Frank Henkel | Dimitri Schaff
Times are changing in the automotive industry, and fast. Blaming German car manufacturers for being asleep at the wheel when gearing up for the electric-vehicle age used to be a common feature of bashing the German automotive industry. When looking at autonomous-driving technology, the story appears to be entirely different.
According to a survey by Cologne based Institut der Deutschen Wirtschaft, in the period from 2010 to 2017, German carmakers and automotive suppliers had filed significantly more patents for self-driving car technology than most other global automotive companies. Market leadership is evidenced not only in the advanced technology itself, but also in the chances of its speedy commercialization. Given Germany’s strong premium-car segment, German car manufacturers are in a particularly strong competitive position in the self-driving vehicles market segment. Premium-car customers already are now able and willing to pay for advanced assistant systems, and seem prepared to pay for the features of autonomous cars.
Many German car manufacturers are already today laying the foundations for the changes in the mobility landscape that will, amongst others, be triggered by growing numbers of autonomous vehicles. The trend from ownership of cars toward car sharing in urban and rural settings is just one phenomenon to be expected. Partnerships between carmakers, ride-hailing firms and tech companies are evidencing this trend – the recent merger of the entire mobility services offerings of BMW and Daimler is just one prominent example.
With technology progressing steadily, the remaining challenges to a wider, serial roll-out of higher levels of automated driving in vehicles (SAE levels 3 and above) are still to be found in the current regulatory framework in Germany.
Car manufacturers have thus taken a phased approach focusing primarily on introducing partially and certain highly automated driving functions into premium vehicles – while fully automated (with the driver still capable of exerting control) and even autonomous driving functionality (no human driver, only human passengers) is, at least on public roads, still reserved to the testing stage.
The pressure on the German and European legislators to further promote the adaptation of the current regulatory framework to allow for higher levels of automated or even autonomous driving functionality has increased. With the automotive industry being an important pillar of the economy, the German parliament has passed a long expected revision of the German Road Traffic Act (Straßenverkehrsgesetz), which is perceived to provide additional guidance on the permissibility of certain levels of automated driving. A similar milestone is seen from the technology regulation side in the most recent and still ongoing adaptations to the UNECE regulations.
(i) German Road Traffic Act and UNECE regulations
(1) Revision of German Road Traffic Act specifically addressing automated driving
A major step towards reforming the German road traffic regime was made with the revision of the German Road Traffic Act (Straßenverkehrsgesetz), which entered into force in June 2017. The revision adopts basic requirements for certain automated driving functionalities and sets out specific duties for drivers of cars offering such automated driving functionality. Without using the nomenclature established by SAE International with its industry-wide accepted five levels of automation, the German legislator stayed in line with the Vienna Convention on Road Traffic (Wiener Übereinkommen über den Straßenverkehr) and continued to hold fully autonomous driving functions inadmissible on German roads.
1. General requirements for the operation of (highly) automated driving functions
The new revision introduces a set of mandatory conditions which must be met by automated driving systems in order to comply with the German Road Traffic Act:
- The automated driving system has to be able to recognize and follow all traffic rules which otherwise have to be complied with by a human driver.
- At any time, the human driver must be able to override or deactivate the automated driving system.
- Technical measures must be installed recognising and notifying the driver about (i) critical situations in which the driver has to take over vehicle control or (ii) the automated driving functionalities are used contrary to the conditions of use designated by the manufacturer.
Though generic and lacking technological details, it is widely acknowledged that the above conditions can be met on the basis of the currently advanced state of automated driving technology, in particular sensors.
(ii) Driver’s duties and obligations
The revision of the German Road Traffic Act still refers to the car driver as the person who starts and uses the car for transportation purposes even if certain driving functionalities are operated in an automated way. This set outs an important key characteristic in relation to the role of the car driver in relation to automated driving functionalities: by stressing the responsibility of the car driver, the German legislator has rejected the admissibility of such automated driving functionalities where the role of the car driver is reduced to a mere passenger without any possibility to take over control of the vehicle.
The driver is obliged to resume control immediately whenever the driving system requires him to do so. The same obligation to resume control also applies in situations in which the driver identifies – or could have identified – a defect of the automated system. At the same time, however, the driver is not required to permanently monitor the systems while sitting behind the wheel but may pursue other activities during automated driving phases such as responding to calls or exchanging emails via the infotainment-system as long as the driver remains aware of critical situations. It remains to be seen though how this generic requirement will be interpreted by courts in particular accident scenarios.
(1) Amendment of UNECE Regulation No. 79
The United Nations Economic Commission for Europe (UNECE) recently introduced a major amendment of the UNECE Regulation No. 79, which entered into force on 10 October 2017. This regulation concerns the vehicle’s technological steering equipment that is crucial for the admissibility of automated and autonomous driving functions.
1. Introduction of new nomenclature of automatically commanded steering function
The amendment implements a set of different levels and categories of steering automatisms – similar to the SAE nomenclature. Specific and individual provisions within the UNECE Regulation No. 79 apply to each of this category in order to address the specific issues – especially as regards security – that arise with the respective level of automation. The amendment comprises six different categories of automatically commanded steering functions (ACSF):
- ACSF Category A: Function which operates at a maximum speed of 10 km/h to assist the driver, on demand, in low speed or parking manoeuvring.
