Norton Rose Fulbright
Tel+ 27 11 685 8847
Sr. Associate, Johannesburg
Norton Rose Fulbright
Tel+ 27 11 685 8617
Norton Rose Fulbright
Tel+ 27 11 685 8871
Norton Rose Fulbright
Tel+ 27 31 582 5816
Norton Rose Fulbright
Tel+ 27 11 685 8513
South Africa does not have any laws which deal specifically with autonomous vehicles and their use. This is of no immediate concern however because adoption of this technology is likely to be slow.
Furthermore, the introduction of autonomous vehicles to South Africa will require ongoing and sustained investment from the state to bring many of South Africa’s roads to a standard suitable for autonomous vehicle operation. Whilst South Africa’s main and urban roads are generally considered to be in a good condition, meeting international standards, those in rural or semi-rural areas are often beset with potholes and have partially or wholly obscured or missing markings and road signs. As autonomous vehicles require smooth, clearly marked and well sign-posted roads on which to operate safely, roads outside of urban areas other than national motorways cannot be considered appropriate for autonomous vehicles.
Another potential obstacle to the introduction of autonomous vehicles in South Africa is the powerful taxi industry. Significant political pressure has been exerted by this group in opposition to other public transport initiatives and operations, including the introduction of a high speed commuter rail train (the Gautrain) in Gauteng province, and the operation of Uber throughout the country. The taxi industry tends to view new modes of transport as a threat to its members’ jobs and livelihoods and could have the same view of autonomous vehicles introduced into South Africa in any noteworthy numbers.
Where autonomous vehicles are introduced (mainly in urban areas) the current laws soon to be enacted adequately address legal issues which may arise in relation to these vehicles, with some exceptions.
A. National and provincial laws regulating the autonomous vehicle space
There is currently no national or provision legislation which regulates autonomous vehicles, including passenger vehicles and trucks, and the safety thereof in South Africa.
The National Road Traffic Act, 1996 (NRT Act) regulates road traffic matters uniformly throughout South Africa. The NRT Act defines a “vehicle” to be a device designed or adapted mainly to travel on wheels or crawler tracks and a “motor vehicle” to be any self-propelled vehicle. Accordingly, the NRT Act does not define a motor vehicle with reference to the presence or absence of a person driving the vehicle.
The NRT Act provides that all motor vehicles must be registered and licensed (unless the contrary is prescribed in respect of specific cases) and prohibits a person from operating an unlicensed or unregistered motor vehicle on a public road. To “operate on a public road” is broadly defined to mean to use or drive a vehicle on a public road, permit a vehicle to be used or driven on a public road, or to have or to permit a vehicle to be on a public road.
In the ordinary course, for a motor vehicle to be licensed and registered it must be issued with a certificate of roadworthiness by the examiner of vehicles. To be issued with a certificate of roadworthiness, an appropriately graded examiner of vehicles must examine and test the motor vehicle as prescribed in the code of practice SABS 047 “Testing of motor vehicles for roadworthiness” (SABS 047). SABS 047 contains many assessment criteria which may be directly relevant or applicable to the assessment of autonomous vehicles, include for example the assessment of the fuel system, the braking system or the condition of the tyres. That being said, however, SABS 047 was not designed for the assessment of autonomous vehicles and is unsuitable for such assessment in many respects. There are, accordingly, no appropriate standards in place by which the examiner of vehicles may assess the roadworthiness of fully autonomous vehicles pursuant to which a certificate of roadworthiness could be issued for autonomous vehicles.
Despite autonomous vehicles falling within the definition of a motor vehicle for purposes of the NRT Act, without appropriate standards, such vehicles cannot currently be licensed or registered and accordingly their operation (including their mere presence) on public roads in South Africa is prohibited.
Further, to qualify for registration as a manufacturer, builder or importer of motor vehicles, the applicant must demonstrate that the motor vehicles to be manufactured, built or imported comply with the relevant legislation, standards and specifications in South Africa, including those relating to roadworthiness.
A motor vehicle that is not otherwise certified as roadworthy may be operated in South Africa under a special permit, but that such special permits are issued for limited purposes (for example, for the testing of the relevant motor vehicle) and for limited durations of between 3 to 21 days.
It is unlikely that SABS 047 would merely be amended to include the assessment of autonomous vehicles for roadworthiness, thereby permitting autonomous vehicles to be operated under the current legislative framework. It is more likely that made-for-purposes legislation would be designed and promulgated for autonomous vehicle operation, although as set out in question 9 and 11, there are currently no plans for such legislative action.
