Driverless Cars: Where Technology and Law Collide

April 22, 2015

With the prospect of driverless cars on our roads, what was once science fiction is now approaching reality. Driverless cars could potentially reduce congestion and noise, reduce emissions, make roads safer and improve the independence and wellbeing of the elderly and disabled (and non-drivers generally). They could also help transform our towns and cities – swapping parking lots for parks. However, driverless cars also raise significant legal and ethical questions. In this article, we consider some of the key legal issues arising from this technology.

Although Google may be the most high-profile pioneer, a large number of automotive manufacturers and tech companies have now joined the race to take the driverless car concept beyond the drawing board. Nissan has predicted that a driverless car will hit the consumer market by 2020; a 2014 study by Gartner predicted that, by 2030, driverless cars will represent approximately 25% of the passenger cars in mature markets, and McKinsey recently reported that mass adoption is likely by 2040.

Countries are also keen to embrace driverless car technology. Indeed, the UK Government has recently announced its intention to become a leader in this field. In its ‘Pathway to Driverless Cars Summary report and action plan’ (‘DfT Report’), the UK Government’s Department for Transport (‘DfT’) concluded that the current UK legal and regulatory framework will not be a barrier to the testing of driverless cars on UK roads.

Taking a light-touch approach, the DfT announced that it will publish a non-regulatory code of practice later in 2015 that will allow the testing of driverless cars to go ahead. The code of practice will include various over-arching requirements: cars must have a test driver, a data recorder must be fitted in the vehicle and the technology being used must be proven. In December 2014, the DfT announced plans to host driverless car testing projects in four UK locations. Businesses planning to test driverless cars in these locations include Ford, Jaguar and Land Rover, with Axa and RSA the insurance partners for the tests. The tests will be supported by £19 million in UK Government funding. The UK Government has also promised a full review of current relevant legislation by the summer of 2017.

The UK is not alone. A number of countries, including Germany, Sweden and Japan and four U.S. states have announced plans or have developed regulation to facilitate driverless vehicles.

Existing Law

Fully automated vehicles already operate in various locations around the world (eg London Heathrow’s Personal Rapid Transport system which links Terminal 5 with a perimeter car park). Crucially, however, these vehicles operate in controlled environments and not on public roads. Before driverless cars become commonplace on our roads, governments will need to make changes to regulations, common practice and conventions governing interaction between road users and car maintenance to enable this new exciting technology.

The USA was the first country to introduce legislation to permit the testing of driverless cars. However, to date, only four states have done so, whilst 15 states are reported to have rejected draft legislation related to automated driving. Across the EU and Asia, legislators and authorities are considering what changes need to be made to law and regulation to accommodate automated car technology.

In the UK, the relevant legislation, the Road Traffic Act 1988, is unsurprisingly based on the concept that there will always be a driver in control of a vehicle. Accordingly, changes both to the legislation and to the Highway Code and annual vehicle inspection (MOT) test guidelines will be needed to accommodate driverless car technology. In addition to ensuring the safety of users and pedestrians, questions of criminal and civil liability will need to be addressed. Indeed, in the recent DfT Report, the UK Government has agreed to review and amend domestic regulations by Summer 2017 to accommodate driverless vehicle technology, in addition to liaising with international stakeholders with an aim to finalising amendments to international regulations by the end of 2018.


Given that all vehicles, whether with a driver or without, are likely to break down or crash, the most critical concern with driverless car technology is who would be liable for collisions or other incidents. In a driverless car, potential accidents may range from a car ending up in the wrong location (due to a problem with the digital map or the navigation software) to a crash caused by a defect in the car (whether software or otherwise). Accordingly, in the event of an incident, there are a number of actors who would need to be considered when considering liability: the owner of the vehicle, the driver/occupant, the vehicle manufacturer, and the suppliers, e.g., software providers or other third-party manufacturers. In reality, this is not so very different from today’s cars – in most collisions there is a range of different people who may bear or share liability.

In addition, there is, of course, a wide spectrum of potential technology that could be involved with driverless cars, and this range will need to be reflected in how liability and responsibility are apportioned. In the UK, the DfT’s original review of driverless cars published in August 2014 identified three categories of vehicles:

·        Low automation – The driver remains fully responsible for the car and must be responsive to any emergencies. Existing features, such as anti-lock braking systems (ABS) or cruise control, would fall into this category.