- ACSF Category B1: Function which assists the driver in keeping the vehicle within a chosen lane by influencing the lateral movement.
- ACSF Category B2: Function which – upon activation – keeps the vehicle within its lane by influencing the lateral movement for extended periods without further driver commands.
- ACSF Category C: Function which – upon activation – can perform a single lateral maneuver (e.g. lane change) when commanded by the driver.
- ACSF Category D: Function which – upon activation – can indicate the possibility of a single lateral maneuver (e.g. lane change) but performs that function only following a confirmation by the driver.
- ACSF Category E: Function which – upon activation – can continuously determine the possibility of a maneuver (e.g. lane change) and complete these manoeuvres for extended periods without further driver commands.
In contrast to the SAE nomenclature, these ACSF categories merely address steering functions regarding the lateral movement of a vehicle. UNECE Regulation No. 79 only sets out requirements and standards for the steering equipment of a vehicle. As of today, the UNECE Regulation No. 79 in its current form only permits automated steering systems of ACSF Categories A and B1. Hence, all systems with a higher level of steering autonomy are currently not admissible and not within the scope of the regulations’ specific provisions outlined below.
2. Overview of the general requirements for admissibility
UNECE Regulation No. 79 with its latest amendment stipulates detailed requirements for automated steering functions of ACSF Category A and B1. As regards ACSF Category A and remote parking systems, the operation of such systems is not allowed above a speed of 10 km/h. This speed limit, however, no longer applies to higher categories of ACSF but rather leaves it to the manufacturer to define the maximum operational speed – at least for systems falling under ACSF Category B1. It is further stipulated for ACSF Category B1 systems that the lateral acceleration during the system’s operational phase shall not exceed 2.5 – 3.0 m/s².
Further, the relevant provisions available for ACSF Categories A and B1 strongly emphasize the requirement of constant control by the driver at any time during the system’s operation. Automated steering functions shall only be activated by a deliberate action of the driver. Also, it must be ensured that the system can be deactivated at any time by a single action of the driver in order to maintain the driver’s steering operability.
When operating an ACSF Category B1 system above 10 km/h the system must ensure that the driver is holding the steering wheel at any time. If the driver releases the steering wheel an optical warning signal shall be provided after 15 seconds. After 30 seconds an additional acoustic warning signal shall be triggered. After 60 seconds of unattended steering operation the system shall be automatically deactivated and warn the driver simultaneously with emergency signals which are different from the previous acoustic warning signals.
In general, the UNECE Regulation No. 79 attaches great importance to warning signals for every phase of the systems operation as well as for potential defects and malfunctions. The optical warning signal to the driver to place his hands on the steering wheel shall essentially be the below depicted optical warning symbol:
Cf. sec. 220.127.116.11.5 of UNECE Regulation No. 79 (Revision 2 – Amendment 3).
A comprehensive testing plan for corrective and automatically commanded steering functions is annexed to UNECE Regulation No. 79, which requires car manufacturers to fulfil the relevant stipulated test requirements.
- Outlook on future amendments/proposals
On 26 December 2017 a new proposal for further amendments of UNECE Regulation No. 79 was submitted for later discussion at the World Forum for the Harmonization of Vehicle Regulations Geneva in March 2018. The proposal comprises specific provisions and requirements for the admissibility of ACSF Category C and introduces a new standard for emergency steering functions. Such functions can automatically detect potential collisions and activate the vehicle steering system for a limited duration in order to avoid or mitigate a collision.
(iii) Automated driving functionalities and vehicle registration in Germany
(1) German vehicle registration process
Participation in public road traffic in Germany is, amongst others, subject to a dedicated registration regime:
- According to the German Vehicle Registration Regulation (Fahrzeug-Zulassungsverordnung) each vehicle participating in public road traffic in Germany needs to have a vehicle registration with the local homologation authority (Zulassungsstelle).
- A prerequisite for obtaining a registration for a manufactured serial car in Germany is in principle that the car conforms to an approved classification type, which ensures that the relevant safety and environmental standards are fulfilled.
- Manufactured serial cars in Germany are generally registered on the basis of the EC type-approval classifications as set out in the German EC Vehicle Approval Regulation (EG-Fahrzeuggenehmigungsverordnung), which has transformed EC directive 2007/46/EC into German law.
- The EC type-approval itself in Germany is granted by the German Federal Motor Transport Authority (Kraftfahrt-Bundesamt). The latter especially takes into account the UNECE Regulations on uniform technical prescriptions for vehicles and vehicle parts.
Following the revision of the German Road Traffic, it will thus be essential for car manufacturers to adhere to the respective UNECE Regulations as the latter will be key to obtaining the EC type-approval. Beyond UNECE Regulation No. 79, as far as automated driving functionalities are concerned, car manufacturers and suppliers should also keep an eye on the following:
- As highly autonomous vehicles would also need to implement automatically commanded braking, the concerned vehicles will need to comply with UNECE Regulation No. 13-H.
