Last week, Covington dispatched a team of connected and automated vehicles (“CAV”) practitioners to participate in the Mcity Congress, in Ann Arbor, Michigan.  Lawyers from our Technology and IP Transactions, Public Policy, Product Safety and Liability, and Insurance practice groups presented a series of observations and insights around mitigating liability in the CAV industry, and we saw first-hand what’s happening at the cutting edge of CAV technology.

Mcity at the University of Michigan is a public-private partnership designed to lead the transition to CAVs.  In addition to leveraging Michigan’s leading technology and behavioral science research capabilities, Mcity is home to a one-of-a-kind CAV test facility, which industry, government, and academia use “to improve transportation safety, sustainability, and accessibility for the benefit of society.”  Covington is proud to be an affiliate member of Mcity, partnering with industry stakeholders, public entities, and academics to examine the constellation of issues surrounding CAVs.

The Covington CAV Team checks out Mcity's connected and autonomous test vehicle
The Covington CAV Team checks out Mcity’s connected and autonomous test vehicle.  From left to right, Jake Levine (Public Policy), Jennifer Johnson (Communications, Media, and IoT), Sarah Wilson (Product Safety and Liability), John Buchanan (Insurance), Brandon Palmen (Technology and IP Transactions)

 

We appreciated the opportunity to share our expertise in an industry so central to many of our clients at the intersection of technology, transportation, mobility, and entertainment.  We presented views on how to mitigate legal liability in an extremely dynamic market, and considered potential transactional, product liability, insurance and state and federal regulatory models to best address emerging liability risks.  We also had the opportunity to meet innovators and leaders in transportation technology and planning, including Silicon Valley entrepreneurs, Detroit manufacturers, urban planners, and academic researchers.  We attempt to distill key takeaways here:

1. Industry Is Not Waiting for Regulation — or Clarity on Liability

Since the U.S. House of Representatives passed “highly automated vehicles” legislation, the SELF-DRIVE Act, more than one year ago, there has been little legislative progress in the Senate or otherwise.  Similarly, while the federal Executive Branch has continued to advance guidance, see Preparing for the Future of Transportation: Automated Vehicles 3.0 (“AV 3.0”) and proposed rulemaking, see 83 Fed. Reg. 50,872 (Pilot Program for Collaborative Research on Motor Vehicles With High or Full Driving Automation), its guidance continues to take a “light” regulatory form, which focuses on removing regulatory barriers to private sector innovation and a potential new pilot program for testing CAV on the roads, rather than erecting new mandatory rules.[1]  NHTSA has made clear, however, in its ANPRM, that it is preparing for highway CAV and will exercise its broad federal safety regulatory authority, including over software providers of products and services used in CAVs. Id at 50,875.

Sarah Wilson, of Covington's Product Safety and Liability Practice Group, speaks to model policy to address possible products liability issues in the CAV industry
Sarah Wilson speaks to potential policy models to address possible products liability issues in the CAV industry.

States have stepped into the relative void left by Congress and the Administration.  California, for example, has developed regulatory pathways for permitting driverless vehicle testing, without passengers (California Department of Motor Vehicles), and with passengers (California Public Utilities Commission).  Other states, such as Arizona and Nevada, have pursued a more hands-off approach, allowing CAV companies to pursue research, development, and testing with few regulatory requirements.  And others still, such as Pennsylvania, have taken a middle-of-the-road approach, providing a framework for voluntary compliance with regulatory guidelines.

While regulatory guidance emerges as a patchwork of various state-level regulations, innovators have launched products and are driving millions of miles — actual and simulated — in self-driving cars.  Given the dearth of official guidance, some leaders in the CAV space have expressed an interest in and are indeed developing a set of industry-led standards for interoperability and safety.  Mobileye’s “Responsible Sensitive Safety” initiative, or “RSS,” is one such example.  Intel, which announced its acquisition of Mobileye in March of 2017, calls RSS a “vetted nonproprietary industry safety model,” which would allow for vehicle interaction designed with consumer safety in mind.  This is the type of approach that might help to eventually inform more formal modes of regulatory design and policy making.

Brandon Palmen delivers a presentation about mitigating liability through contract and other transactional values
Brandon Palmen delivers a presentation about mitigating liability through contract and other transactional means.

