Frank Henkel | Dimitri Schaff
With its high quality infrastructure and advanced research facilities and institutions such as the Automotive Campus, TNO Automotive, TU Eindhoven, TU Delft and TASS, the Netherlands provide an ideal environment for the development of autonomous vehicles. Several multinationals such as TomTom, Uber and Tesla are based in the Netherlands, making it an international centre for the automotive industry.
According to KPMG’s 2018 Autonomous Vehicles Readiness Index (AVRI) the Netherlands is the country most prepared for an autonomous vehicle future. The study judged 20 countries on their ability to adopt and integrate self-driving vehicles.
Although vehicles are increasingly equipped with automatic features and those features are still further developing, the Dutch government aims to take the lead in those developments and prepare the regulatory landscape of the Netherlands to be ready for their implementation. Autonomous vehicles are regarded as an opportunity to deliver a significant contribution to certain objectives regarding safety, accessibility and durability. Therefore, the Dutch government is currently in the process of developing the regulatory framework in accordance with the current technological developments. A progressive and cooperative government could strengthen the position of the Netherlands as a frontrunner with regard to autonomous vehicles.
While the Dutch traffic law is in some areas specific to the Netherlands, the essentials are comparable to other European countries and, to some extent, non-European countries.
(i) Different degrees of autonomous vehicles
For a good understanding of the current regulatory framework regarding autonomous vehicles the different degrees of these autonomous vehicles should be described. SAE International (a global association of scientists, engineers, and practitioners that advances self-propelled vehicle and system knowledge) works with five levels of automated driving. Level 0 being the full-time performance by the human driver of all aspects of the dynamic driving task, even when enhanced by warning or intervention systems. The five levels as identified by SAE are:
- Driver assistance: the driving mode-specific execution by a driver assistance system of either steering or acceleration/deceleration using information about the driving environment and with the expectation that the human driver perform all remaining aspects of the dynamic driving task.
- Partial automation: the driving mode-specific execution by one or more driver assistance systems of both steering and acceleration/ deceleration using information about the driving environment and with the expectation that the human driver perform all remaining aspects of the dynamic driving task.
- Conditional automation: the driving mode-specific performance by an automated driving system of all aspects of the dynamic driving task with the expectation that the human driver will respond appropriately to a request to intervene.
- High automation: the driving mode-specific performance by an automated driving system of all aspects of the dynamic driving task, even if a human driver does not respond appropriately to a request to intervene.
- Full Automation: the full-time performance by an automated driving system of all aspects of the dynamic driving task under all roadway and environmental conditions that can be managed by a human driver.
(ii) Current road traffic regulation in the Netherlands
(1) Dutch Road Traffic Act
The Dutch Road Traffic Act 1994 (Wegenverkeerswet 1994, WVW) contains the basis of the road traffic regulations in the Netherlands. Its aim is to achieve road safety and traffic flow and to prevent damage and hinder caused by traffic to others. The Traffic Rules and Signs Regulations 1990 (Reglement Verkeersregels en Verkeerstekens 1990, RVV) specify traffic rules and regulations.
(2) International and European regulation
As in Germany, the 1968 Vienna Convention on Road Traffic (VC) has been implemented in the Netherlands. By means of uniform traffic regulation the VC intends to facilitate international road traffic and to increase road safety. The VC is the successor of the Convention of Geneva.
Within the EU, Directive 2007/46/EC establishes a framework for the approval of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles. These rules govern the way vehicles should operate and how they should be designed. The purpose of the directive is to provide for a high level of road safety, health protection, environmental protection, energy efficiency and protection against unauthorised use. The directive has been implemented in the WVW.
The Global Technical Regulations are developed under the 1998 International Agreement on vehicle construction to which the EU is a Contracting Party. The Regulations cover the approval of the safety and environmental aspects of vehicles. They are managed by the World Forum for Harmonisation of Vehicle Regulations, a permanent working party of the UNECE. The Commission and EU countries take part in the technical preparatory work of the Forum and the Commission exercises the right to vote in the Forum on behalf of the EU. The UNECE Regulations are applicable under EU law.
(iii) Admissibility of autonomous vehicles under the current regulation
In the Netherlands, cars with automatic features, like adaptive cruise control, automatic parking and lane-keeping systems are allowed on the public road. As a result, vehicles are broadly equipped with these features. These features are not restricted by any regulation as, for the use of those features, a driver still has to be present and has to be in full control of the vehicle. Both the WVW and the VC refer to a driver, being ‘any person’. Therefore, it has so far been assumed a driverless vehicle is not admissible under current regulation.