- UNECE Regulations No. 6 and 48 specifically govern the use of directional signals and provide specifications for their mounting on vehicles. Directional lights need to be activated and deactivated automatically during lateral maneuvers (e.g. lane changes). It is currently still unclear whether automatic activation and deactivation directional signals is permitted by the concerned UNECE Regulations as the latter still stipulate that direction signals are operated by the car driver.
(2) Option to file for an exemption
In addition to the above described registration regime for manufactured serial cars, there is an option to apply for an exemption which is particularly relevant for testing purposes. According to sec. 8 para. 1 of the German EC Vehicle Approval Regulation in conjunction with Art. 20 of the EC directive 2007/46/EC, manufacturers can apply for an EC type-approval for a particular type of system, component or separate technical unit that incorporates new technologies or concepts which are currently incompatible with the relevant registration regulations on cars with automated driving functions.
The application has to be filed with the German Federal Motor Transport Authority and has to comprise a detailed description of the new technology/concept used in the particular case. Also, depending on the technology, specific safety as well as environmental requirements have to be met. Such compliance should be confirmed by a positive test report prepared by the Technical Service of the German Society for Technical Supervision (GTÜ).
Except for a national provisional approval granted by the German Federal Motor Transport Authority, the final EC type-approval on the basis of an exemption is subject to authorisation being granted by the European Commission.
(3) Safety of autonomous vehicles and the ethics committee on automated driving
The success of autonomous vehicles will strongly depend on the safety and reliability levels provided for by the automated driving functionalities. Although statistics anticipate that the overall accident rate would drop significantly if autonomous vehicles were to take over road traffic, in the short term the further development of automated and autonomous driving technologies raises new requirements for consistent security standards. Primarily, safety requirements become crucial in the context of liability for damages (which is addressed in more detail below).
On 23 August 2017 the ethics committee on automated driving established by the German federal government published its guidelines setting out that self-driving cars will have to do the least amount of harm if put into a situation where hitting a human is unavoidable, and cannot discriminate based on age, gender, race, disability, or any other observable factors. In other words, all self-driving cars must be programmed to understand that human life is equal. A self-driving car in Germany would choose to hit whichever person it determines it would hurt less, no matter age, race, or gender. How a car would determine the damage it would cause, however, remains uncertain.
B. Data protection & security
Norton Rose Fulbright
Tel+ 49 69 505096 241
Sr. Associate, Frankfurt
Norton Rose Fulbright
Tel+ 49 69 505096 416
Automatized cars today and especially fully autonomous vehicles in the future operate by collecting and processing numerous data, which may be traced back to a specific individual. Several legal challenges, especially for the manufacturer of such vehicles, or the provider of connected services, arise from this situation. Following, we are pointing out the main legal aspects of data privacy and autonomous vehicles and illustrate the current status of legislation in the EU and Germany concerning this issue.
(i) Personal data related to autonomous vehicles
Many of the data collected by autonomous vehicles (in particular location data, sensor data, etc.) are regularly deemed as “personal data” according to the EU and German Data Protection Laws (now the German Federal Data Protection Act, (Bundesdatenschutzgesetz) and as of May 2018 the EU General Data Protection Regulation), as such data relates to the owner, driver or passenger of a vehicle via the vehicle identification number (“VIN”). Although one may argue that such data may not relate to a person but only to the vehicle, it can quite easily be attributed to the owner and/or driver of the car. Car data attributed to the VIN or the license plate is considered personal data in Germany according to the Düsseldorf Working Party (Düsseldorfer Kreis), a joint conference of the data protection authorities of the Federal Republic and the federal states of Germany (Bundesländer). Further, autonomous vehicles generate data attributed to the vehicle’s IP address, which is also considered personal data. In detail, in order to assess whether the personal data is collected and who is the (responsible) controller, one has to distinguish between “online” and “offline” vehicles. In the case of cars with no internet connection, the data saved “inside” the vehicle will be collected by the person or organisation who reads it out, usually the car garage which then is considered to be the controller i.e., the responsible entity.
Today, vehicles are “learning machines”, which, in order to predict the behaviour of traffic participants, must be able to “think” as a human being. This is done by collecting sensor data, which are stored and analysed in order to recognize patterns of behaviour from other traffic participants. An example of this would be that the autonomous vehicle must have the ability to recognize the movements and glances of playing children to determine if they are about to run onto the road. Thereby the enormous amounts of data accumulated cannot be stored locally.
On the other hand, a kind of “artificial swarm intelligence” can be created by networking the vehicles among themselves and with the manufacturer, in the course of which vehicles participate in the “learning progress” of the others. The “data collection” is then carried out at the time of transmission and those persons or companies that receive this data would be considered the responsible controllers. These could either be the vehicle manufacturers, or service providers such as network operators, portal operators or app providers. It remains to be seen to what extent classical car manufacturers will offer the underlying IT services, or if they will solely serve as hardware producers, while other companies build and operate the underlying IT system allowing for the “intelligence” to be installed into the vehicle. In each case, EU data protection laws require full transparency, which actor in this concert is responsible for what, and who has control over which data.