Similarly, while the standards for liability in a CAV world remain uncertain, leaders in industry are hardly waiting for courts to issue decisions providing more guidance.  This may be an opportunity for innovators in CAV technology, law, and public policy to consider developing their own legislative models for CAV liability and insurance standards.  For example, in light of public benefits from CAVs such as enhanced accessibility for the elderly and disabled, as well as the overall reduction of traffic accidents from human error, the CAV industry could work with Congress to develop an accident compensation scheme analogous to the federal Vaccine Injury Compensation Act or the anti-terrorism SAFETY Act; Covington has been deeply involved in crafting such programs as alternatives to tort law compensation mechanisms.  Absent such a liability-mitigating federal program, many states can be expected to extend mandatory no-fault insurance laws to CAVs as a first-instance accident compensation scheme; but product liability under the current legal framework, with its attendant high transaction costs, will likely remain a risk exposure for the CAV industry at least for the near term.  Accordingly, not only current auto insurance policies, but also insurance products for cyber and product liability risks, will need to adapt to provide appropriate loss protection and risk distribution for the CAV industry and individual vehicle owners.  At the same time, CAV companies are routinely negotiating liability- and risk-shifting terms in their partnership deals, which are prevalent in the CAV industry. CAV companies also are considering how models for service terms that apply to riders can be adapted for the new issues that arise with CAVs.

Suzanne Bell, in our Technology and IP Transactions Practice Group, addresses a question from insurance stakeholders as to how recent transactions have addressed liability issues
Suzanne Bell addresses a question from insurance stakeholders as to how recent transactions have addressed liability issues.

2. Cybersecurity Risks Are More Serious than You Think

Cybersecurity and data protection have consistently emerged as challenges with any new technology.  But with the prospect of connected and automated vehicles carrying passengers at scale, this cybersecurity challenge presents potentially devastating implications for our digital infrastructure and our physical safety.  Mcity reinforced the importance of designing vehicles with cybersecurity risk in mind.  It has been well-known for some time that vehicles are vulnerable to traditional short- and long-range wireless attacks, such as “buffer overflow,” which can manipulate CAVs’ use of cellular or bluetooth communications technology to force vehicles to download viruses or other code through the Internet.  See, e.g., Checkoway, Comprehensive Experimental Analyses of Automotive Attack Surfaces (2011).  We explored these threats at Mcity, but we also discussed some emerging research in the field of non-Internet vehicle vulnerabilities.  For example, CAVs’ increasing reliance on computer vision (whether a combination of radar and  camera, or LIDAR) may increase their exposure to “analog” threats, such as beams of acoustic or radio waves designed to disrupt CAVs’ ability to see and understand the road.

Governments are aware of these vulnerabilities.  In August, 2017, for example, the UK’s Department for Transport (DfT) issued Key Principles of Cyber Security for Connected and Automated Vehicles.  Similarly, NHTSA’s AV 3.0 asserts that “[i]t is the responsibility of ADS [automated driving systems] developers, vehicle manufacturers, parts suppliers, and all stakeholders who support transportation to follow best practices, and industry standards, for managing cyber risks in the design, integration, testing, and deployment of ADS.”  The Federal Trade Commission and the Federal Communications Commission have similarly acknowledged and studied the risks associated with dedicated short-range communications (DSRC), and other vehicle-to-vehicle, vehicle-to-road, and vehicle-to-infrastructure (collectively, “V2X”) technologies that could provide additional unique channels for potential cyber attacks.  Clearly, the level of coordination required between local, state, and federal authorities is significant, and will present continuing safety — and corresponding liability — challenges for private sector actors.

Jake Levine delivers a presentation about state-level regulatory action in connected and automated vehicles
Jake Levine delivers a presentation about federal and state-level regulatory action in connected and automated vehicles.

3. Autonomy Will Come in Fits and Starts — But for the Skeptics, It’s Already Here

Perhaps the most meaningful takeaway was the most obvious one: the self-driving future we’ve all been waiting for is already here.  As we participated in the Mcity Congress, a Level 4 automation Mcity shuttle could be seen through a large window in the conference center driving itself on its scheduled rounds through the campus.

No doubt much more is to come.  Many members of Mcity and other presenters, notwithstanding their achievements, nonetheless framed their discussion within the context of the early stages of an industry.  For example, mapping and sensing technology companies championed their work to map the world around them at a resolution of one centimeter — and then they challenged themselves to re-map the same roads, and cities, and regions at a granularity of one millimeter.  Similarly, vehicle vision technology, is continually being refined, upgraded, integrated, and reinvented.  Over-the-air updates are one manifestation of the inflection point in which the industry finds itself: whereas improvements in braking or vehicle range would have ordinarily required a mechanical intervention, or at least a visit to a service center to receive an electric control unit upgrade, users can now download these fixes directly, and wirelessly, from the Internet.

The bottom line is that CAVs already have taken to the roads, albeit largely under human supervision.  And, in the spirit of Mcity, they’ve taken to the roads in intentionally challenging scenarios.  As Mcity’s Director, Dr. Huei Peng suggested, the industry should not be focused on the “boring” miles; only “interesting” miles, Dr. Huei explained, involving complex traffic, weather, geographical, or otherwise challenging situations will push operating boundaries, and allow CAVs and CAV developers to learn new skills and gain new abilities.