As per the above, the Dutch government is in the process of amending the WVW to allow for the current technological developments in automated driving. In the explanatory memorandum of the proposed amendment to the WVW the Dutch Minister of Infrastructure and Water Management noted that neither the conventions (referred to above) nor the WVW explicitly require the driver to be in the vehicle. The definition of ‘driver’ as referred to in section 2 paragraph 1 subsection ‘n’ of the WVW does not mention where the driver has to be situated. It has always been implicitly assumed that the driver would have to be in the vehicle, simply because at the time of legislation that was the only way possible for driving a vehicle. These remarks have been recognised by several authorities with respect to this matter, such as the Dutch Council of State for advice.
Pursuant to the VC, a vehicle has to have a driver and that driver should focus on driving only. According to the report of the 72nd session of the UNECE-Working Party on Road Safety, neither the VC nor the Convention of Geneva mention where the driver has to be situated. It could be in- or outside the vehicle, as long as the driver is able to control the vehicle at all times. This is in line with the statement of the Dutch Minister. There is, however, no clear consensus yet whether these conventions are consistent with the execution of experiments without a driver. This is currently being investigated on an international level.
(iv) Vehicle registration
The Dutch Vehicle Authority (RDW) is the authority for registration of vehicles for admission to the road traffic. The RDW admits vehicles to the public traffic by registration, if those vehicles fulfil the requirements of the applicable legislation. Also internationally, the RDW plays a role in the certification of new vehicles. Many German manufacturers, as well as Tesla, have their new models certified by the RDW.
The RDW makes a distinction between vehicles with and vehicles without an EU type-approval. Vehicles with an EU type-approval are manufactured (often in large volumes) in accordance with European regulations and admitted by a national authority of an EU member state to the public road. These vehicles do not require a separate approval to be admissible to the public roads of other member states, such as the Netherlands. Vehicles without type-approval may be admissible to the public road, but require individual approval by the RDW. For EU type-approval the vehicle needs to fulfil all the requirements set out in the applicable EU-directives.
Pursuant to the Exceptional Transport (Exemptions) Decree (Besluit Ontheffingverlening Exceptionele Transporten) (which is a decree based on the WVW), the RDW is authorised to grant an exemption to the technical requirements in order to experiment with certain automated features on the public road. The exemptions mainly concern the vehicle requirements. The RDW is responsible for approval and therefore they are the appropriate party in the Netherlands that determines whether vehicles with automated features are suitable for testing on the public roads. The decree was last amended on 15 June 2015 to provide the RDW with powers of exemption. However, the amended decree is not sufficiently adapted to allow for experimenting with vehicles wherein no driver is present. This is, however, not prohibited by the VC (please see “Legislative developments” below).
(v) Legislative developments
(1) The Netherlands
Automated systems in vehicles are designed to support the driver in operating the vehicle. Systems that are able to administer specific functions (adaptive cruise control, lane assist) or all driving tasks (autopilot), either temporarily or permanently, are currently being developed in a rapid pace. To gain insight in these developments, the Dutch legislator has proposed an amendment to the WVW to facilitate the admissibility of experiments with autonomous vehicles on the public road. To a certain extent, these experiments – for certain automated driving functions – are already possible in accordance with section 149a paragraph 2 of the WVW in conjunction with the Exceptional Transport (Exemptions) Decree. However, this system for granting exemptions is insufficient for experiments with vehicles wherein no driver is present. A driver still has to be able to regain control in a conventional way. The proposed amendment therefore is explicitly meant for experiments where the driver is not situated in the vehicle to control it. Hence, fully automated or autonomous vehicles are not considered as such.
The proposed amendment makes it possible to derogate from the current requirements for the purpose of experiments for testing automated systems in vehicles, by means of a permit requirement. Such permit shall be prepared by the RDW and granted by the Dutch Minister of Infrastructure and Water Management. The pending proposal enlarges the scope of the current exemption powers of the RDW. The amendment does not modify the Decree nor does it affect the exemptions which have been granted up till now.
It is envisaged that in the near future many new automated driving systems being developed will all require experimenting.
The proposed amendment for conducting experiments without a driver being in the vehicle is expected to remain relevant for many years as a structural provision for testing new systems before being incorporated in new cars before they are permitted on public roads.
For domestic purposes, contracting States may grant exemptions from the provisions of Annex 5 (technical requirements) of the VC in respect of vehicles used for experiments whose purpose is to keep up with technical progress and improve road safety.