As a general principle in data protection laws, each entity processing personal data as a controller needs a legal basis to do so. For selling and offering services around autonomous vehicles, this basis may include:
Contract: A company may process their customers’ data if required to fulfil the contract.
Consent: A company may also process data with the explicit prior consent from the affected individual, probably the driver or owner of the vehicle.
Legitimate interest: A company may also rely on their legitimate interests, i.e., has to demonstrate that the processing is necessary for the purposes of the legitimate interests pursued by the company, except in cases in which those interests are overridden by interests or fundamental rights and freedoms of the data subject.
None of the above grounds apply in all cases. On the contrary, the legal situations of autonomous vehicles are complex with many different players involved with each having different purposes for the data collected. Given this complexity, setting up the data protection framework for services on autonomous vehicles requires a diligent legal review of the specific type of collection, storing, and processing of data that is in use. The data processed for the transportation service itself is usually subject to the legal ground of performance of a contract. But it is necessary to analyse the contractual relationships between the owner of the car, the manufacturer, the service/platform providers on the one hand and the respective driver or passenger on the other. Particular importance could arise in cases of shared vehicle services or the offer of driving services.
Permission for processing of personal data might also be provided by consent. The EU General Data Protection Regulation states several requirements for such consent. First, it must be freely given and “informed”, which means that a person concerned must always exactly know what he agrees with. Consent is presumed not to be freely given, if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance. After all, a withdrawal of a given consent must be possible at any time. Car manufacturers and/or dealers could meet these requirements by informing the buyer of the exact data collection and processing procedures in their car. The required transparency and the possibility of withdrawal could be implemented in such a way that the current connection status of the vehicle is displayed to the driver or passenger by means of standardized symbols in the cockpit that allows him to activate or deactivate the connection at any time. Therefore, it is recommended to draw as much data processing as possible upon contract purposes.
Finally, a company could most likely invoke the legal ground of legitimate interest in the case of service improvements or pre-emptive maintenance. However, it should consider technical measures like anonymization or pseudonymisation.
(ii) Data processing in autonomous cars pursuant to the German Road Traffic Act
Pursuant to sec. 63a German Road Traffic Act, vehicles shall store the position and time data determined by a satellite navigation system when the vehicle control system is changed between the driver and a highly or fully automated system. Such storage also occurs when the system prompts the driver to take over control of the vehicle or if a technical malfunction of the system occurs. Such data stored may be communicated to the authorities competent under national law for the punishment of traffic offences at their request. The transmitted data may be stored and used by them. The scope of the transfer of data shall be limited to the extent necessary for the aforementioned purpose in connection with the procedure for the control initiated by those authorities. The data stored shall be erased after six months, unless the motor vehicle was involved in an accident, in which case the data shall be erased after three years. The data stored may be transmitted to third parties in anonymous form for accident research purposes.
Pursuant to sec. 63b Road Traffic Act, the Federal Ministry of Transport and Digital Infrastructure is authorised, in consultation with the Federal Commissioner for Data Protection and Freedom of Information, to issue legal ordinances for the technical design and location of the storage medium as well as the type and manner of storage, the addressees of the storage obligation and measures to protect the stored data against unauthorised access when the vehicle is sold.
(iii) Data protection recommendations the Federal Commissioner for Data Protection and Freedom of Information for automated and networked driving
The German Federal Data Protection Commissioner recently gave the following 13 recommendations as minimum standards for future legal regulations.
- Recommendation 1: It must be transparent which data may be processed on the basis of a law without the express consent of the vehicle user.
- Recommendation 2: If necessary, users should be able to view all information on the processing of personal data, for example via the dashboard display.
- Recommendation 3: Data processing in the vehicle and for data-based services may only access personal data to the extent necessary. This also applies to communication between vehicles in intelligent traffic systems (car-to-car communication).
- Recommendation 4: No data storage is normally required for pure driving operation. The data exchanged during communication between vehicles must, for example, be protected against unauthorised use or recording by means of effective encryption.
- Recommendation 5: If no personal reference is required for the respective purpose, the data should be made anonymous.
- Recommendation 6: When images of the surroundings are captured for automated driving, they must be deleted as soon as they are no longer needed for the respective purpose.
- Recommendation 7: Security mechanisms, e.g. for authentication in car-to-car communication, must not create any data protection risks.
- Recommendation 8: Vehicle users need technical possibilities to selectively grant or revoke access to individual categories of data in the vehicle, as long as there is no legal provision to the contrary.
- Recommendation 9: In vehicles, data protection-friendly pre-settings must be established in accordance with the “privacy by default” principle. Users must be able to adjust their vehicle in such a way that they disclose as little as possible about their driving behaviour.
- Recommendation 10: Driving and comfort functions should be designed in such a way that data processing within the vehicle is possible. The use of certain functions must not depend on actually unnecessary external data processing.
- Recommendation 11: Vehicle users should be able to delete personal data easily. As with smartphones, the digital status of a vehicle must be able to be reset to the delivery status, provided that there are no legal regulations to the contrary.
