Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

Cyber standard developed for driverless cars

The release of a new cybersecurity standard for connected and autonomous vehicles could help inform future legislation to protect the vehicles of the future from hackers, an expert in autonomous vehicles technology and regulation has said.21 Dec 2018

Ben Gardner of Pinsent Masons, the law firm behind Out-Law.com, was commenting after the British Standards Institute (BSI) published the new cybersecurity standard, which it developed in partnership with businesses in the automotive industry, academics and the National Cyber Security Centre. Funding for the development of the standard was provided by the UK government.

"As automated technology continues to develop rapidly it is inevitable that standards will need to be put in place to protect against one of the key threats to connected and autonomous vehicles: cybersecurity," Gardner said. "This is one of the missing pieces of the jigsaw in that there are currently no uniform, clear set of standards which apply in the UK in respect of cybersecurity issues in current and future vehicles."

"The standards could lay the foundations of a future legal framework for cybersecurity issues to sit alongside current regulations which apply to the construction and use of vehicles and road traffic laws. This is one of the many grey areas where there is no clear set of legal rules to help guide manufacturers and technology providers and protect the ongoing functioning of the UK transport network," he said.

"Further announcements are likely to follow as the government and industry continues to grapple with the many legal issues that connected and autonomous vehicles pose," he said.

The BSI said the standard is based on guidelines developed by the UK Department for Transport (DfT) in conjunction with the Centre for the Protection of National Infrastructure (CPNI) and applies to "the entire automotive development and use life cycle", including design, production, operation and decommissioning of the vehicles.

Adoption of the standard is not mandatory for automotive businesses. In particular, the BSI said vehicle manufacturers, suppliers or service providers do not have to apply the standards to connected and autonomous vehicles that are already in use.

"[The standard] sets out fundamental principles on how to provide and maintain cybersecurity in relation to reducing threat and harm to products, services and systems within increasingly connected and collaborative intelligent transport ecosystems," the BSI has said.

The government said that the UK market for connected and automated vehicles is forecast to be worth up to £52 billion by 2035.

Jesse Norman, future of mobility minister, said: "As vehicles get smarter, major opportunities for the future of mobility increase. But so too do the challenges posed by data theft and hacking. This cybersecurity standard should help to improve the resilience and readiness of the industry, and help keep the UK at the forefront of advancing transport technology."

The Law Commission of England and Wales and the Scottish Law Commission are engaged in a three-year long review into the laws and regulations needed to support the introduction of autonomous vehicles in the UK. Last month, the Commissions opened their first consultation as part of that review and posed questions on a wide-range of legal issues, including cybersecurity risk.

The UK has already legislated in the area of civil liability for when things go wrong with the way autonomous vehicles operate with the Automated and Electric Vehicle Act.