An amendment to the VC has been brought up for discussion by Belgium and Sweden, with regard to Article 8 of the VC. The amendment proposes a distinction/[modification?] on several levels of automated systems which could take over certain driving tasks.
With the Declaration of Amsterdam ”Cooperation in the field of connected and automated driving” of April 2016, the EU member states, the European Commission and the private sector agreed to work together to facilitate the introduction of connected and automated driving on Europe’s roads by 2019, by changing the road network, traffic rules and applicable legislation.
B. Liability and insurance
Under the current Dutch liability framework, multiple parties could be held liable by the injured in the event of a road accident involving an autonomous vehicle due to a technical failure.
(i) Liable parties
Under the general liability regime, the driver can be held liable for accidents caused by autonomous vehicles. A driver would be liable if he failed to intervene in a situation which lead to an accident. A second example of a driver’s liability might be the situation in which the driver lets the vehicle drive itself, whilst being aware that the latest essential software has not been updated which means the autonomous driving system could be subject to malfunctions.
(2) Owner / Keeper (vulnerable road users)
The registered owner of a motorised vehicle is subject to strict liability in case of accidents injuring vulnerable road users (e.g. cyclists and pedestrians) under section 185 of the WVW. The registered owner is obligated to take out a compulsory liability insurance.
The same liability regime applies to a person temporary holding a vehicle (under a hire purchase agreement or otherwise) or to a person holding a vehicle in permanent use in a capacity other than the owner.
If the registered owner, or those persons to which the same regime applies, does not drive the vehicle himself but instead lets it be driven by another, he remains liable for accidents caused by this other person. The legal qualification of allowing another person to drive the car is not limited to purposely allowing another to use the vehicle but also exists, for example, when leaving the keys easily accessible to others.
Could an accident caused by an (partially) autonomous vehicle be considered force majeure?
The owner or keeper can avoid liability on the basis of section 185 WVW if he proves that the accident was caused due to circumstances beyond his control. Under current Dutch case law, a successful force majeure defence is limited to instances in which the accident is solely caused by the victim or a third person. Technical failures, albeit totally unforeseeable, do not pose an exception to this general rule. The same will most likely apply to accidents caused by technical failures of an intelligent, self-driving software system. In fact, the bar for causes solely attributable to the victim might be further raised with the involvement of an autonomous vehicle. For example, a victim dressed in black crossing the street at night, depending on the circumstances, might currently result in a force majeure for the car owner in the event of an accident. Such a person should however be clearly visible for a radar controlled autonomous vehicle and hence a force majeure defence would be unlikely in that event.
(3) The position of motorised victims
Non-vulnerable road users cannot claim damages under section 185 WVW. For liability actions, they will have to rely on general Dutch liability law (see a. Driver).
The possessor of a vehicle is subject to a strict liability regime if the vehicle is defective. A possessor under Dutch law is a person, usually the owner, who physically has control over the vehicle.
Pursuant to section 173 of Book 6 of the Dutch Civil Code, a possessor may be held liable for injuries to persons or goods caused by a vehicle that is defective. The vehicle is deemed defective if it does not meet certain requirements which one may normally expect (as further detailed in section 173 of Book 6 of the Dutch Civil Code). The definition of the term “defectiveness” is in line with defectiveness applied for product liability (see d. Product Liability).
The possessor is exempted from liability in case he proves that the defect causing the danger existed at the time the manufacturer brought the product onto the market. This exemption does not apply to the liability of owners and keepers of a vehicle.
C. Product liability
Pursuant to section 185 of Book 6 of the Dutch Civil Code, the manufacturer is liable for damages caused by a defective product. Defectiveness might arise from manufacturing failures, meaning that the product’s condition is different from the desired condition. Moreover, a design failure may be considered a defect, for example, if the product does not meet industry standards at the time of its market introduction. Lastly, errors or omissions concerning instructions might qualify as a defect.
A product is deemed to be defective if it does not meet certain requirements which one may normally expect, in view of all circumstances at hand. This standard sets the bar for autonomous vehicles relatively high. One cannot expect an autonomous vehicle to operate completely free of accidents. However, developers do claim that autonomous vehicles are or will be safer than those operated by regular drivers. In light thereof, one might expect that a self-driving vehicle at least meets the safety levels of an ideal driver. As mentioned before, an autonomous vehicle is most likely superior to one driven by a human being in numerous circumstances, for example at night.
Under this liability regime, not only the manufacturer of the vehicle itself but also the manufacturers of certain defective parts might be liable. This may give rise to complex liability questions.