- Recommendation 12: Unauthorised access to the storage units of a vehicle or tampering with the stored data must be excluded.
- Recommendation 13: Online communication components must be designed to provide effective protection against cyberattacks.
C. Insurance of automated/autonomous vehicles
Norton Rose Fulbright
Tel+ 49 89 212148 461
Sr. Associate, Munich
Norton Rose Fulbright
Tel+ 49 89 212148 342
(i) Insurance premiums for autonomous vehicles
The insurance industry currently increases its focus on premium considerations regarding the insurance of driverless autonomous vehicles.
(1) Telematics products
The adoption of telematics tariffs is a current topic particularly in the motor insurance industry. The collection of data and information makes it technically possible to adopt telematics products for insurance policies and improve the accuracy of risk assessments. Most notably “Pay how you drive” (PHYD) and “Pay as you drive” (PAYD) products are now progressively adopted in Germany. In other jurisdictions such as Italy, Austria and the USA, those telematics systems already enjoy a wider market share. Some authors consider this being the result of generally lower average premium rates in Germany. This may, however, pursuant to the new requirement that vehicles will now need to have “blackboxes” collecting such data and requiring installation of the in-vehicle emergency system eCall.
“Pay how you drive” systems relate to the driver’s behaviour and are only relevant when the vehicle still has a driver (e.g. highly autonomous vehicles). Relevant behaviour of the driver in the context of “Pay how you drive” products is, for example, the driver’s compliance with speed limits. An example in Germany in this regard is a joint-development by Bosch and HUK Coburg of a “Pay how you drive” system. “Pay as you drive” systems are also relevant in the context of autonomous vehicles since such systems allow insurers to adjust pricing policy depending on, for example, how frequently the vehicle is used by the policyholder and what distance the vehicle is driven.
In practice two alternative models are used by insurers with regard to the use of self-tracking data as a basis for premium calculations: (i) One model consists in adapting the premium by way of decrease or increase depending on the result of the obtained data.
(ii) The second model consists of bonuses payable as a profit participation in the event of with-profit policies depending on the result of the obtained data.
Since data collected by autonomous vehicles are deemed as “personal data” in accordance with European and German laws, a number of data protection issues will need to be taken into account when developing such insurance policies. In addition, premium adaption requirements and other issues under German Insurance Contract Act, general terms and conditions issues such as transparency pursuant to the German Civil Code, and other legal issues have to be considered when reviewing to which extent such insurance policies comply with all legal requirements. In addition, if there are separate contracts, it needs to be considered how self-tracking-contracts between the policyholder and the self-tracking service provider can be validly combined with such insurance policies.
(2) Alternatives to self-tracking such as less provision of data?
In contrast to self-tracking options, policyholders may also be able to choose a certain premium depending on whether they would like to consent to more or less data about their vehicle and indirectly about them being collected and processed.
(3) Alternatives to claims deductibles?
It is expected that premium discounts due to a driver having no accidents (Schadensfreiheitsrabatt) will be no longer relevant when there are autonomous vehicles without drivers. Instead certain types of vehicles from certain manufacturers with a track record of less accidents may enjoy better premiums from insurers as autonomous vehicles will be rather machines than traditional vehicles.
(4) Consequences of non-compliance with update requirements?
As autonomous vehicles are highly complex learning machines, it is anticipated that manufacturers or other companies building and operating the underlying IT system will require customers to install regular updates in relation to software, apps and program codes. In that context insurers are considering the consequences to policyholders’ insurance cover or premium due to their non-compliance with update requirements.
(ii) Amount of insurance premiums and damages
It is expected that there will be less accidents by autonomous vehicles than by vehicles with drivers – at least after an interim period where there will be vehicles with drivers (making to some extent unexpected decisions the machines do not expect yet) as well as autonomous vehicles on the road. However, even less frequent, car accidents will tend to be more expensive since they will involve highly sophisticated in-vehicle systems. This is likely to result in new opportunities for hull insurance policies. Furthermore, despite a reduction in insured events due to human errors, an increase in events due to technical failures is to be expected. In addition, there are a number of factors which might increase the amount of damages. There are in particular some new non-traditional types of losses, more expensive repairs due to the repair or replacement of sensors and other expensive technology and new types of risks (cyber, IT and terror risks). An indication for higher damages is also that the revised 2017 German Road Traffic Act includes significantly higher liability caps for losses caused by highly or fully autonomous vehicles.
(iii) Access to relevant data by insurers
As autonomous vehicles are expected to “think” like humans in order to avoid accidents the amount of data collected by autonomous vehicles will be huge. If the insurers obtain such data it will provide them with accurate and detailed information for their risk assessment regarding the insurance of autonomous vehicles, e.g. the vehicle condition, where and how the vehicle is typically used and, in particular, information about how an accident was caused.
There is increased competition of insurers with car manufacturers with regard to the data since car manufacturers are likely to have access to customers’ data. Due to the significant importance of such data there has been a recent suggestion that the data are kept with a trustee in order to ensure that not only the manufacturers have access to the relevant data, but also insurers and other concerned parties.
