Last week, Covington dispatched a team of connected and automated vehicles (“CAV”) practitioners to participate in the Mcity Congress, in Ann Arbor, Michigan.  Lawyers from our Technology and IP Transactions, Public Policy, Product Safety and Liability, and Insurance practice groups presented a series of observations and insights around mitigating liability in the CAV industry, and we saw first-hand what’s happening at the cutting edge of CAV technology.

Mcity at the University of Michigan is a public-private partnership designed to lead the transition to CAVs.  In addition to leveraging Michigan’s leading technology and behavioral science research capabilities, Mcity is home to a one-of-a-kind CAV test facility, which industry, government, and academia use “to improve transportation safety, sustainability, and accessibility for the benefit of society.”  Covington is proud to be an affiliate member of Mcity, partnering with industry stakeholders, public entities, and academics to examine the constellation of issues surrounding CAVs.

The Covington CAV Team checks out Mcity's connected and autonomous test vehicle
The Covington CAV Team checks out Mcity’s connected and autonomous test vehicle.  From left to right, Jake Levine (Public Policy), Jennifer Johnson (Communications, Media, and IoT), Sarah Wilson (Product Safety and Liability), John Buchanan (Insurance), Brandon Palmen (Technology and IP Transactions)

 

We appreciated the opportunity to share our expertise in an industry so central to many of our clients at the intersection of technology, transportation, mobility, and entertainment.  We presented views on how to mitigate legal liability in an extremely dynamic market, and considered potential transactional, product liability, insurance and state and federal regulatory models to best address emerging liability risks.  We also had the opportunity to meet innovators and leaders in transportation technology and planning, including Silicon Valley entrepreneurs, Detroit manufacturers, urban planners, and academic researchers.  We attempt to distill key takeaways here:

1. Industry Is Not Waiting for Regulation — or Clarity on Liability

Since the U.S. House of Representatives passed “highly automated vehicles” legislation, the SELF-DRIVE Act, more than one year ago, there has been little legislative progress in the Senate or otherwise.  Similarly, while the federal Executive Branch has continued to advance guidance, see Preparing for the Future of Transportation: Automated Vehicles 3.0 (“AV 3.0”) and proposed rulemaking, see 83 Fed. Reg. 50,872 (Pilot Program for Collaborative Research on Motor Vehicles With High or Full Driving Automation), its guidance continues to take a “light” regulatory form, which focuses on removing regulatory barriers to private sector innovation and a potential new pilot program for testing CAV on the roads, rather than erecting new mandatory rules.[1]  NHTSA has made clear, however, in its ANPRM, that it is preparing for highway CAV and will exercise its broad federal safety regulatory authority, including over software providers of products and services used in CAVs. Id at 50,875.

Sarah Wilson, of Covington's Product Safety and Liability Practice Group, speaks to model policy to address possible products liability issues in the CAV industry
Sarah Wilson speaks to potential policy models to address possible products liability issues in the CAV industry.

States have stepped into the relative void left by Congress and the Administration.  California, for example, has developed regulatory pathways for permitting driverless vehicle testing, without passengers (California Department of Motor Vehicles), and with passengers (California Public Utilities Commission).  Other states, such as Arizona and Nevada, have pursued a more hands-off approach, allowing CAV companies to pursue research, development, and testing with few regulatory requirements.  And others still, such as Pennsylvania, have taken a middle-of-the-road approach, providing a framework for voluntary compliance with regulatory guidelines.

While regulatory guidance emerges as a patchwork of various state-level regulations, innovators have launched products and are driving millions of miles — actual and simulated — in self-driving cars.  Given the dearth of official guidance, some leaders in the CAV space have expressed an interest in and are indeed developing a set of industry-led standards for interoperability and safety.  Mobileye’s “Responsible Sensitive Safety” initiative, or “RSS,” is one such example.  Intel, which announced its acquisition of Mobileye in March of 2017, calls RSS a “vetted nonproprietary industry safety model,” which would allow for vehicle interaction designed with consumer safety in mind.  This is the type of approach that might help to eventually inform more formal modes of regulatory design and policy making.

Brandon Palmen delivers a presentation about mitigating liability through contract and other transactional values
Brandon Palmen delivers a presentation about mitigating liability through contract and other transactional means.

