Auto­no­mous Dri­ving Act: a step in the right direc­tion, but legal risks remain

On 3 May 2021, the Trans­por­ta­ti­on Com­mit­tee of Germany’s Fede­ral Par­lia­ment held a public hea­ring on the ques­ti­on of auto­no­mous vehic­les. The sub­ject of the hea­ring was the fede­ral government’s bill for an Auto­no­mous Dri­ving Act (19/27439) (PDF only in Ger­man), which includes chan­ges to the Road Traf­fic Act and the Com­pul­so­ry Insu­rance Act. Among the experts at the hea­ring was att­or­ney Ste­fan Hes­sel.

Assess­ment of the bill by the experts

All of the experts who par­ti­ci­pa­ted in the hea­ring gave a posi­ti­ve assess­ment of the bill, on the who­le. Howe­ver, this bill is only the first step towards the more com­pre­hen­si­ve legis­la­ti­on which will be requi­red in this area. The bill allows the test­ing of auto­no­mous vehic­les so as to pro­vi­de a bet­ter sci­en­ti­fic basis for the eva­lua­ti­on of this tech­no­lo­gy, but is lar­ge­ly ina­de­qua­te for the ope­ra­ti­on of auto­no­mous vehic­les in traffic. 

Cyber­se­cu­ri­ty and data pro­tec­tion in auto­no­mous vehicles

Auto­no­mous vehic­les will face par­ti­cu­lar chal­lenges in the future with regard to poten­ti­al cyber­at­tacks, and this thre­at needs to be coun­te­red ear­ly on, par­ti­cu­lar­ly from the view­point of traf­fic safe­ty. Cyber­se­cu­ri­ty is one of the grea­test chal­lenges for auto­no­mous dri­ving. It was for this reason, in part, that the regu­la­ti­ons deve­lo­ped by the World Forum for Har­mo­niza­ti­on of Vehic­le Regu­la­ti­ons (WP.29), as a working par­ty of the United Nati­ons Eco­no­mic Com­mis­si­on for Euro­pe (UNECE), were imple­men­ted at the Euro­pean level, taking bin­ding effect in March 2021 . In light of the­se regu­la­ti­ons, the Ger­man bill for an Auto­no­mous Dri­ving Act must be regard­ed as a rather super­fi­ci­al solution.

Suc­cessful intro­duc­tion and imple­men­ta­ti­on of auto­no­mous dri­ving also requi­res clear rules gover­ning the use and pro­ces­sing of data, sin­ce auto­no­mous vehic­les pro­cess lar­ge quan­ti­ties of data. Asi­de from objec­ti­ve data, auto­no­mous vehic­les may also coll­ect per­so­nal data regar­ding the vehicle’s pas­sen­gers, as well as the per­so­nal data of indi­vi­du­als in the sur­roun­ding area. Regu­la­ti­ons are nee­ded in order to balan­ce the inte­rest of data sub­jects in the pro­tec­tion of their data against the need for manu­fac­tu­r­ers, ope­ra­tors and owners of auto­no­mous vehic­les to use this data, and the pre­sent bill does not go far enough in this regard. It should also be kept in mind that the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR) may crea­te enorm­ous chal­lenges for auto­no­mous dri­ving, e.g. in the form of noti­fi­ca­ti­on requi­re­ments, which appear unde­si­ra­ble even con­side­ring the inte­rests of data subjects.

Chal­lenges for ope­ra­tors and conclusion

The ques­ti­ons which the bill lea­ves unre­sol­ved should be addres­sed not by a natio­nal solu­ti­on, but rather by com­pre­hen­si­ve regu­la­ti­on at the Euro­pean level. The exis­ting regu­la­ti­ons at the Euro­pean level, which are the first of their kind and which have only recent­ly taken effect, are alre­a­dy crea­ting chal­lenges for the auto­mo­ti­ve indus­try: a clear legal frame­work is indis­pensable for the inte­gra­ti­on of auto­mo­ti­ve vehic­les into public road traf­fic. It will be neces­sa­ry to crea­te legal cer­tain­ty for ope­ra­tors, manu­fac­tu­r­ers and for the com­pe­tent aut­ho­ri­ties. At the same time, con­trol­lers need to make sure that they are com­ply­ing with the various legal requi­re­ments with regard to cyber­se­cu­ri­ty and data pro­tec­tion, which the auto­no­mous vehic­les bill does not con­so­li­da­te. We would be glad to help them do so.

Mr. Hessel’s full opi­ni­on can be found here (PDF only in German).


Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.