·        High automation – The car is capable of operating on the road network without human intervention but is fitted with a full set of driving controls, and the driver is able and ready to assume control.

·        Full automation – The car is capable of operating on the road network without human intervention, and the driver does not need to be able and ready to assume control.

Currently, if a low-automation vehicle were to crash and inflict injury due to a design or manufacturing defect, under the Consumer Protection Act 1987, the manufacturer would be exposed to strict liability if the vehicle was not as safe as the driver should be entitled to expect (this is often referred to as the ‘consumer expectation test’). It is unlikely that these statutory requirements will change significantly in light of the release of high or fully automated vehicles, and the UK Department of Transport has stated that ‘the regime of strict manufacturer liability would continue to apply’. In fact, it’s anticipated that the consumer expectation test will become particularly pertinent for determining whether driverless car technology is defective or not. For example, consumers could argue that they were not fully informed of the safety features or the capacity of the technology. In the event of an accident, there are also very likely to be disputes about whether the driver should have intervened and taken over control and, if so, at what point.

While the scenarios will vary, in product liability terms, manufacturers of autonomous vehicles will not be so very different from manufacturers in other industries. They will have the same basic obligations to offer products that are safe and that function according to how they were marketed and sold, as well as the same set of legal exposures if they fail to do so. However, apportionment of responsibility for an accident will likely prove more difficult than determining product liability.

In a low-automation vehicle, given that the driver has the opportunity to take control over the car and avoid a crash, liability will remain with the driver. At the other end of the spectrum, if an accident were to take place involving a fully automated vehicle, the assumption may be that there is no responsibility for the occupant and total responsibility with the manufacturer, as the occupant would have a complete lack of control over the vehicle. Nevertheless, there may be third-party responsibilities that run alongside this, in line with basic legal principles; for example, contributory negligence could be assigned where an occupant interferes with the technology.

To counter this, manufacturers may try to reduce the risk of damage by insisting on real-time monitoring of vehicles and compulsory maintenance and support for the software and hardware used in fully automated vehicles. As such, it would appear that fully automated vehicles pose logistical, in addition to legal, issues.

Arguably, it is high-automation vehicles that pose the biggest question in terms of legal responsibility, as the driver would only be in control for part of the time, relinquishing responsibility to the manufacturer at the moment the technology takes over. Ideally, you would have a clean handover from driver to technology, so as to remove any question over where the responsibility lies. However, if the driver fails to take control of the vehicle where it was possible and reasonable to do so, this may result in claims for contributory negligence. Great thought will need to be given to this issue of transfer of control.

Consideration may also need to be given to whether manufacturers can assign responsibility entirely to insurers and if novel concepts such as ‘no-fault liability’ (e.g., for when two fully autonomous vehicles collide) should be introduced.

Undoubtedly, it will take some time for the technologies to become widely available and more familiar, and  it will take some time for the legal lines of responsibility to be drawn. In terms of the testing projects, the DfT has said that it will publish a Code of Practice for testing organisations in Spring 2015 to promote safety and best practice and clarify liability; a refusal to comply with the Code will be seen as ‘a clear indicator of negligence’.

The ‘Data Exhaust’

Cars already monitor and record data from a large (and ever-growing) number of sensors installed in the vehicle, including air pressure, engine temperature and fuel consumption. In addition, given the rise in telematics (whether for insurance purposes, accident alert or fleet management), a proportion of cars already include a black box telematics device.

As stated earlier, it is hoped that the accumulation of existing sensor data plus advanced driverless car technology will make roads safer, reduce congestion and pollution and generally aid traffic management plans and infrastructure improvements. However, none of this can happen without the wide-ranging collection and use of a whole host of data (including location data and journey records), much of which will constitute personal data.