John Buchanan, of Covington's Insurance Practice Group, poses a question of the panel
John Buchanan, who also presented on insurance issues, poses a question about cybersecurity risk to the panel.

Given all of the investment, enthusiasm, and technology development pouring into this space, we are confident that the law and regulation will continue to evolve at an accelerated clip.  CAV companies will want to work with each other to develop technology and innovate on business models; they’ll want to engage collaboratively with regulators and lawmakers to establish the right industry policies; and, ultimately, they’ll dedicate themselves to understanding their customers and delivering the best technology products in the market.  As we work with our CAV clients, we will continue to monitor those changes in the law, help clients to craft their commercial transactions, and navigate emerging legislative, regulatory, liability and insurance issues.  To that end, we will have more to come right here.  In the meantime, please see our previous updates focused on connected and automated vehicles for additional insights into the future of mobility.

[1] See NHTSA, Automated Driving Systems 2.0: A Vision for Safety (Sep. 2017) (“In this document, NHTSA offers a nonregulatory approach to automated vehicle technology safety.”)  Note NHTSA’s clarification that “AV 3.0 builds upon — but does not replace — voluntary guidance provided in Automated Driving Systems 2.0.”  AV 3.0 at viii.

Photo of Suzanne Bell Suzanne Bell

Suzanne Bell has more than 20 years of experience representing some of the world’s most prominent technology companies in their most significant technology and intellectual property transactions. Recognized as a leading practitioner in Chambers USA for her “wealth of experience,” clients describe her…

Suzanne Bell has more than 20 years of experience representing some of the world’s most prominent technology companies in their most significant technology and intellectual property transactions. Recognized as a leading practitioner in Chambers USA for her “wealth of experience,” clients describe her as “service-oriented, delivering high-quality work product in a practical and friendly manner.”

Suzanne focuses on technology and IP transactions—with an emphasis on complex strategic alliances—for a wide range of software, electronics, AI, IoT, autonomous vehicle, telecommunications, cloud computing, digital media, Internet, fintech, digital health, and clean technology companies. Her practice also includes: strategic intellectual property asset purchases and sales; technology mergers, acquisitions, and spin-offs; and intellectual property litigation settlement agreements. In addition to her transactional work, Suzanne provides product counseling and advice on structuring business models for emerging technology companies and traditional companies that are embracing technology. She works with both growth and mature companies, and she has advised many of Silicon Valley’s most prominent companies from start-up to maturity. Her experience includes significant recent transactions in the CAV industry. Suzanne is co-chair of the firm’s Technology and IP Transactions Practice Group.

Photo of Sarah Wilson Sarah Wilson

Sarah Wilson is a litigation and investigations partner who chairs the firm’s market-leading Product Safety Practice Group. Her clients include the world’s largest global consumer and commercial products manufacturers across a range of industries, including consumer packaged goods, automotive vehicles and equipment, aviation…

Sarah Wilson is a litigation and investigations partner who chairs the firm’s market-leading Product Safety Practice Group. Her clients include the world’s largest global consumer and commercial products manufacturers across a range of industries, including consumer packaged goods, automotive vehicles and equipment, aviation, electronics, life sciences, and information technology. Sarah has successfully represented clients in the largest recalls and safety-related investigations in recent history, including airbags, fire extinguishers, single load liquid laundry packets, toxic chemicals in household products, lithium-ion battery-powered laptops, car seats, and electric bikes and scooters. Sarah assists clients in developing cutting edge recall policies, compliance program enhancements, and voluntary safety standards.

Prior to joining Covington, Sarah served in several high-ranking federal government positions, including as a federal judge on the U.S. Court of Federal Claims, as Senior and Associate Counsel to the President, and as a Deputy Assistant Attorney General and Trial Attorney in the Department of Justice.

Photo of Jennifer Johnson Jennifer Johnson

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors…

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors, television companies, trade associations, and other entities on a wide range of media and technology matters. Jennifer has almost three decades of experience advising clients in the communications, media and technology sectors, and has held leadership roles in these practices for almost twenty years. On technology issues, she collaborates with Covington’s global, multi-disciplinary team to assist companies navigating the complex statutory and regulatory constructs surrounding this evolving area, including product counseling and technology transactions related to connected and autonomous vehicles, internet connected devices, artificial intelligence, smart ecosystems, and other IoT products and services. Jennifer serves on the Board of Editors of The Journal of Robotics, Artificial Intelligence & Law.

