The National Highway Traffic Safety Administration (NHTSA) has issued a comprehensive policy on “automated vehicles,” more commonly known as self-driving cars.  Part of the U.S. Department of Transportation, NHTSA is the federal agency that has chief responsibility for regulating motor vehicle safety.  The new policy, issued September 20, 2016, is aligned with NHTSA’s core mission—to improve safety on U.S. roads and highways, and to facilitate the adoption of new technologies with the potential to save lives.  Despite the potential for self-driving cars to improve safety, they pose novel challenges to NHTSA’s current regulations, which prescribe detailed safety standards that apply to all new motor vehicles sold in the United States and which assume that vehicles are being operated by a human driver.  Under these existing regulations, motor vehicle manufacturers self-certify compliance with the standards but are not required to obtain prior approval to sell a new vehicle.

The new Federal Automated Vehicles Policy seeks to provide a framework for automated vehicle technologies that will give stakeholders and the public more clarity on a wide range of issues and particular guidance on vehicle performance and safety.  It also outlines the division of responsibilities between federal and state authorities in an effort to ensure that fragmented and inconsistent policies will not deter innovation.  Its model framework affirms federal authority over setting safety standards for new motor vehicles and equipment, including software used to operate self-driving cars, and state authority over licensing and registration, safety inspections, and the regulation of motor vehicle insurance and liability.  The policy also provides insights on how NHTSA’s current regulations can be applied to emerging automated vehicle technologies and recognizes that statutory changes may be necessary to give NHTSA better tools to address these technologies effectively.  As further detailed below, while the policy was largely effective on release, NHTSA is seeking comment from interested stakeholders for 60 days following release and will consider modifying the policy based on such comment.  It also clearly contemplates further rules, potentially including pre-market approval.

Vehicle Performance Guidelines and Safety Assessment

NHTSA’s Vehicle Performance Guidance provides an outline for best practices for anyone seeking to manufacture, design, test, use or sell automated vehicles or vehicle automation equipment in the United States.  The guidance focuses on highly automated vehicles (HAV) and applies to light, medium and heavy vehicles, whether developed for testing or production.  The key element of the guidance is the “Safety Assessment”—a 15-point study that should be completed prior to any testing or deployment of automated vehicles on public roads.  (For HAV systems already being tested or deployed, a safety assessment should be submitted within four months after conclusion of the federal Paperwork Reduction Act review process that governs its adoption of new rules).  NHTSA expects that this 15-point study may be refined or made mandatory in the future.  The guidance calls for manufacturers and other entities to do the following:

• Ensure that the vehicle complies with the Safety Standards or receives an exemption from those standards.
• Clearly define and document the Operational Driving Domain (ODD)—i.e., driving conditions—under which the automated driving system is intended to be used and the corresponding level of automation for that system.
• Have a documented process for assessment, testing and validation of the vehicle’s Object and Event Detection and Response (OEDR) capabilities—i.e., its ability to operate safely under the driving conditions for which the automated system is designed.  The OEDR should be designed to deal with a variety of conditions, including emergency vehicles, temporary work zones and other unusual conditions.
• Have a documented process for transitioning to a “minimal risk condition” when a problem is encountered—e.g., bring the vehicle safely to a stop if a system is not working properly or if it is being operated outside its intended driving conditions.
• Develop tests and validation methods to ensure a high level of safety in the operation of their HAVs.  This would include demonstrating the performance of the HAV system during normal operation and during crash avoidance situations, as well as its performance of “fallback” strategies to achieve a minimal risk condition.

Covered entities also should document how they meet NHTSA’s performance objectives on a wide range of additional criteria that apply to all automation functions on the vehicle (e.g., “cross-cutting” areas), including: data recording and sharing; privacy; system safety; vehicle cybersecurity; human-machine interface; crashworthiness; consumer education and training; registration and certification; post-crash behavior; compliance with federal, state and local laws governing vehicle operation; and ethical considerations.  These cross-cutting items will apply to all connected vehicles, not just highly automated vehicles.

Broader Implications

Data Sharing.  The NHTSA guidance recognizes that policies for data collection will be extremely important to form a solid basis for decision-making in the regulation of self-driving cars and will also help build consumer trust.  The guidance suggests that each entity engaged in the development, testing and deployment of HAVs develop a plan for sharing event reconstruction and other data with federal authorities and with other developers in order to improve the knowledge base for automated vehicle performance as the technology evolves.  Any sharing of data should be done in accordance with privacy and security agreements, or with user consent.  NHTSA is seeking additional input on many of these issues, including how data may be shared among industry participants and whether current standards bodies may be able to facilitate a uniform approach to data recording and sharing.  This topic is likely to be controversial in the highly competitive, nascent market for self-driving cars.  Some industry stakeholders have already expressed concern about the data sharing aspects of the guidelines.

Privacy.  Within the larger context of federal government efforts to develop consistent and coordinated approaches concerning privacy in the Internet of Things, the guidance highlights principles set forth in the White House Consumer Privacy Bill of Rights and Federal Trade Commission guidance.  In addition, the Alliance of Automobile Manufacturers and the Association of Global Automakers have also published Privacy Principles for Vehicle Technologies and Services.  The NHTSA guidance largely follows well-established principles, suggesting that manufacturers ensure:  (i) transparency in privacy and security notices that incorporate baseline protections; (ii) vehicle owner choice regarding the sharing, use and retention of data, including personally identifiable data; (iii) respect for context in determining whether data use is consistent with the purposes for which it was collected; (iv) minimization and de-identification of data collected; (v) deployment of data security measures commensurate with harm that would result from unauthorized disclosure; (vi) deployment of measures to maintain integrity of information collected; and (vi) accountability and compliance with applicable privacy notices and agreements. 

Cybersecurity.  The NHTSA guidance recognizes that more research is necessary before it can propose a regulatory standard for cybersecurity, but it encourages entities to design HAV systems in accordance with its own guidance, as well as best practices and design principles published by the National Institute for Standards and Technology, SAE International, the Alliance of Automobile Manufacturers, the Association of Global Automakers, the Automotive Information Sharing and Analysis Center (Auto-ISAC) and other relevant organizations.  The guidance suggests that covered entities fully document all actions relating to cybersecurity, including design choices, analyses and associated testing, and that industry share cybersecurity information and report discovered vulnerabilities to the Auto-ISAC.

Intellectual Property.  Entities conducting research in the area of autonomous cars will produce new technology developments and with them, new intellectual property.  That property should be protected via patents, trade secrets and copyrights, both domestically and abroad.  As the industry develops standards for safety, performance and other vehicle metrics, companies should be aware of their obligations when seeking to adopt standards covered by protected technologies.

Insurance.  The NHTSA guidance leaves insurance requirements to the states, but seeks to standardize insurance requirements for entities conducting tests of HAVs on public roads as part of a Model State Policy.  The guidance recommends that states require manufacturers to carry a minimum of $5 million in insurance or other funds as part of the approval process.  Manufacturers should closely monitor state insurance requirements to ensure compliance and consider whether such requirements are sufficient to protect their own financial interest.  Because of the uncertain development of tort liability for HAV accidents, manufacturers should expect to encounter wide volatility in insurance premiums as insurers work to develop actuarial models to accurately price the risk.

What’s Next?

Although most of the guidance is effective immediately, NHTSA has invited public comment on the full range of issues raised, including the vehicle performance guidance and safety assessment mechanism.  The comments in this proceeding could result in modifications or refinements in the guidance and may also help NHTSA inform new proposals it may make to amend or reinterpret existing rules to address automated vehicles.  Comments are due on November 22, 2016.

© 2016 Perkins Coie LLP