In addition, the importance of obtaining relevant data might create the need for development of joint-ventures between car manufacturers and insurers to ensure the latter benefits from an access to collected information. The processing of the collected personal data will require insurers to implement respective data protection measures, including cyber protection measurements in order to protect such data against cyberattacks.
(iv) Additional lines of insurance
As the market for personal motor insurance decreases, opportunities arise for insurers focusing on other customers and types of policies. Insurers interested in insuring autonomous vehicles should consider focusing on manufacturers, highly advanced technologies and cyber insurance.
(1) Insurance of new technologies
Insurance policies in connection with new technologies are a nontraditional insurance product which is likely to grow as a result of an increasing use of autonomous vehicles. Since becoming more and more like IT machines, autonomous vehicles will consist of highly technological components such as expensive sensors (including parts provided by OEMs), will network with e.g. other vehicles and traffic lights and will be connected to services provided by third parties.
The highly advanced technology of autonomous vehicles also increases the importance of product liability and product recall insurance policies. Product liability insurance may cover the liability of fleets of autonomous vehicles of a certain manufacturer or service provider. This becomes even more relevant as the market might be dominated by a few manufacturers and operators (e.g. the operator of robotaxi services) owning and leasing vehicles fleet. The tendency to an increasing number of persons sharing vehicles also contributes to this trend towards consolidation.
The increased negotiation power of manufacturers with regard to the insurance of fleets might also have an impact on the terms of insurance policies. General terms and conditions requirements such as transparency and fairness are, pursuant to the German Civil Code, applicable also to professional parties except where the relevant clause has been individually negotiated.
Business interruption policies might also gain increased importance, as manufacturers and service providers might also be responsible for business interruption damages.
(2) Cyber insurance, data related insurance, data protection and data security
Cyber insurance is another nontraditional insurance product which is likely to grow as a result of an increasing use of autonomous vehicles. In general, autonomous vehicles will increase the safety significantly. However, there is a new risk due to potential cyber-attacks. Cyber insurance is already of increased importance and is a growing market due to the increased risk of cyber-attacks and the increased digitalization, interconnection and relevance of smart and connected products. In general, there is concern that hackers might intentionally cause accidents or perpetrate theft of autonomous vehicles. In addition, the need for prevention against cyberattacks and a means to securing data processed and collected with regard to autonomous vehicles triggers an increased demand for cybersecurity insurance products, in particular by manufacturers and third party providers. Insuring cyber risks is regarded by some insurers as being a way to face forecasted decrease in vehicle insurance prices and opportunities.
D. Liability aspects
Norton Rose Fulbright
Tel+ 49 89 212148 422
Sr. Associate, Munich
Norton Rose Fulbright
Tel+ 49 89 212148 442
The question of liability for accidents involving highly- or fully-autonomous vehicles is in the focus of the evolving legal discussions. Under the German liability regime, generally (1) the driver, (2) the keeper and / or (3) the manufacturers can be held liable for damages caused by road accidents. Mirroring an expected change of the main causes for traffic accidents, in which the nowadays preeminent human error is widely substituted by technical failures triggered by an increase in automation, responsibility – and hence liability – is likely to shift towards the OEM / supplier (respectively their insurers). De lege lata, this effect could be fostered by the recent changes to the German Road Traffic Act.
Generally, under the German liability regime, if a driver acts culpable – i.e. does not observe reasonable duties of care – he will be held liable for any damage caused by that behaviour. The driver’s liability can then be based on general tort law provisions as well as the special provision of sec. 18 of the German Road Traffic Act. In the latter case, the onus of proof is reversed and a driver will be held liable unless he proves that he did not act negligently (or intentionally). In this regard an impact of the recent changes of the German Road Traffic Act set out above (cf. sec. 2.1) is to be expected as the driver´s standard duties of care are somewhat lowered when operating highly or fully autonomous vehicles. Further, the mandatory monitoring and recording obligations stipulated by the latest legislative changes may factually allow (or at least facilitate) the exculpation of the driver by providing necessary evidence. On the other hand, liability caps provided by sec. 12 of the German Road Traffic Act, are significantly increased for accidents involving a highly or fully autonomous vehicle from €1,000,000 to €2,000,000 for property damages and from €5,000,000 to €10,000,000 for personal injury or death.
A special liability of the keeper (Fahrzeughalter), irrespective of any fault, is stipulated by sec. 7 of the German Road Traffic Act. The rationale behind this strict liability is that the keeper must generally bear all risks of the operation of his vehicle (Betriebsgefahr). Again, such liability is generally capped following sec. 12 of the German Road Traffic Act and the increased liability amounts (cf. above) also apply in this regard. A more extensive liability of the keeper can equally be based on general tort law provisions in the event of negligent behaviour, such as maintenance errors and omissions. The strict liability of the keeper can only be avoided if an accident is caused by force-majeure, whereas it will be up to the courts to decide, if the failure of a self-driving functionality could be qualified as such. Taking into account that usually only extraordinary “external” incidents are considered as force majeure (e.g. earthquakes) and that German case-law is generally very restrictive in accepting technical defects as acts of god, this, however, seems rather far-fetched. This is further supported by the expressed view of the legislator, which, in its recent official justification for the amendment of the German Road Traffic Act, assumed a general liability of the keeper for accidents caused by system failures. Therefore, exceptions could realistically only apply for accidents caused by e.g. hacker attacks or sudden and reasonably unavoidable defects in the telecommunications infrastructure.