B. Consumer protection
The Consumer Protection Act, 2008 (CPA) defines a supplier as a person who markets any goods or services. This includes a producer (manufacturer), importer, distributor or retailer. Autonomous vehicles would fall under the classification of goods for the purposes of the CPA.
Both individual consumers as well as small businesses are protected as consumers under the CPA. A business (which includes trusts, partnerships and associations) is considered small if it has an annual asset value or turnover of R2 million (about US$165, 000) or less. The CPA does not apply to corporate customers with an annual asset value or turnover in excess of R2 million.
In most cases a consumer must be party to a transaction for consideration with the supplier, however the definition of a consumer is extended to include users and beneficiaries of goods where appropriate. This means that defective autonomous vehicles which cause harm to third parties will carry liability even if the person who purchased the vehicle was not harmed.
The CPA governs the entire transaction with the consumer, from the first advertisement, the transaction, the after sales, and responsibility for any harm caused by defective or dangerous vehicles. After-sales services are significantly impacted by the CPA. An automatic three month warranty on all repairs carried out (either in terms of a warranty or if paid for by the consumer) has been introduced. There are strict requirements requiring free quotations for repairs and no repairs may be carried out without the consumer’s explicit confirmation to proceed. The supplier carries the risk for taking diligent care of the consumer’s vehicle whilst under their control and will be liable for any damage caused while in their care.
Contracts (including any sale) concluded with consumers must adhere to the requirements for fair and reasonable terms and conditions. Any agreement that does not comply with the CPA will be potentially void and the inclusion of impermissible clauses constitutes a prohibited practice under the CPA.
There is also an implied warranty in relation to the entire supply chain to the effect that the vehicles supplied comply with all quality requirements. The direct supplier of the vehicles is required to repair or replace defective vehicles or refund the consumer at their election if the vehicles do not meet quality standards within six months of the consumer receiving the goods. This cannot be avoided as it is an implied warranty that runs concurrently with any other warranty such as a manufacturer’s warranty.
The CPA has also introduced no fault liability for harm caused by the supply of unsafe, defective or hazardous goods or by a lack of adequate instructions for the safe use of the goods. A consumer can claim from any party in the supply chain, irrespective of whether the harm resulted from any negligence on the part of such a party. The supply chain is defined broadly to include all suppliers who directly or indirectly contribute in turn to the ultimate supply of the goods to a consumer and could include the programmer of the autonomous vehicle. If the vehicle has a programming defect which causes a collision or causes the vehicle to make a “decision” which results in death or injury caused to a natural person or damage to property, the programmer could be liable to both the driver and the victim. Persons harmed may claim for death, injury, or illness to natural persons or damage to property and the economic loss flowing from the harm. Consumers must prove the extent of the harm and that it was caused by any of these causes, but the consumer need not prove that the supplier was negligent. Liability in the supply chain is joint and several. The consumer still has an obligation to mitigate the damage caused.
Suppliers may not contract out of liability for such harm and may not limit their liability as this may be considered an attempt to avoid its obligations under the CPA. There are limited defences to liability under this section. Suppliers’ liability for harm caused by goods is not limited to claims by consumers as defined. Even juristic persons who exceed the financial threshold may claim for damage to property and the consequent economic loss in terms of the CPA.
Product recalls are also governed by the CPA. The National Consumer Commission (NCC) has the power to order compulsory recalls if it reasonably believes goods to be a potential risk to the public. The NCC’s guidelines on product recalls will have to be adhered to in both compulsory and voluntary recalls. On average there have been about 40 voluntary recalls per year. There has only been one compulsory recall, and this was in the automotive industry.
There are significant financial and sometimes criminal implications for non-compliance. Suppliers who are found to have contravened the provisions of the CPA may be issued with a compliance notice. A failure to comply with the requirements of the compliance notice can result in significant financial penalties. The Consumer Tribunal is empowered to impose administrative fines of up to 10% of a supplier’s total turnover in South Africa in the preceding financial year or R1 million whichever is the greater amount. Suppliers or individual employees who are found to have committed an offence under the CPA will be referred to the National Prosecuting Authority for prosecution. A complaint may be brought or initiated three years after the conduct or practice has ceased.
The NCC has been under-resourced and has not aggressively enforced compliance with the CPA since it commenced operations in 2011. However there are a number of industry ombuds and consumer protection bodies in terms of the CPA that resolve consumer complaints and can and do refer non-compliant suppliers to the NCC. One of these is the Motor Industry Ombudsman of South Africa (MIOSA), which acts in terms of the South African Automotive Industry Code of Conduct (Code), published in under the CPA. The MIOSA assists in resolving disputes that arise in terms of the CPA regarding any goods or services provided by the automotive industry. It does not have the jurisdiction to make a finding on product liability, but can escalate these matters to the NCC. The NCC then conducts targeted product recalls.
