Auto­no­mous Dri­ving Act: a step in the right direc­tion, but legal risks remain

On 3 May 2021, the Trans­por­ta­ti­on Com­mit­tee of Germany’s Fede­ral Par­lia­ment held a public hea­ring on the ques­ti­on of auto­no­mous vehic­les. The sub­ject of the hea­ring was the fede­ral government’s bill for an Auto­no­mous Dri­ving Act (19/27439) (PDF only in Ger­man), which includes chan­ges to the Road Traf­fic Act and the Com­pul­so­ry Insu­rance Act. Among the experts at the hea­ring was att­or­ney Ste­fan Hes­sel.

Assess­ment of the bill by the experts

All of the experts who par­ti­ci­pa­ted in the hea­ring gave a posi­ti­ve assess­ment of the bill, on the who­le. Howe­ver, this bill is only the first step towards the more com­pre­hen­si­ve legis­la­ti­on which will be requi­red in this area. The bill allows the test­ing of auto­no­mous vehic­les so as to pro­vi­de a bet­ter sci­en­ti­fic basis for the eva­lua­ti­on of this tech­no­lo­gy, but is lar­ge­ly ina­de­qua­te for the ope­ra­ti­on of auto­no­mous vehic­les in traffic. 

Cyber­se­cu­ri­ty and data pro­tec­tion in auto­no­mous vehicles

Auto­no­mous vehic­les will face par­ti­cu­lar chal­lenges in the future with regard to poten­ti­al cyber­at­tacks, and this thre­at needs to be coun­te­red ear­ly on, par­ti­cu­lar­ly from the view­point of traf­fic safe­ty. Cyber­se­cu­ri­ty is one of the grea­test chal­lenges for auto­no­mous dri­ving. It was for this reason, in part, that the regu­la­ti­ons deve­lo­ped by the World Forum for Har­mo­niza­ti­on of Vehic­le Regu­la­ti­ons (WP.29), as a working par­ty of the United Nati­ons Eco­no­mic Com­mis­si­on for Euro­pe (UNECE), were imple­men­ted at the Euro­pean level, taking bin­ding effect in March 2021 . In light of the­se regu­la­ti­ons, the Ger­man bill for an Auto­no­mous Dri­ving Act must be regard­ed as a rather super­fi­ci­al solution.

Suc­cessful intro­duc­tion and imple­men­ta­ti­on of auto­no­mous dri­ving also requi­res clear rules gover­ning the use and pro­ces­sing of data, sin­ce auto­no­mous vehic­les pro­cess lar­ge quan­ti­ties of data. Asi­de from objec­ti­ve data, auto­no­mous vehic­les may also coll­ect per­so­nal data regar­ding the vehicle’s pas­sen­gers, as well as the per­so­nal data of indi­vi­du­als in the sur­roun­ding area. Regu­la­ti­ons are nee­ded in order to balan­ce the inte­rest of data sub­jects in the pro­tec­tion of their data against the need for manu­fac­tu­r­ers, ope­ra­tors and owners of auto­no­mous vehic­les to use this data, and the pre­sent bill does not go far enough in this regard. It should also be kept in mind that the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR) may crea­te enorm­ous chal­lenges for auto­no­mous dri­ving, e.g. in the form of noti­fi­ca­ti­on requi­re­ments, which appear unde­si­ra­ble even con­side­ring the inte­rests of data subjects.

Chal­lenges for ope­ra­tors and conclusion

The ques­ti­ons which the bill lea­ves unre­sol­ved should be addres­sed not by a natio­nal solu­ti­on, but rather by com­pre­hen­si­ve regu­la­ti­on at the Euro­pean level. The exis­ting regu­la­ti­ons at the Euro­pean level, which are the first of their kind and which have only recent­ly taken effect, are alre­a­dy crea­ting chal­lenges for the auto­mo­ti­ve indus­try: a clear legal frame­work is indis­pensable for the inte­gra­ti­on of auto­mo­ti­ve vehic­les into public road traf­fic. It will be neces­sa­ry to crea­te legal cer­tain­ty for ope­ra­tors, manu­fac­tu­r­ers and for the com­pe­tent aut­ho­ri­ties. At the same time, con­trol­lers need to make sure that they are com­ply­ing with the various legal requi­re­ments with regard to cyber­se­cu­ri­ty and data pro­tec­tion, which the auto­no­mous vehic­les bill does not con­so­li­da­te. We would be glad to help them do so.

Mr. Hessel’s full opi­ni­on can be found here (PDF only in German).