Jennifer assists clients in developing and pursuing strategic business and policy objectives before the Federal Communications Commission (FCC) and Congress and through transactions and other business arrangements. She regularly advises clients on FCC regulatory matters and advocates frequently before the FCC. Jennifer has extensive experience negotiating content acquisition and distribution agreements for media and technology companies, including program distribution agreements, network affiliation and other program rights agreements, and agreements providing for the aggregation and distribution of content on over-the-top app-based platforms. She also assists investment clients in structuring, evaluating, and pursuing potential investments in media and technology companies.

Photo of John Buchanan John Buchanan

John Buchanan, senior counsel in Covington’s Washington office and the firm’s first Insurance Practice Group Coordinator, has represented policyholders in insurance coverage advocacy, dispute resolution and counseling for nearly four decades. His practice has ranged from the early DES and asbestos coverage litigation…

John Buchanan, senior counsel in Covington’s Washington office and the firm’s first Insurance Practice Group Coordinator, has represented policyholders in insurance coverage advocacy, dispute resolution and counseling for nearly four decades. His practice has ranged from the early DES and asbestos coverage litigation to claims for some of the largest cyber losses in history. John has litigated, arbitrated or negotiated a wide variety of complex property and casualty insurance claims, from railroad derailment claims to satellite-in-orbit claims, and from silver-theft claims to cyber claims. The National Law Journal named him an Insurance Trailblazer in 2021, and Best Lawyers has twice named him Washington Insurance Lawyer of the Year. Chambers USA has also consistently recognized him in its national rankings for insurance coverage lawyers (currently as Senior Statesman, previously in Band 1), as have Best of the Best USA, Who’s Who Legal and other peer reviewed lawyer registries.

John became involved with emerging cyber-related coverage issues in the mid-1990s and co-authored one of the earliest treatise chapters on cyber insurance coverage in 2001. Starting with the network intrusion and payment card thefts discovered by TJX in 2006, he has represented policyholders pursuing claims for losses arising from data breaches reported to involve tens of millions of compromised records. John also regularly advises businesses in the management of their cyber and cyber-physical risks, such as those arising from products or services involving the Internet of Things (IoT)-, Artificial Intelligence (AI), Connected and Autonomous Vehicles (CAVs), and the Metaverse or “Web3.”
John speaks and writes frequently on novel or emerging risks, including in recent years the insurance issues arising from the Metaverse, the COVID-19 pandemic, AI and robotics, “InsurTech,” CAVs, the IoT, blockchain, drones, and social engineering fraud. He has taught a graduate-level course on Insurance Litigation at U.Conn. Law School’s Insurance Law Center, and he co-chaired the American College of Coverage Counsel/U.Conn. Virtual Mini-Symposium on pandemic liability coverage in late 2020.

Among other bar activities, John has served as an appointed Adviser to the American Law Institute’s Restatement of the Law of Liability Insurance, as well as on the Members’ Consultative Groups for the ALI’s Compliance, Enforcement, and Risk Management Principles project and the Restatement (Third) of Torts. He currently co-chairs the Cyber Subcommittee of the ABA Litigation Section’s Insurance Coverage Litigation Committee (ICLC), as well as the Cyber, Computer & Emerging Risks Committee of the American College of Coverage Counsel, of which he is an elected Fellow. He has also served on the ABA Dispute Resolution Section’s Task Force on Improving Mediation Quality; as an elected member of the Steering Committee of the Law Practice Management Section of the DC Bar; on the ABA Task Force for a Manual on Complex Insurance Coverage Litigation; on the Nomination Committee of the ACCC; and in various leadership roles for the ICLC, including as past Website Co-Editor-in-Chief and Co-chair of its annual meeting.

John is a graduate of Harvard Law School, Oxford University, and Princeton University. After clerking on the U.S. Court of Appeals for the Third Circuit, he has spent his entire legal career at Covington.

Photo of Brandon Palmen Brandon Palmen

Brandon Palmen assists clients in a wide range of industries with their commercial and intellectual property transactions. He drafts and negotiates agreements with key customers, suppliers, and technology development partners, complex data and intellectual property license agreements, and agreements associated with mergers, acquisitions…

Brandon Palmen assists clients in a wide range of industries with their commercial and intellectual property transactions. He drafts and negotiates agreements with key customers, suppliers, and technology development partners, complex data and intellectual property license agreements, and agreements associated with mergers, acquisitions, investments, and joint ventures where technology and intellectual property rights are key assets or concerns. He regularly represents clients whose relevant products and services include artificial intelligence solutions, sensors, software, and services for connected and automated vehicles, virtual and augmented reality devices and services, cloud infrastructure and services, advertising platforms and services, social media platforms, semiconductors, digital health products, financial tools and software, online education services, mobile applications, and other electronics, software, cloud services, and digital content. Brandon also regularly advises clients on open source strategy and compliance and performs IP and commercial due diligence.