Another complicating factor is the self-learning ability of autonomous vehicles. This might raise the overall expectation of the performance of the vehicle over time. It may also impair one’s ability to set expectations. For example, Google’s self-driving car has exceeded driving 3 million kilometres in Californian conditions. This does not mean the vehicle will be able to perform as well in other circumstances, such as slipperiness.
An autonomous vehicle that fails to meet the standard of an ideal human driver would most probably be deemed defective. This leaves unaffected that a self-driving vehicle that fails to meet even higher standards could be deemed defective as well (also applicable to possessor’s liability, see c. Possessor).
Under Dutch law, a victim of an accident might have several options in case of an accident involving an autonomous vehicle as multiple parties may be liable. In case of an accident due to a technical failure involving a non-motorised victim, the driver might be able to rebut liability. The non-motorised victim will be able to hold the keeper or owner liable (often the same person as the driver) more easily due to the strict liability regime under section 185 WVW. The injured party will have a direct action against the insurer of the keeper or owner. Therefore, the injured party will most likely claim damages from the keeper or owner (respectively their insurers).
Non-vulnerable victims will have to rely on the general liability regime, as strict liability under section 185 WVW does not apply. These victims could try to claim damages from the insurer of the driver or from the possessor. Due to the absence of a strict liability regime in this regard, a motorised victim does not have one option that is more favourable than others.
The party held liable (respectively its insurer) could then claim recourse from the manufacturer in the event of an accident due to a technical failure. If accidents are caused due to technical failures, a significant shift in de facto liability to the manufacturer could therefore occur.
(ii) Legislative developments
Currently the Dutch legislator does not have any proposals or draft regulations in relation to changes to the liability regime. As per the above, the Dutch government is, however, paving the way for test driving with autonomous vehicles. In this regard, the legislator mentioned that for the test period no changes to the liability laws of the Netherlands are necessary. This indicates that for the actual introduction of automated driving, new legislation concerning liability and autonomous vehicles is likely to be put in place. In addition, numerous legal scholars have opined that changes are inevitable and necessary.
D. Cyber security and data protection
The topic of autonomous vehicles cannot be looked at without considering the matter of data protection. As described in further details below, automatised cars today and especially fully autonomous vehicles in the future operate by collecting and processing numerous data, which may be traced back to a specific individual. Several legal challenges, especially for the manufacturer of such vehicles, or the provider of connected services, arise from this situation. In this whitepaper we are pointing out the main legal aspects of data privacy and autonomous vehicles and illustrate the current status of legislation in the EU and the Netherlands concerning this issue.
(ii) Personal data related to autonomous vehicles
Many of the data collected by autonomous vehicles (in particular location data, sensor data, etc.) are regularly deemed as “personal data” according to the EU and Dutch Data Protection Laws (now the Dutch Data Protection Act and as of May 2018 the EU General Data Protection Regulation (GDPR)), as such data relates to the owner, driver or passenger of a vehicle. Further, autonomous vehicles generate data attributed to the vehicle’s IP address, which is also considered personal data. In detail, in order to assess whether the personal data is collected and who is the (responsible) controller, one has to distinguish between “online” and “offline” vehicles. In the case of cars with no internet connection, the data saved “inside” the vehicle will be collected by the person or organisation who reads it out, usually the car garage which then is considered to be the controller i.e., the responsible entity. In practise, it is not expected that there will be many “offline” autonomous vehicles as data sharing is an important way of improving the functionality of the system.
Today, vehicles are “learning machines”, which, in order to predict the behaviour of traffic participants, must be able to “think” as a human being. This is done by collecting sensor data, which are stored, analysed and shared in order to recognise patterns of behaviour from other traffic participants. An example of this would be that the autonomous vehicle must have the ability to recognise the movements and glances of playing children to determine if they are about to run onto the road.
An “artificial swarm intelligence” can be created by networking the vehicles among themselves and with the manufacturer, in the course of which vehicles participate in the “learning progress” of the others. The “data collection” is then carried out at the time of transmission and those persons or companies that control and analyse this data would be considered the responsible controllers. These could either be the vehicle manufacturers or third parties (such as IT specialists engaged by the manufacturer). Service providers such as network operators, portal operators or app providers will likely qualify as “data processor” as they will process the data in accordance with the instructions of the manufacturer. It remains to be seen to what extent classical car manufacturers will offer the underlying IT services, or if they will solely serve as hardware producers, while other companies build and operate the underlying IT system allowing for the “intelligence” to be installed into the vehicle. In each case, EU data protection laws require full transparency, which actor in this concert is responsible for what, and who has control over which data.