Similarly, while the standards for liability in a CAV world remain uncertain, leaders in industry are hardly waiting for courts to issue decisions providing more guidance.  This may be an opportunity for innovators in CAV technology, law, and public policy to consider developing their own legislative models for CAV liability and insurance standards.  For example, in light of public benefits from CAVs such as enhanced accessibility for the elderly and disabled, as well as the overall reduction of traffic accidents from human error, the CAV industry could work with Congress to develop an accident compensation scheme analogous to the federal Vaccine Injury Compensation Act or the anti-terrorism SAFETY Act; Covington has been deeply involved in crafting such programs as alternatives to tort law compensation mechanisms.  Absent such a liability-mitigating federal program, many states can be expected to extend mandatory no-fault insurance laws to CAVs as a first-instance accident compensation scheme; but product liability under the current legal framework, with its attendant high transaction costs, will likely remain a risk exposure for the CAV industry at least for the near term.  Accordingly, not only current auto insurance policies, but also insurance products for cyber and product liability risks, will need to adapt to provide appropriate loss protection and risk distribution for the CAV industry and individual vehicle owners.  At the same time, CAV companies are routinely negotiating liability- and risk-shifting terms in their partnership deals, which are prevalent in the CAV industry. CAV companies also are considering how models for service terms that apply to riders can be adapted for the new issues that arise with CAVs.

Suzanne Bell, in our Technology and IP Transactions Practice Group, addresses a question from insurance stakeholders as to how recent transactions have addressed liability issues
Suzanne Bell addresses a question from insurance stakeholders as to how recent transactions have addressed liability issues.

2. Cybersecurity Risks Are More Serious than You Think

Cybersecurity and data protection have consistently emerged as challenges with any new technology.  But with the prospect of connected and automated vehicles carrying passengers at scale, this cybersecurity challenge presents potentially devastating implications for our digital infrastructure and our physical safety.  Mcity reinforced the importance of designing vehicles with cybersecurity risk in mind.  It has been well-known for some time that vehicles are vulnerable to traditional short- and long-range wireless attacks, such as “buffer overflow,” which can manipulate CAVs’ use of cellular or bluetooth communications technology to force vehicles to download viruses or other code through the Internet.  See, e.g., Checkoway, Comprehensive Experimental Analyses of Automotive Attack Surfaces (2011).  We explored these threats at Mcity, but we also discussed some emerging research in the field of non-Internet vehicle vulnerabilities.  For example, CAVs’ increasing reliance on computer vision (whether a combination of radar and  camera, or LIDAR) may increase their exposure to “analog” threats, such as beams of acoustic or radio waves designed to disrupt CAVs’ ability to see and understand the road.

Governments are aware of these vulnerabilities.  In August, 2017, for example, the UK’s Department for Transport (DfT) issued Key Principles of Cyber Security for Connected and Automated Vehicles.  Similarly, NHTSA’s AV 3.0 asserts that “[i]t is the responsibility of ADS [automated driving systems] developers, vehicle manufacturers, parts suppliers, and all stakeholders who support transportation to follow best practices, and industry standards, for managing cyber risks in the design, integration, testing, and deployment of ADS.”  The Federal Trade Commission and the Federal Communications Commission have similarly acknowledged and studied the risks associated with dedicated short-range communications (DSRC), and other vehicle-to-vehicle, vehicle-to-road, and vehicle-to-infrastructure (collectively, “V2X”) technologies that could provide additional unique channels for potential cyber attacks.  Clearly, the level of coordination required between local, state, and federal authorities is significant, and will present continuing safety — and corresponding liability — challenges for private sector actors.

Jake Levine delivers a presentation about state-level regulatory action in connected and automated vehicles
Jake Levine delivers a presentation about federal and state-level regulatory action in connected and automated vehicles.

3. Autonomy Will Come in Fits and Starts — But for the Skeptics, It’s Already Here

Perhaps the most meaningful takeaway was the most obvious one: the self-driving future we’ve all been waiting for is already here.  As we participated in the Mcity Congress, a Level 4 automation Mcity shuttle could be seen through a large window in the conference center driving itself on its scheduled rounds through the campus.

No doubt much more is to come.  Many members of Mcity and other presenters, notwithstanding their achievements, nonetheless framed their discussion within the context of the early stages of an industry.  For example, mapping and sensing technology companies championed their work to map the world around them at a resolution of one centimeter — and then they challenged themselves to re-map the same roads, and cities, and regions at a granularity of one millimeter.  Similarly, vehicle vision technology, is continually being refined, upgraded, integrated, and reinvented.  Over-the-air updates are one manifestation of the inflection point in which the industry finds itself: whereas improvements in braking or vehicle range would have ordinarily required a mechanical intervention, or at least a visit to a service center to receive an electric control unit upgrade, users can now download these fixes directly, and wirelessly, from the Internet.

The bottom line is that CAVs already have taken to the roads, albeit largely under human supervision.  And, in the spirit of Mcity, they’ve taken to the roads in intentionally challenging scenarios.  As Mcity’s Director, Dr. Huei Peng suggested, the industry should not be focused on the “boring” miles; only “interesting” miles, Dr. Huei explained, involving complex traffic, weather, geographical, or otherwise challenging situations will push operating boundaries, and allow CAVs and CAV developers to learn new skills and gain new abilities.

John Buchanan, of Covington's Insurance Practice Group, poses a question of the panel
John Buchanan, who also presented on insurance issues, poses a question about cybersecurity risk to the panel.

