘Automakers might be tempted to store data from internal cameras and sensors to assess liability in the event of a crash or a misuse of the technology, Christoph Werkmeister says. ‘But they may not be able to use it in court, depending on the circumstances. They would also have to carefully plan where to put their servers. Transferring data across borders has become a lot more complex. The EU has a single set of data protection rules, but there are currently more than 70 data protection regimes around the world, which presents a significant issue for global car manufacturers.’
Manufacturers that collect and store driving data need to carefully plan where to put their servers as transferring data across borders can be complex.
Automakers must also be alive to the risks posed by any third-party IT suppliers. If a manufacturer collaborates with a tech company to provide connected services and that partner breaches data protection regulation, then the former may also be liable. And even though car companies are not legally responsible for the actions of their IT partners, they may still suffer reputational damage if data is lost or misused.
This changing regulatory landscape is particularly challenging for the auto industry. How do they develop new products when the laws are constantly evolving?
The answer may lie in a fundamental change to the entire development process. ‘Car manufacturers need to consider the concept of “privacy by design”,’ Norbert Nolte says.
‘In Europe, the EU’s general data protection regulation makes both privacy by design and by default legal requirements. So if a carmaker doesn’t consider data protection principles when developing a new vehicle, they may not be able to place it on the market in the EU. Elsewhere, you cannot predict what the future requirements of legislation may be, so manufacturers need to think about how they might deactivate features in certain jurisdictions without deactivating everything. In the worst case scenario, you can imagine a situation where cars that are badly designed from a data privacy perspective become the next wave of product recalls.’
Privacy by design and by default are legal requirements under the EU’s general data protection regulation. So if a carmaker doesn’t consider these when developing a new vehicle, they may not be able to place it on the market in the EU.
The concept also applies to the way telemetry data is handled. ‘Privacy by design can mitigate risk for manufacturers,’ Christoph Werkmeister says. ‘They can try to collect data in a way that doesn’t identify individuals, and modify the way that they process and collect it. If, for example, the owner is the only person who can access particular data sets, then the privacy impact is reduced.’
CAV technology is well advanced. Many manufacturers already offer vehicles with some self-driving functions, such as lane control, emergency braking and parking assistance. Some carmakers say they are aiming to produce Level 5 vehicles – those with full automation, ie where no human intervention is required – in the 2020s.
The six levels of driving automation/autonomy
0. No automation – the driver does all the driving, as per most cars currently on the road
1. Driver-assisted automation – the driver must remain alert and in control, but the vehicle has some driving-assistance features, eg cruise control and parking assist
2. Partial automation – the driver must remain alert and ready to take control, but the vehicle’s autonomous features are more advanced, eg acceleration, braking and steering
3. Conditional automation – the vehicle can drive itself under certain circumstances, allowing the driver to ‘switch off’ until asked to intervene (referred to as 'high automation' in Germany)
4. High automation – the vehicle can drive itself under most circumstances, without anyone having to intervene ('full automation' in Germany)
5. Full automation – the vehicle drives itself in all circumstances, ie everyone in the vehicle is a passenger ('autonomy' in Germany)
To make their countries leaders in this field, governments are scrambling to evolve their regulations to cater for the testing and use of self-driving cars. But the rules are not generally changing fast enough to keep pace with the industry.
It’s vital that carmakers and their development partners can test CAVs in the ‘real world’, so they need a site with sufficient traffic, infrastructure and unanticipated hazards to challenge their technology. But balancing these requirements with public concerns around safety can slow the rule-making process down. And the development process can be stifled too, of course. For example, Uber was forced to close down its Arizona testing operations after one of its vehicles knocked over and killed a pedestrian in the state.
A total of 21 US states – including Arizona – have passed laws related to the street testing of CAVs. But while the country was ranked third overall in KPMG’s 2018 autonomous vehicles readiness index, it was only ranked 1oth for policy and regulation. The report stated that a lack of national standards was hindering the country’s development of autonomous vehicles. Not for want of trying.
