On 6 February 2019 the UK Government announced plans to move forward on advanced trials for automated vehicles. Whilst only limited scale trials of fully driverless cars have taken place to date in Europe and the United States, more extensive testing is expected on public roads in the UK by the end of the year. The Department for Transport (DfT) issued a statement confirming it is “on track to meet its commitment to have fully self-driving vehicles on UK roads by 2021”. This was accompanied by plans to strengthen the code of practice for testing automation safety.

The DfT described its announcement as a “major boost” to the UK connected and autonomous vehicles market and estimates the industry will be worth £52 billion by 2035. However, a number of commentators in the industry remain sceptical about whether the Government’s time scale is practical given the number of outstanding issues and areas still to finalise before driverless cars will be commonplace on UK roads (including in respect of the self-driving technology itself).

Appropriate data protection and cyber security measures also remain a key priority. The recent announcement follows the British Standards Institute publishing a new cyber security standard for connected and autonomous vehicles and their platforms in December 2018, which contains fundamental principles for the provision and maintenance of cyber security measures for increasingly connected transport ecosystems (i.e. comprising vehicles, related infrastructure and human elements).

The standard is applicable throughout the entire automotive lifecycle – from design through operation to decommissioning – to ensure that the vehicles and related systems remain protected once they have been delivered into the market and are eventually safely retired. This guidance is intended to “set a marker” for those developing self-driving car technology; it is not mandatory or intended to apply retroactively to existing vehicles and platforms.

The standard joins a growing body of legislation and guidance around connected and autonomous vehicles, including the government’s Key Principles of Cyber Security in Connected and Automated Vehicles (which the new standard is intended to be read alongside) and the Automated and Electric Vehicle Act 2018. Further legislation is expected once the Law Commission of England and Wales and the Scottish Law Commission conclude their current review into the legal framework required to support the use of autonomous vehicles into the UK. The ISO is currently at the committee stage in its development of a similar standard: ISO/SAE CD 21434 (Road Vehicles – Cybersecurity Engineering).