Law Commissions issue recommendations on future regulation of autonomous vehicles

The Law Commission of England and Wales and the Scottish Law Commission have published a joint report recommending new laws to regulate automated vehicles (AVs) in Great Britain. A new Automated Vehicle Act setting out new regulatory regimes and new legal actors has been recommended.

The report from the two bodies is the most significant development in respect of an autonomous future since the passage of the Automated and Electric Vehicles Act (AEV Act) in 2018.

 Driver responsibility

One of the key issues when considering increasingly sophisticated autonomous vehicles is the concept of when a driver can be said to be no longer legally responsible for the operation of an automated vehicle.  The Commissions were clear there needs to be a “clear-cut distinction” set out in legislation, making clear when a user is no longer responsible for a “dynamic driving task” (DDT). A DDT is summarised as driving tasks carried out on a day-to-day basis – steering, accelerating, braking, object detection and response.

To assist with this, a new authorisation scheme is recommended. The aim of such a scheme would be to decide whether any specific feature of an automated driving system can be identified as self-driving as a matter of law.

Once a vehicle is established as having automated driving system (ADS) features, and an ADS feature is engaged, the person in the driving seat would no longer be identified as a driver but a ‘user-in-charge’. A user-in-charge would have immunity from all offences arising from dynamic driving.

Proposed exceptions to this immunity would be where the user-in-charge took steps to override or alter the system so as to engage the ADS when it was not designed to function, or deliberately interfered with the functioning of the ADS. The user-in-charge will retain non-dynamic driver responsibilities such as obtaining insurance, securing loads and ensuring children are restrained.

Authorisation for a vehicle will be sought by an authorised self-driving entity (ASDE). An ASDE is defined as a manufacturer or developer that puts a vehicle forward for authorisation and takes responsibility for its actions. The ASDE and the in-use regulator would resolve any cases where the ADS feature causes the vehicle to be driven in a way that would be criminal if performed by a human driver.

 Civil liability

The Commissions stated that the AEV Act is “good enough for now” and that any substantive reform should be considered only once practical experience is gathered.

Therefore, the current proposals are that a person who suffers injury or damage will be covered by the provisions of the AEV Act. The insurer will compensate the victim directly, who will not need to prove that anyone was at fault. The insurer may then bring a secondary claim against any person or body responsible for the incident (such as potential product liability claims against the vehicle manufacturer). However, the Commissions made clear that a generic review of product liability law is desirable to ensure that new technologies (not just AVs) are appropriately accounted for.

The policy of insurance may also exclude liability to an insured who has failed to install software updates that the insured “knows, or ought reasonably to know, are safety-critical”.


Respondents were split on what it means for a vehicle to be sufficiently safe to drive itself. Some considered that vehicles only needed to be a little bit safer, while others argued that AVs need to be substantially safer than human drivers. The joint report states that this aspect is a political question and recommends that the new Act should require the Secretary of State for Transport to publish a safety standard, against which the safety of automated driving can be measured.

The report acknowledges that ongoing safety assurance is crucial and AVs will require “continuous regulatory oversight” to keep up with changes to road rules and the driving environment, as well as updates to available software and technology. It is recommended that an in-use safety regulator is created, which will:

  • Evaluate the safety of automated driving compared with conventional driving
  • Investigate road traffic infractions
  • Ensure that ASDEs provide information to users, clearly and effectively.

The report recommends that the in-use regulator should be under a statutory duty to devise measures to compare the safety of automated and conventional vehicles. The relevant data may be held by either an ASDE or a ‘no user-in-charge’ (NUIC) operator.

A NUIC operator will, among other things, be an organisation and will be required to have “oversight” of the vehicle. Such oversight would not need to monitor the live driving environment, but NUIC operator staff will “be expected to respond to alerts from the vehicle if it encounters a problem it cannot deal with, breaks down or is involved in a collision”.

Under the scheme, the in-use regulator would have powers to require information from both entities.


The data generated by AVs will be considerable and has raised considerable privacy concerns. The Commissions propose that ASDEs should present regulators with details of how data will be recorded, stored, accessed and protected. The regulator should only authorise a system as self-driving if these systems comply with data protection law.

To assess claims, insurers will need to rely on vehicle-generated data. The report concludes that storing data for three years to reflect the standard limitation period for bring legal claims is “broadly correct”.

However, it is acknowledged that claims often materialise on or shortly before limitation expires. As such, it is considered that the appropriate length of time for data to be stored is three years, plus three months for data to be requested and provided. During these additional three months, the insurer would be expected to act quickly to contact those holding the data, to ensure enough time to identify and preserve the data. The ASDE would be the data controller and it is for the ASDE to find and preserve the data before it is deleted.

Regarding data sharing, it is recommended that the new Act should impose a duty on those controlling AV data to disclose data to insurers, where data is necessary to decide claims fairly and accurately. This will provide a clear legal basis for data sharing.

Next steps

The report, which can be accessed here, has been laid before UK parliament and the Scottish parliament, for the UK, Scottish and Welsh governments to decide whether to accept the recommendations and introduce legislation to bring them into effect.

Contributed by Mark Hemsted and Vikki Melville, Clyde & Co

Back to top button