The AV START Act – an attempt to permit up to 100,000 autonomous cars on public roads – was approved by the Committee on Commerce, Science, and Transportation in November 2017 but has since stalled in the Senate.
Road rules – what Germany is doing
Like many other countries, Germany wants to become a leading market for automated/autonomous driving. To support this aim, it amended its driving laws in 2017 to define and allow automated driving, helping remove legal uncertainty for drivers, owners and manufacturers.
Automated – but not autonomous – driving is allowed in Germany if the system is used according to its intended purpose and the automated driving function is in line with vehicle type-approval law (UN/ECE regulations or art.20 of Directive 2007/46/EC). The driver does not have to monitor the system all the time. But they must be able to immediately resume control of the vehicle as soon as either the system prompts them to do so or they realise – or, due to obvious circumstances, must realise – that the driving situation demands it.
Manufacturers have to guarantee in the description of an automated driving system that it conforms to all the conditions set out in the legal definition.
Despite this law-making effort, the use of automated vehicles of level 3 or even level 4 in Germany is still subject to possible obstacles under type-approval law (see below).
In the UK, the government has introduced various initiatives to encourage the development of driverless technology, such as establishing its Centre for Connected and Autonomous Vehicles and publishing a code of practice for testing driverless cars. But the country’s road traffic rules will remain unchanged until at least 2021, when the government concludes its three-year examination of the legal obstacles that the introduction of self-driving cars might raise.
Singapore has taken a different approach. In an attempt to replicate the real world but reduce the chance of an accident, the city state has built a two-hectare mini town, complete with typical roadside infrastructure, for testing autonomous buses. The government said it planned to use the data gathered to draft the necessary regulations by the end of 2018.
At an international level, the UN’s Vienna convention on road traffic (which sets the rules in 75 countries) was amended in 2016 to explicitly allow automated driving technologies to take over a vehicle in traffic – as long as the system is in line with UN/ECE regulations.
Before autonomous vehicles can be fully ‘let loose’ on our streets, a lot still needs to change from a regulatory perspective. The division of responsibility between the driver and the system needs to be clear – as does the extent to which the driver can turn their attention away from driving. What are the situations where a driver must realise they must regain control of the vehicle?
Before autonomous vehicles can be fully ‘let loose’ on our streets, the division of responsibility between the driver and the system needs to be clear – as does the extent to which the driver can turn their attention away from driving.
As we have seen, some jurisdictions are addressing these issues. But to allow for international travel, those rules will eventually need to be harmonised – ideally at the global level. In the meantime, manufacturers will have to consider how automated driving systems behave when the vehicle crosses a national or state border: should the vehicle warn the driver or should the system disable itself?
For their vehicles to be road legal, manufacturers must follow detail technical rules on how their products are built and perform. These specify, for example, the components and materials that can be used, the size of the windscreen, and the power and direction of the lights.
As CAVs become more automated/autonomous, these homologation rules are going to have to change to specify how a vehicle’s electronic systems interact with each other and the driver to ensure a reasonable level of safety.
At an international level, amendments to UN/ECE Reg No.79 in 2019 on steering systems and/or a totally new UN/ECE regulation on automated vehicle functions are expected in 2019. The UN/ECE's working party on automated/autonomous and connected vehicles is currently discussing these topics.
However, UN/ECE Reg No.79 is not a global standard as it has not been implemented by the US and Canada.
Type approval – what the EU is doing
The EU has a type-approval system that allows a national authority to certify that a vehicle conforms to EU safety, environmental and production standards. Once type-approved, the vehicle can be marketed across the EU.
The type approval is usually based on compliance with the UN/ECE regulations. However, the relevant European directive also allows for exceptional approvals in some cases.
The European Commission aims to make the EU a global leader for fully automated and connected mobility systems. To this end, it has said it will invest in research to adapt the type-approval rules to take into account not only advanced driver assistance systems but also legal, societal and ethical issues around driverless mobility.
