In our previous blog on this subject, we discussed the wider context in which the review of laws affecting driverless cars should take place. Within that context, there will need to be a really clear regime for determining legal responsibility for what happens to the different classes of autonomous vehicle. This will need to deal with who has liability for any accidents, who is responsible for maintenance and repair, and consequently, who will need to be insured and for what risks.
A paper produced by the UK parliament describes the levels of autonomy that a vehicle can have in the form of a sliding scale ranging from driver-only control to fully autonomous. At one end of the scale, is the introduction of limited automated systems, such as cruise control and anti-lock braking. At the other is a vehicle with no control by a driver at all.
We see three categories of automation that would need a separate approach to regulation and responsibility. The first category (we'll call it Class 1) is the lowest level of automation. Many of us already have this type of technology in our cars. Importantly, the driver remains fully responsible for the car, and must act if an emergency arises. We call this “Critical Event Control”, it is the responsibility of the driver to maintain overall control so that when a “critical event” occurs, the driver is legally obliged to take control and act accordingly.
With a Class 1 feature the driver would remain responsible for its use; the driver decides when to activate or deactivate the feature; the driver must remain alert and has responsibility for stepping in and taking over control in the event that something goes wrong. If an accident takes place while the Class 1 feature is activated, the assumption would be that the driver, not the manufacturer, is responsible. Even if a fault in the system can be shown, the manufacturer is only liable on the basis of current product liability type claims.
At the other extreme is the Class 3 system - full autonomy. There will be no responsibility for the driver, and indeed it would not be necessary for a driver to be present at all. In this case the manufacturer should be legally responsible for any damage caused (due to an accident, for example) unless it can show that another is partially or wholly responsible. The systems which the manufacturer has installed in the vehicle have “Critical Event Control”. There is no driver - anyone in the vehicle is a passenger. This is where Google, Nissan and many others are aiming,
In a Class 3 environment, third party responsibility could arise in accordance with current basic legal principles (such as contributory negligence – a passenger deliberately or accidentally damaging the system or the vehicle for example).
A key difference to current automotive products is that manufacturers should be responsible for the maintenance and repair of Class 3 vehicles. The driver or owner of the vehicle has no control over the device and therefore legal responsibility needs to rest with the manufacturer. The manufacturers would presumably insist on constant real time monitoring of the vehicles and "use by dates" or licences would be issued by the manufacturers on each vehicle for a certain number of operational hours. The vehicle would either shut down at the end of its life or, more likely, it would drive itself back to the manufacturer.
Manufacturers would likely insist on compulsory maintenance and support arrangements for both the software and the hardware used in the vehicle. At the end of the life of the Class 3 vehicle, it would need to be automatically decommissioned or re-licensed by the manufacturer for a further period (following a thorough service).
Obviously the role and responsibilities of the manufacturer could be transferred by contract to an insurer, or a third party fleet owner.
The introduction of Class 3 vehicles will have a disruptive impact on the way in which we buy, sell, own and use vehicles – but that is more the subject of a non-legal blog. The benefit for the manufacturer is likely to be recurrent maintenance and support revenues – the downside is that the buyers of vehicles are likely to become fleet managers rather than the general public.
In between Class 1 and Class 3 is arguably the more complex class. This category, Class 2, would be where the driver relinquishes control of the vehicle in a predetermined situation. This would involve a transfer of “Critical Event Control” at such time. An example of this would be Volvo's SARTRE road train project, for example.
A Class 2 feature would require an intermediate system with responsibility for the driver for part of the time, switching to responsibility for the manufacturer at the moment where the technology takes over. A clean handover would be needed from driver to car and back again, so that there is no ambiguity either in the mind of the driver or legally about where the responsibility lies.
For the period of surrendered control, the driver will not be responsible for the vehicle, the driver does not have “Critical Event Control”, if something goes wrong the assumption will be that the driver is not responsible. But, when control is passed back to the driver, he or she must once again take responsibility. He or she regains “Critical Event Control” at that point.
For this category, the system would need to be carefully calibrated to ensure that the point in time where “Critical Event Control” changes hands (and therefore responsibility switches from driver to manufacturer) can be recorded and determined absolutely. In addition, a condition of installing a Class 2 feature to a vehicle must be the ability of the vehicle to come to a stop in a safe place if the driver does not retake “Critical Event Control” when requested to do so by the system.
Taking Volvo's SARTRE project as an example:
- when the driver asks to join the road train, the system would take over. The manufacturer (or perhaps the driver at the front of the road train) would then assume responsibility.
- when the driver wishes to retake control, he has to request control and then it is handed back to him in a carefully controlled way but, crucially, the moment in time when he retakes “Critical Event Control” must be absolutely clear and unequivocal.
- should the driver of the road train or the system, wish the driver to retake control, it would have to ask the driver to do so. If the driver refused or did not for some reason retake control (he was asleep?) the system would need to be capable of bringing the vehicle to a stop in a safe place. The manufacturer would remain responsible until the vehicle had been brought to a stop in a safe place.
As with Class 3 features, these Class 2 features will need to have a “use by date” and a maintenance and support arrangement. A Class 2 feature which has expired will be switched off and will not work. The driver might ask the Class 2 feature to take control, but it will not work, The driver will therefore retain “Critical Event Control”.
The above is merely one suggestion as to how the legal regime for regulation, liability and responsibility could work. One thing is however clear, the current legislation which requires the driver to be in control at all times is woefully inadequate.
The UK government has announced a consultation to last until 19 September seeking views on a regulatory testing framework, but this only extends to test vehicles with a limited degree of autonomy, and with a driver ready to take control.
The technology is evolving rapidly. The only thing that is certain is that it will be with us faster than most of us think. Legislators should take the opportunity to develop the legal framework at the outset rather than reacting to evolution. The current UK Road Traffic Act 1988 revolves around the assumption that there will always be a driver in a vehicle. Tweaking these rules is not an appropriate place to start.