Accordingly, another key issue that will need to addressed in the context of driverless cars is compliance with applicable privacy and data protection laws, as identified by the DfT in its 2014 review document. Any user of a driverless car will need to understand how their personal data will be used, for what purpose and by which parties. Accordingly, data controllers (whether manufacturers, software providers or other processing entities) will need to assess how their collection and use of personal data affects users’ privacy and must comply with applicable law. A number of issues will be triggered, for example, in terms of ownership, access, transfer and security and putting in place appropriate third-party data-processing arrangements. In addition, challenges will be posed by the fact that there could be multiple occupants of a driverless car and so multiple data subjects. In certain cases, eg, where sensitive personal data are gathered (for example, where a user is recorded driving to a place of worship), it may be necessary to obtain explicit consent for the use of such data.

The potential impact of connected cars on privacy has already been considered by various parties. For example, in Germany, in October 2014, the Conference of German Federal and State Data Protection Authorities adopted a resolution ‘Data Protection in the Car’. They expressed concern about the growing collection and processing of personal data in cars and the interests of various actors (car manufacturers, service providers, insurance companies, employers) in using the data. They indicated that Germany’s data protection authorities would work with manufacturers, suppliers and industry associations to set uniform data protection standards on a high level.

In the USA, in November 2014, the Alliance of Automobile Manufacturers (AMM) and Global Automakers (GA) reached agreement on privacy standards for securing data generated by computers and tracking systems used in vehicles.

Given big data analytics, the more extensive and varied the data that can be collected via a driverless car, the more potentially valuable that data will be to insurers and third parties and the more complex compliance issues may be. It will be vital for firms to treat data carefully in order to ensure compliance with applicable laws and maintain consumer confidence. In the competitive world of driverless cars, a manufacturer’s reputation may hinge on how well a manufacturer looks after its customers’ data. A company that is able to demonstrate that it takes privacy and security seriously will help build its reputation as a trusted provider.

More complexities arise in terms of the ownership of data that is generated in relation to driverless cars. Presently, it’s not clear whether it would be the individual user, the manufacturer or the software provider who would own the data. Further, if the driverless car is used in the course of providing a service (e.g., a taxi company), then the service provider may also have an interest in, and an agenda for, the data in terms of how such information could be used for various business purposes (eg focused marketing or improvement of service, etc.).


As with the Internet of Things, one of the biggest concerns with driverless cars is the potential risk of cybercrime. Driverless cars that are run by software and may be connected to the Internet, other vehicles and surrounding infrastructure provide hackers with more vulnerability to exploit and could pose significant security risks. It is not hard to imagine a disaster scenario where systems are hacked by criminals or terrorists, and we could end up with driverless car mayhem in our cities.

Indeed, in December 2014, UK Transport Minister, Claire Perry, said that the threat of cybercrime was a key barrier to driverless cars being widely adopted. Certainly, manufacturers will need to ensure that driverless cars have in-built security safeguards to prevent unauthorised use and technology, such as ‘kill switches’, to mitigate any cyber-attack that is launched.

The DfT has stated that ‘key Government and industry bodies [must] work closely together on protecting these technologies’ and it has promised to ‘liaise with manufacturers and stakeholders to ensure an appropriate level of protection from unauthorised access, control or interference’.

Intellectual Property

Given the perceived benefits of driverless car technology, the potential value of patents and other intellectual property rights in driverless car technology could be huge. The key technology powering driverless cars will be software (eg in the form of sensors, geo-location devices, digital maps, navigation software, etc.). No doubt the auto manufacturers and technology companies around the world will be seeking intellectual property right protection for their innovations. Indeed, in 2011 Google was awarded a US patent in respect of a method to switch a vehicle from controlled from human mode into a state where the car takes charge.


It is likely that we have years of rigorous testing ahead before driverless cars become an everyday reality on our roads. Over coming years, lawmakers will need to work with manufacturers, insurers and industry experts to create an appropriate legal framework for driverless cars without unduly hampering innovation.

However, as with many new technologies, the biggest obstacle to driverless cars may not be law and regulation, but psychology. When recently polled by, about 40% of British respondents said that they would not want to be driven around by a driverless car. Indeed, 15% said that they were horrified by the idea. It seems that public acceptance will be key to turning driverless car technology into the transportation game-changer of the 21st century.  

Susan McLean is of Counsel at Morrison & Foerster (UK) LLP, where she is a member of the Technology Transactions Group and the Global Sourcing Group.

Mercedes Samavi is a trainee solicitor at Morrison & Foerster (UK) LLP