Manufacturers are still free to produce vehicles with an internal combustion engine (ICE). But the momentum is with electric vehicles (EVs). In Europe, for example, various initiatives are incentivising carmakers to electrify their products. Indeed Volvo has said that, from 2019, it will design all its vehicles to be hybrid or fully electric.
At the EU level, the European Commission has its ‘Europe on the move’ initiative, which aims to promote clean, competitive and connected mobility. A 2018 EU regulation has already tightened up the type-approval of new vehicles, including more stringent emissions tests. In the longer term, the Commission is proposing that average CO2 emissions of new passenger cars and vans in 2025 will have to be 15 per cent lower than the figure for 2021, and 30 per cent lower by 2030. It has also announced the first-ever CO2 targets for heavy-duty vehicles.
For EVs, battery technology is of course critical. China leads the way in terms of battery manufacturing capacity (and EV sales) by some margin, so Europe’s automotive sector needs to adapt to remain a world leader. In 2017 the European Commission launched the European Battery Alliance (EBA). Made up of industry, interested member states and the European Investment Bank, the EBA aims to create a ‘competitive and sustainable’ battery manufacturing industry in Europe consisting of 10 to 20 ‘gigafactories’.
The Commission wants the initiative to cover the entire battery ‘ecosystem’ so that there is a common regulatory approach and standards on issues such as charging features, manufacturing and disposal/recycling. But it acknowledges that Europe is well behind the curve. Marking the first anniversary of the EBA, the Commission pointed to the progress that had been made. But the Commissioner for the Internal Market, Industry, Entrepreneurship and SMEs Elżbieta Bieńkowska said: ‘If Europe wants to lead and compete with other big industrial players around the world, we need to hurry up.’
With more EVs also comes more demand for charging infrastructure. The Commission has not addressed this in its ‘Europe on the move’ initiative, perhaps because the planning decisions relating to charge points tend to be highly localised. So it’s down to member states to take the initiative on the rollout of charging infrastructure.
Charging infrastructure – what the UK is doing
The UK government has stated that by 2050 nearly all cars and vans should be zero-emission vehicles. But it says that consumers willing to buy an electric vehicle (EV) are currently deterred by lack of information, accessibility and convenience of vehicle charging points.
To increase consumer confidence and support the mass take-up of EVs, the UK introduced a law in 2018 that opens the way for further, more detailed rules on the provision of vehicle charging infrastructure.
Once introduced, the new rules will require large fuel retailers and motorway service areas to install charging points. They will also require the operators of charging points to use common payment methods, share information with each other and adopt standard connection technologies.
The law has further provisions relating to public information-sharing for charging points (cost, location, availability, etc) and the ongoing transmission of charging-point data to the electricity distribution network.
Various manufacturers have also developed their own initiatives, such as Tesla with its Supercharger locations. Other mainstream carmakers will surely follow. But they may run into problems as they effectively become infrastructure providers and are banned from excluding other manufacturers’ vehicles.
Overcoming this problem will require a very big political/regulatory effort, particularly as countries move against ICE vehicles. For example, Austria, China, France and the Netherlands plan to phase out the sale of new ICE vehicles over the next 20 years or so; Japan, Portugal and Spain have incentives to buy EVs; Ireland and Norway are doing both.
And then there are local initiatives giving EVs preferential access to existing road infrastructure. These are often prompted by high levels of urban air pollution. For example, Paris, which already limits pre-1997 vehicles but still suffers from smog, is to ban diesel cars by 2024 and petrol ones by 2030. In London, some streets are already limited to electric, hybrid and hydrogen vehicles; more generally, from April 2019, higher emission vehicles will have to pay extra to enter inner London on top of the standard ‘congestion charge’.
Other cities in Europe, such as Oslo, Hamburg and Madrid, also have plans to ban older or all vehicles from their streets. Even Stuttgart – home to Mercedes-Benz and Porsche – is moving to ban the worst-polluting vehicles.