Given all of the investment, enthusiasm, and technology development pouring into this space, we are confident that the law and regulation will continue to evolve at an accelerated clip.  CAV companies will want to work with each other to develop technology and innovate on business models; they’ll want to engage collaboratively with regulators and lawmakers to establish the right industry policies; and, ultimately, they’ll dedicate themselves to understanding their customers and delivering the best technology products in the market.  As we work with our CAV clients, we will continue to monitor those changes in the law, help clients to craft their commercial transactions, and navigate emerging legislative, regulatory, liability and insurance issues.  To that end, we will have more to come right here.  In the meantime, please see our previous updates focused on connected and automated vehicles for additional insights into the future of mobility.

[1] See NHTSA, Automated Driving Systems 2.0: A Vision for Safety (Sep. 2017) (“In this document, NHTSA offers a nonregulatory approach to automated vehicle technology safety.”)  Note NHTSA’s clarification that “AV 3.0 builds upon — but does not replace — voluntary guidance provided in Automated Driving Systems 2.0.”  AV 3.0 at viii.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Sarah Wilson Sarah Wilson

Sarah L. Wilson is a litigation partner and former federal judge whose practice focuses on litigation and investigations. Ms. Wilson chairs the firm’s Product Safety Practice Group. She advises products manufacturers on product safety laws, and has represented the world’s largest automotive and…

Sarah L. Wilson is a litigation partner and former federal judge whose practice focuses on litigation and investigations. Ms. Wilson chairs the firm’s Product Safety Practice Group. She advises products manufacturers on product safety laws, and has represented the world’s largest automotive and consumer product companies in recall and post-recall investigations and disputes. She has handled a broad range of civil and criminal disputes, including consumer protection and product liability disputes, False Claims Act litigation, environmental and natural resources litigation, insurance litigation, pharmaceutical and consumer product company investigations, and arbitration.

Photo of Jennifer Johnson Jennifer Johnson

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors…

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors, television companies, trade associations, and other entities on a wide range of media and technology matters. Jennifer has almost three decades of experience advising clients in the communications, media and technology sectors, and has held leadership roles in these practices for almost twenty years. On technology issues, she collaborates with Covington’s global, multi-disciplinary team to assist companies navigating the complex statutory and regulatory constructs surrounding this evolving area, including product counseling and technology transactions related to connected and autonomous vehicles, internet connected devices, artificial intelligence, smart ecosystems, and other IoT products and services. Jennifer serves on the Board of Editors of The Journal of Robotics, Artificial Intelligence & Law.

Jennifer assists clients in developing and pursuing strategic business and policy objectives before the Federal Communications Commission (FCC) and Congress and through transactions and other business arrangements. She regularly advises clients on FCC regulatory matters and advocates frequently before the FCC. Jennifer has extensive experience negotiating content acquisition and distribution agreements for media and technology companies, including program distribution agreements, network affiliation and other program rights agreements, and agreements providing for the aggregation and distribution of content on over-the-top app-based platforms. She also assists investment clients in structuring, evaluating, and pursuing potential investments in media and technology companies.

Photo of John Buchanan John Buchanan

John Buchanan, senior counsel in Covington’s Washington office and the firm’s first Insurance Practice Group Coordinator, has represented policyholders in insurance coverage advocacy, dispute resolution and counseling for nearly four decades. His practice has ranged from the early DES and asbestos coverage…

John Buchanan, senior counsel in Covington’s Washington office and the firm’s first Insurance Practice Group Coordinator, has represented policyholders in insurance coverage advocacy, dispute resolution and counseling for nearly four decades. His practice has ranged from the early DES and asbestos coverage litigation to claims for some of the largest cyber losses in history. John has litigated, arbitrated or negotiated a wide variety of complex property and casualty insurance claims, from railroad derailment claims to satellite-in-orbit claims, and from silver-theft claims to cyber claims. The National Law Journal named him an Insurance Trailblazer in 2021, and Best Lawyers has twice named him Washington Insurance Lawyer of the Year. Chambers USA has also consistently recognized him in its national rankings for insurance coverage lawyers (currently as Senior Statesman, previously in Band 1), as have Best of the Best USA, Who’s Who Legal and other peer reviewed lawyer registries.

John became involved with emerging cyber-related coverage issues in the mid-1990s and co-authored one of the earliest treatise chapters on cyber insurance coverage in 2001. Starting with the network intrusion and payment card thefts discovered by TJX in 2006, he has represented policyholders pursuing claims for losses arising from data breaches reported to involve tens of millions of compromised records. John also regularly advises businesses in the management of their cyber and cyber-physical risks, such as those arising from products or services involving the Internet of Things (IoT)-, Artificial Intelligence (AI), Connected and Autonomous Vehicles (CAVs), and the Metaverse or “Web3.”