In addition to the joint and several liability of the driver and the keeper, the OEM / supplier (in particular also software developers) could be liable under the German Product Liability Act, under which – irrespective of any negligent behaviour – a manufacturer is liable for damages to health and property occurring from a defective product. As to property damage, compensation is limited to objects in private use (and not including the defective product itself) and a deductible of €500 applies; for personal injury the liability is capped at €85,000,000. Under the additional general tort law concept of “producer liability” (Produzentenhaftung) a more extensive (unlimited) liability is established, if defective products have negligently been put into / kept in circulation. In both cases – product and producer liability – relevant defects may result from staying behind a state-of-the-art conception and design (Entwicklungsfehler), manufacturing flaws (Herstellungsfehler) or even instructional errors, such as an omission of adequate warnings (Instruktionsfehler). In this regard, the setting of safety standards to define adequate product compliance at this time remains a significant, complex and yet unresolved challenge.
Therefore, the comparative yardstick for the “safety” of vehicles must be determined by the users’ legitimate security expectations and all reasonable and economically feasible steps to achieve these must be respected. Within this framework, in particular a comparison of the self-driving functionalities with the skills of a due diligent (“ideal”) driver, improved by economically feasible technical measures to overcome biological limits (e.g. reaction time), should be decisive. Against this background, any failure of an implemented self-driving feature will constitute a defect. On the other hand, a 100% accident free operation cannot reasonably be expected, as incidents may sometimes not be preventable due to force-majeure, physical limits or third party behaviour. In any event, complying with (at least) all legal information and warning obligations, such as stipulated by sec. 1a para. 2 sent. 2 of the German Road Traffic Act, as well as all yet available applicable technical safety standards and QC procedures is crucial for OEMs / suppliers. In particular ISO 26 262 is worth mentioning in this regard, as this standard aims to address possible safety issues caused by malfunctioning behaviours of electronic and electrical systems installed in series production passenger cars and – inter alia – covers product development and functional safety management issues. However, adhering to all applicable state-of-the-art standards may not suffice, as these only set minimum standards valid at the time of their taking effect. The ongoing responsibility for marketed products is further reflected by an adequate obligation to monitor products in the field and to take reasonable measures following emerging defects, both of which must be assessed in the light of imminent risks as well as reasonable monitoring and reaction possibilities. The comprehensive technical possibilities combined with potentially high risks triggered by malfunctions should go hand in hand with rather strict monitoring and curing obligations.
In practice, as in the event of an accident caused by a technical failure, the driver will often be able to rebut negligent behaviour, liability will often stick with the keeper and the producer. As (i) the burden of proof is significantly lower for claims against the keeper, who is (ii) further subject to a compulsory liability insurance (whereas the claimant has a right of direct action against the insurer), it is foreseeable that the keeper, respectively its insurer, will be the “debtor of choice” (at least for claims below the mentioned liability cap). However, in the internal relationship between the keeper (respectively its insurer, following a subrogation) and the producer, the latter will very likely be subject to a recourse claim, as under German law provisions joint and several debtors shall internally only bear damages according to their respective causal contribution.
- The recent developments in the regulatory sector are warmly welcomed by the industry. The revision of the German Road Traffic Act not only sends the right signals to the market and the innovators, it provides for an adequate framework for future developments slightly below the levels of fully autonomous driving, also paired with the amendments to the UNECE Regulations.
- The automation of driving is a technical revolution, which revolutionises our transportation habits. But it also challenges the road users’ constitutional right of privacy. Many of those challenges can be solved within the scope of the current data protection legislation. Nevertheless, the legislator will have to provide for more legal certainty for all parties concerned. The proposed amendment to the German Road Traffic Act, is a first step in the right direction.
- From an insurance perspective there is a focus on pricing considerations (including telematics products and amount of damages due to highly advanced technology) with regard to traditional and non-traditional insurance policies. Another important issue is who will access and control the data collected by autonomous vehicles. Proposals include that a trustee should hold the vehicle data. This is of significant interest for manufacturers as well as insurers, for example, in the context of ascertaining the cause of accidents involving highly automated or autonomous vehicles.
- Due to the recent changes of the German Road Traffic Act the driver´s standard duties of care are somewhat lowered when operating highly or fully autonomous vehicles. On the other hand, liability caps are significantly increased for accidents involving a highly or fully autonomous vehicle. Despite a potentially high level of automation during driving operations, the vehicle keeper (or respectively its insurer) is subject to a general liability for accidents caused by system failures. In addition to the joint and several liability of the driver and the keeper, the OEM/supplier (and also software developers) could be liable under the German Product Liability Act. In practice, the crucial aspect will be the internal relationship between the keeper (respectively its insurer) and the producer as the latter will very likely be subject to a recourse claim.