C. Adopting SAE nomenclature
There is currently no national or provision legislation which regulates autonomous vehicles, including the safety thereof, in South Africa. Further, Parliament and/or the Ministry of Transport have not announced any plans to consider the role or import of autonomous vehicles in South Africa and the promulgation of appropriate legislation in that regard. Accordingly, while certain industry or informal bodies may adopt the SAE nomenclature, it is unknown whether such nomenclature will be adopted by the South African legislature in the future.
D. Data protection/privacy rules and regulations and cybersecurity
(i) Data privacy
The Protection of Personal Information Act (POPI) is South Africa’s forthcoming privacy law. It was signed into law in November 2013. Some of the administrative aspects came into force in April 2014, however the obligations under POPI have not yet commenced. A commencement date has not yet been announced, but the members of the office of the information regulator have been appointed and commenced their duties on 1 December 2016. In addition, draft regulations were published for comment on 8 September 2017. Once all provisions of POPI are in force, any person or organisation processing personal information in South Africa will have 12 months to become compliant.
POPI aims to give effect to the constitutional right to privacy by safeguarding personal information of individuals (called data subjects) processed by public and private bodies (called responsible parties). POPI imposes minimum standards on the way personal information is collected, stored, used, disclosed and deleted. This is called processing.
Where any natural or juristic person other than the owner or passenger of an autonomous vehicle processes personal information, such as owner and passenger information and preferences and location information, this would be governed by POPI, provided the processing is not for personal use or for any other excluded purpose. If the information is de-identified to the point that it cannot be re-identified, POPI would again not apply.
The processing must be justified in terms of POPI for it to be lawful. For example, where consumers have consented to this processing of their personal information so that their user experience of the autonomous vehicle is better (as in the case with cookies on websites), this would be lawful under POPI, provided the processing is not unreasonable, irrelevant and excessive. If personal information is being transferred outside of South Africa (for example, to storage in the cloud), the cross-border provisions of POPI would also have to be complied with.
Personal information collected from autonomous vehicles could also be used to market certain goods or services to consumers. For example, location information could be used in direct marketing so that consumers are offered goods and services in the area in which they live. Where manufacturers intend on using personal information to market goods or services to a consumer, the direct marketing provisions of POPI apply and the consent of the relevant data subject would have to be obtained before the marketing communication can be sent. This only applies to electronic communications.
One of the primary concerns raised about the use of autonomous vehicles is that they are vulnerable to being hacked. There are no laws that deal specifically with cybercrimes relating to autonomous vehicles, however the Electronic Communications and Transactions Act, 2012 (ECTA) is the current South African law which regulates cybercrimes generally. There are three cybercrimes in ECTA, namely:
- unauthorised access to, interception of or interference with data;
- computer-related extortion, fraud and forgery; and
- attempting and assisting others to commit the above offences.
If an autonomous vehicle is hacked and data is accessed or control of the vehicle is seized, currently this would amount to a cybercrime. Similarly, where control of a vehicle is obtained and money extorted from the owner, this would amount to a cybercrime offence.
The Cybercrimes and Cybersecurity Bill [B6-2017] is not yet in force but gives further detail to the ECTA offences and specifically criminalises hacking. It also establishes a number of structures designed to assist law enforcement authorities in combatting cybercrime. Once this bill is enacted, it will regulate hacking of and cybercrimes related to autonomous vehicles.
(iii) Insurance rules and regulations
In South Africa, a driver or owner of a motor vehicle is not required to obtain any third party or other insurance in relation to the vehicle or its operation. Rather, a statutory fund, the Road Accident Fund (Fund), is liable to compensate any third party that suffered bodily injury or death as a result of the driving of a motor vehicle by any person in South Africa, if the bodily injury or death is due to the negligence or other wrongful act of the driver or owner of motor vehicle. For the Fund to be liable to third parties, accordingly, it is necessary that the relevant motor vehicle was driven by a person at the time of the third party suffering bodily injury or death. The injured victim of a vehicle accident that was the “fault” of an autonomous vehicle is therefore at a real disadvantage compared with the victim of an accident caused by a human driven vehicle.
There is currently no national or provision legislation which regulates autonomous vehicles, including insurance requirements in relation thereto, in South Africa.