(iii) Fair processing
As a general principle in data protection laws, each entity processing personal data as a controller needs a legal basis to do so. For selling and offering services around autonomous vehicles, this basis may include:
- Contract: A company may process its customers’ data if such processing is required to fulfil the contract for the provision of the service with the customer.
- Legitimate interest: A company may also rely on its legitimate interests, i.e., has to demonstrate that the processing is necessary for the purposes of the legitimate interests pursued by the company, except in cases in which those interests are overridden by interests or fundamental rights and freedoms of the data subject [(i.e., the consumer)].
- Consent: A company may also opt to process data with the explicit prior consent from the affected individual, probably the driver or owner of the vehicle. This is, however, not recommended given that the individual may at any time withdraw his or her consent.
None of the above grounds apply in all cases. On the contrary, the legal situations of autonomous vehicles are complex with many different players involved with each having different purposes for the data collected. Given this complexity, setting up the data protection framework for services on autonomous vehicles requires a diligent legal review of the specific type of collection, storing, and processing of data that is in use. The data processed for the transportation service itself is usually subject to the legal ground of performance of a contract. But it is necessary to analyse the contractual relationships between the owner of the car, the manufacturer, the service/platform providers on the one hand and the respective driver or passenger on the other. Particular importance could arise in cases of shared vehicle services or the offer of driving services.
Secondly, a controller may be able to invoke the legitimate interest ground where the processing is not strictly required for the performance of the contract. In order to rely on a legitimate interest, the privacy of the individual should be balanced against the interest that the controller has in using the data. Examples where a legitimate interest may be useful are for purposes of service improvement or other technical processing which may not be strictly required for the service provision which is governed by the contract.
Finally, permission for processing of personal data might also be provided by consent. The GDPR states several requirements for such consent. First, it must be freely given and “informed”, which means that a particular person must always exactly know what he agrees with. Consent is presumed not to be freely given, if the provision of a service is dependent on the consent despite the data processing for which the consent is asked not being necessary for such performance. As indicated, a withdrawal of a given consent must be possible at any time. Car manufacturers and/or dealers could meet these requirements by informing the buyer of the exact data collection and processing procedures in their car. The required transparency and the possibility of withdrawal could be implemented in such a way that the current connection status of the vehicle is displayed to the driver or passenger by means of standardised symbols in the cockpit that allows him to activate or deactivate the connection at any time. An example where consent may be appropriate would be in collecting data and using it to offer the driver/individual restaurant or hotel suggestions based on historical behaviour.
In any case, before processing personal data, the data controller (the car manufacturer) should always consider whether processing is necessary and proportionate for the purposes it needs to achieve e.g. where feasible technical measures like anonymisation or pseudonymisation should be implemented.
Under the current Dutch Personal Data Protection Act, data controllers have to notify the Dutch Data Protection Authority of any data processing. This principle is abolished and replaced by the new accountability rule under the GDPR that comes into effect in [May 2018]. In short, data controllers should ‘map’ their data collection and processing in order to create transparency and minimise the impact. Accountability entails both being compliant with the GDPR as well as demonstrating being compliant at all times.
At the core of accountability lies the so-called “privacy by design.” Through a “privacy impact assessment”, data flows are identified and assessed. Data protection risks can then be identified and appropriate safeguards and measures can be implemented by the controller. This process should enable the data controller to be constantly aware of what data is processed, how it is used and what risks the processing and collection might entail. The data controller can then implement measures such as anonymisation or data encryption to ensure the minimisation of data security issues.
Autonomous vehicles will heavily rely on ongoing collection and use of data location. Manufacturers and software providers that make use of this information need to ensure the data processing is done with appropriate safeguards and for the right purposes.
The GDPR, furthermore, requires a great deal of transparency. The data subject needs to be made aware of which data is being collected, for what end and how the data will be treated. For manufacturers and other data controllers involved, this means they should actively communicate to the data subject what is being done with his or her data.
In short, the accountability principle under the GDPR requires manufacturers and other controllers to be constantly aware what data they collect and what risks that collection might entail. Accountability should ensure compliance and enable the controller to show compliance at all times. This way, controllers can take appropriate measures to maximise data security. Lastly, controllers should actively communicate which data is collected and how it will be treated.
(v) Legislative developments
In its coalition agreement, the newly formed Dutch government (October 2017) sets out the intention to regulate the ownership and use of data related to autonomous driving. As of yet, there are no specific details known or draft regulations to execute this item on the new government’s agenda.