Are uncrashable cars moving from an ambition to a necessity?
By Michael Allan
If the proposals of a UK legal review are implemented and copied internationally, operators of vehicles that are driving autonomously will become “users in charge”, manufacturers will become accountable as part of a very different regulatory system that assures safety, and autonomous vehicles (AVs) will need to become as good as uncrashable.
Although the vision of “autonomous driving” has been universally embraced, by consumers and industry alike, it was – until now – actually up to industry itself to define what they mean by “autonomy”. This prompted SAE International to come up with the, now widely adopted, Six Levels of Driving Automation, but a legal framework for autonomous vehicles was lacking: who is liable when things go wrong? 
Now a UK legal review in anticipation of future technology development and with a view to providing manufacturers with more clarity and certainty en route to market, has set out what it means for a vehicle to be “self-driving” as well as the legal ramifications for the user and the manufacturer .
Previously, regulations existed that stipulated requirements for trials of AVs, alongside more piecemeal legal changes in a number of jurisdictions, but this is the first coherent regulatory proposal of what will be required from manufacturers to sell millions of AVs. If implemented internationally, the proposals will also have far-reaching consequences for the way AVs are developed.
For the customer, the proposal sets out an attractive product proposition. If the “self-driving” features of such a vehicle are engaged, the “user in charge” would no longer face prosecution for violations by the vehicle of a wide range of traffic rules from dangerous or careless driving, to exceeding the speed limit or running a red light. “No more speeding tickets” sounds good.
But while manufacturers now have the benefit of clarity on what is required to develop and sell millions of AVs, they have also been given demanding homework.
To count as “self-driving”, cars would need to able to drive safely even if the human user is not monitoring the road, although the car may still issue a timely “transition demand” and expect the user to re-engage. In terms of the SAE Levels, we can think of “self-driving” as SAE Level 3.
This is a demanding threshold. To date, there is only one system at this level (on specified roads and under specified conditions) – the Mercedes Drive Pilot automated lane keeping system due in the S Class in 2022 – and the new proposals are at pains to distinguish “self-driving” systems from more common “driver assistance” features that require the driver to remain in charge and monitor the road.
Manufacturers taking on this liability as part of a new regulatory system is great for consumers, but manufacturers, especially the behemoths of the automotive industry, cannot shoulder this risk blindly. Before they offer to do so, they will need to ensure that their cars are just about uncrashable.
So what will be required to meet the new legal specification of a self-driving car?
Reliable sensors – rain or shine!
A self-driving car can only operate safely as long as its sensor suite is reliable and working, as we argued in a previous blog.
While the new proposals acknowledge that an AV may issue a transition demand if the conditions fall outside what an automated driving system can cope with, there would be limited value in autonomous features that work only in a narrow range of conditions, frequently ask the driver to reengage, or else bring the car to a stop with the emergency lights flashing.
More than ever, AVs will need sensor technologies that can reliably function under a wide range of conditions. There is still a technology gap between sensor technologies available today at scale and a reasonable price, and what the capabilities of sensors of future “self-driving” cars will need to be.
Validation – no driving test for AVs!
Automated driving features will need to pass authorisation for use by a new regulator, who will need to be satisfied that the technology integrated in a vehicle meets the safe “self-driving” threshold. As mentioned, this is a high bar. Although the review does not set out how the regulator will satisfy itself of this and describes the regulatory hurdle as a “test”, the process will clearly be nothing like a driving test.
Driving tests may be an acceptable way of certifying human drivers, but an AV could pass a “driving test”, but still be a liability on a motorway in the fog unless it was programmed to act differently in that situation. So, developers are likely to require systems that provide validatable safety by virtue of the way in which they have been developed and tested. Mercedes has done a lot of work on this and published its strategies . It’s likely that innovative solutions to this challenge will be required, such as the platform developed by UK start-up Five .
The new proposals also envisage that developers will be accountable to a regulator to update automated driving systems to continue to comply with changing traffic laws, road signs and so forth. As an example of this challenge, in the UK the rules for the right of way of bicycles and pedestrians over cars at intersections have changed considerably recently. A change of this kind would require very considerable software changes. So, somehow developers have to develop systems that can be updated. The regulator will also be looking to show that developers will stick around to provide these updates, which could give long-established companies an advantage to over start-ups.
We have previously suggested that there may be merit in introducing edge computing into AV sensors as a way of accelerating compute times, acquiring better data and reducing cost. If you distribute all computation to the edge, will you be able to update all the edge sensors? Edge computing lets the manufacturer use simpler communications rather than needing a wide pipe from the sensors to the processor, but now you need a wide enough pipe in the other direction to distribute software updates.
Imagine a dealership having to disassemble the body of a car to access the update port on each sensor and perform a software upgrade. Certainly, sensor developers need to think about leaving a door open, so to speak, for updates of their systems. At the same time, they will have to be careful not to leave the door open for cyber-criminals. Manufacturers recognise the importance of cyber-security in such a high-stakes environment, and the regulator will treat security issues and safety issues in much the same way.
While all of this sets a high bar for “self-driving” technology, perhaps the new proposals also offer a silver lining for vehicle manufacturers and developers of automated driving systems. Under the new proposals, once a system is in use, the developer will no longer have the threat of criminal liability hanging over them if something goes wrong, but instead become accountable as part of a new regulatory system that promotes learning from mishaps and making improvements for the future.
The sensors for autonomous vehicles are getting smarter, cheaper and more accurate. As the world gets closer to deploying autonomous vehicles at scale, TTP’s Autonomous Tech team are developing the enabling technologies and building the systems required to enable a safer future.
 Schuhmacher, A., Gassmann, O. & Hinder, M. Changing R&D models in research-based pharmaceutical companies. J Transl Med 14, 105 (2016).
Regaldo A. The race for an antibody drug. MIT Technology Review 123(3) (2020)
Lu, R., Hwang, Y., Liu, I. et al. Development of therapeutic antibodies for the treatment of diseases. J Biomed Sci 27, 1 (2020).
 Eyer, K., Doineau, R., Castrillon, C. et al. Single-cell deep phenotyping of IgG-secreting cells for high-resolution immune monitoring. Nat Biotechnol 35, 977–982 (2017).