- The M&A landscape is highly driven by the spur of innovation in the automotive sector. Niche players engaged in technology sectors required for automated and future autonomous driving systems (e.g. sensors, electronic infrastructure, testing software) are courted for strategic partnerships and acquired at particularly high purchase prices as the traditional stakeholders realise the importance of early positioning.
 Institut der Deutschen Wirtschaft (IW Kurzbericht) available under www.iwkoeln.de/studien/iw-kurzberichte/beitrag/hubertus-bardt-deutschland-haelt-fuehrungsrolle-bei-patenten-fuer-autonome-autos-356331.html.
 8th Amendment of the German Road Traffic Act , entered into force on 21 June 2017 (available under www.bgbl.de/xaver/bgbl/start.xav#__bgbl__%2F%2F*%5B%40attr_id%3D%27bgbl117s1648.pdf%27%5D__1517589427052).
 As described in the official explanatory memorandum to this amendment; Bundestag document No. 18/11776, p. 10 (available under dipbt.bundestag.de/dip21/btd/18/117/1811776.pdf).
 Cf. sec. 18.104.22.168.1.1. of UNECE Regulation No. 79 (Revision 2 – Amendment 3).
 Annex 8 of UNECE Regulation No. 79 (Revision 2 – Amendment 3).
 Cf. Art. 35 para 1 of EC directive 2007/46/EC; available under eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32007L0046&from=EN.
 Cf. Lutz, Gen Re, Issue March 2016, p. 2 (available under media.genre.com/documents/cmint16-1-en.pdf), who takes the view that direction indicators may be activated automatically under current UNECE regulations.
 Please refer to a study published by McKinsey in 2015 (available under www.mckinsey.com/industries/automotive-and-assembly/our-insights/ten-ways-autonomous-driving-could-redefine-the-automotive-world).
 Cf. www.lda.brandenburg.de/media_fast/4055/Gemeinsame_Erklaerung_VDA_Datenschutzbehoerden.pdf.
 European Court of Justice, decision dated October 19, 2016 – C-582/14.
 Wenig, Versicherungsbote, interview with Joachim Müller, member of the Board of Allianz, Allianz provides prospective insurance for autonomous vehicles (available under https://www.versicherungsbote.de/id/4858482/Autoversicherung-Allianz-autonomes-Fahren).
 German Insurance Association (GDV), Zeitschrift für die Gesamte Versicherungswirtschaft, Sonderheft Jahrestagung 2017 des Deutschen Vereins für Versicherungswissenschaft e.V., volume 106, issue no 5, p. 507.
 Wilkens, Heise Online, Bosch intends to teach learning to autonomous vehicles (available under https://www.heise.de/newsticker/meldung/Bosch-will-selbstfahrende-Autos-das-Lernen-lehren-3655412.html).
 German Insurance Association (GDV), Zeitschrift für die Gesamte Versicherungswirtschaft, Sonderheft Jahrestagung 2017 des Deutschen Vereins für Versicherungswissenschaft e.V., volume 106, issue no 5, p. 479 et seq.
 German Insurance Association (GDV), Zeitschrift für die Gesamte Versicherungswirtschaft, Sonderheft Jahrestagung 2017 des Deutschen Vereins für Versicherungswissenschaft e.V., volume 106, issue no 5, p. 491 et seq.
 Munich Re, How to insure a driverless car, article available under https://www.munichre.com/topics-online/en/2015/05/autonomous-vehicles.
 German Insurance Association (GDV), Less accidents, more expensive repairs, available under https://www.gdv.de/de/medien/aktuell/weniger-unfaelle--teurere-reparaturen-8286.
 The Economist, Who is behind the wheel?, available under https://www.economist.com/news/leaders/21737501-policymakers-must-apply-lessons-horseless-carriage-driverless-car-self-driving?frsc=dg%7Ce.
 International Data Group (IDG) Business Media IT-information website (CIO), Allianz proposes trustee to hold vehicle data, available under https://www.cio.de/a/allianz-wuenscht-sich-treuhaender-fuer-autodaten,3574592.
 Schnell, Handelsblatt, How autonomous driving will change the insurance cover for vehicles, available under http://www.handelsblatt.com/finanzen/banken-versicherungen/huk-coburg-das-autonome-fahren-wird-die-kfz-versicherung-veraendern/19613998.html.
 The Economist, Who is behind the wheel?, available under https://www.economist.com/news/leaders/21737501-policymakers-must-apply-lessons-horseless-carriage-driverless-car-self-driving?frsc=dg%7Ce.
 Cf. sec. 63a of the German Road Traffic Act.
 Bundestrat document No. 69/17, p. 14 (www.bundesrat.de/SharedDocs/drucksachen/2017/0001-0100/69-17.pdf?__blob=publicationFile&v=9).
 IDG Business Media IT-information website (CIO), Allianz proposes trustee to hold vehicle data (available under https://www.cio.de/a/allianz-wuenscht-sich-treuhaender-fuer-autodaten,3574592).