In 2021, European lawmakers and agencies issued a number of proposals to regulate artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAV”), and data privacy, as well as reports and funding programs to pursue the developments in these emerging areas.  From the adoption of more stringent cybersecurity standards for IoT devices to the deployment of standards-based autonomous vehicles, federal lawmakers and agencies have also promulgated new rules and guidance to promote consumer awareness and safety. While our team tracks developments across EMEA, this roundup focuses on a summary of the key developments in Europe in 2021 and what is likely to happen in 2022.

Part I: Internet of Things

With digital policy being a core priority for the current European Commission, the EU has pursued a range of initiatives in the area of IoT.  These developments tend to be interspersed throughout a range of policy and legislative decisions, which are highlighted below.

Connecting Europe Facility and IoT Funding

In July 2021, the European Parliament and Council of the EU adopted a regulation establishing the Connecting Europe Facility (€33.7 billion for 2021-2027) to accelerate investment in trans-European networks while respecting technological neutrality.  In particular, the regulation noted that the viability of “Internet of Things” services will require uninterrupted cross-border coverage with 5G systems, to enable users and objects to remain connected while on the move.  Given that 5G deployment in Europe is still sparse, road corridors and train connections are expected to be key areas for the first phase of new applications in the area of connected mobility and therefore constitute vital cross-border projects for funding under the Connecting Europe Facility.  The Parliament had also called earlier for “stable and adequate funding” for investments in AI and IoT, as well as for building transport and ICT infrastructure for intelligent transport systems (ITS), to ensure the success of the EU’s data economy.

In May 2021, the Council adopted a decision establishing a specific research funding programme (€83.4 billion for 2021-2027) under Horizon Europe.  In specifying the EU’s priorities, the decision identified the importance of IoT in health care, cybersecurity, key digital technologies including quantum technologies, next generation Internet, space, and satellite communications.

Safety and Security of IoT

In June 2021, the Parliament adopted a resolution calling for tighter EU cybersecurity standards for connected devices, apps and operating systems, amid recent cyberattacks on critical infrastructure in the EU.  It recommended that connected products and associated services, including supply chains, be made secure-by-design, resilient to cyber incidents, and quickly patched if vulnerabilities are discovered.

The resolution welcomed the European Commission’s plans to propose horizontal legislation on cybersecurity requirements for connected products and associated services and recommended that the Commission harmonize national laws in order to avoid the fragmentation of the Single Market.  The text also demanded legislation imposing cybersecurity requirements for apps, software, embedded software (that control various devices and machines that are not computers) and operating systems (software that runs a computer’s basic functions) by 2023.

Consumer IoT

In January 2022, the Commission published the results of its inquiry into the consumer IoT sector launched earlier in July 2020.  The report’s aim was to assess the sector’s competitive landscape, emerging trends and potential competition issues.  It noted that European smart home revenue will more than double between 2020 and 2025 (from €17 billion to €38.1 billion).  While the consumer IoT sector is still developing, the sector inquiry was prompted by indications of company behavior that may be conducive to distortion of competition.  The Commission’s report will contribute to its standardization strategy and upcoming legislative and non-legislative initiatives aimed at clarifying and improving the standard essential patent (SEP) framework.  It will also feed into the ongoing legislative debate on the scope of the Digital Markets Act (DMA) and specifically into some of the obligations proposed.

Part II:  Connected and Automated Vehicles

In 2021, the groundwork has been laid for regulating the CAV sector. Legislative developments at the national level were the main focus in this context. However, it is also apparent at the EU level that substantial legislative changes are on their way, so we can expect to see some developments in this regard in 2022. This is reflected by the fact that the authorities are paving the way for increasing regulation of the automotive sector through funding programs and standards.

Legislative Updates

The development dynamics in the field of automated, autonomous and connected driving is evident these days.  In 2021, Federal lawmakers focused their legislative proposals on adopting a legal framework for the use of autonomous vehicles.  As a pioneer, the German government has come forward with the enactment of the German Autonomous Driving Act as of 12 July 2021 which is supposed to provide a temporary solution until harmonized rules are in place at the EU level (so far Regulation (EU) 2018/858: always requires a person in charge of the vehicle and thus full steerability of the vehicle).  The law includes regulations of the technical requirements for the manufacturing, design and equipment of motor vehicles with autonomous driving functions, the inspection and procedure for the granting of an operating licence by the Federal Motor Vehicle Transport Authority (Kraftfahrt-Bundesamt), obligations of the persons involved in the operation of the autonomous vehicles, data processing which will be needed for the operation, and the adaptation and creation of uniform provisions to facilitate autonomous vehicle testing.

In this respect, the French decree amending the provisions of the Highway Code and the Transport Code as of 1 July 2021 is also worth mentioning which allows a driver to disclaim liability when the automated driving system operates in accordance with its conditions of use.  It further regulates the interaction between the driver and the automated driving system as well as the expected attention from the driver when the automatic driving system is engaged and allows the autonomous vehicles to be operated on predefined routes and zones starting in September 2022.

Regulatory Updates

The European Commission just recently adopted the first Work Programme for the digital part of the Connecting Europe Facility (CEF Digital), which defines the scope and objectives of the EU-supported actions that are necessary to improve Europe’s digital connectivity infrastructures.  These actions will receive more than €1 billion in funding between 2021 and 2023.  A key action that CEF Digital supports is the implementation of digital connectivity infrastructures related to cross-border projects in the areas of transport or energy and supporting operational digital platforms directly associated to transport or energy infrastructures.

Besides, the International Organization for Standardization (ISO) and SAE International published a standard that addresses the cybersecurity perspective in engineering of electrical and electronic (E/E) systems within road vehicles, and is supposed to help manufacturers keep abreast of changing technologies and cyber attack methods.

Legislative Proposals

In terms of legislative proposals, the European Commission plans to adopt a new directive “Adapting liability rules to the digital age and circular economy”.  The initiative was prompted by an evaluation of the Product Liability Directive 85/374/EEC and addresses challenges which arise when liability rules are applied to new emerging technologies (e.g. AI, IoT, CAV).  This Inception Impact Assessment proposes to adapt the framework to take into account developments related to the transition to a circular and digital economy in terms of liability for damage caused by new and refurbished products, and to address challenges associated with artificial intelligence.  This includes gaps and limitations that could potentially limit the scope and effectiveness of the Product Liability Directive if applied to the mobility systems on CAV.

Furthermore, the European Commission published a proposal for a directive amending Directive 2010/40/EU on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport (“proposed ITS Directive”).  The proposed ITS Directive is supposed to cover new developments such as connected and automated mobility and online platforms allowing users to access several modes of transport.  The ecosystem envisaged in the proposed ITS Directive would be based on a set of standards and aims enable interoperability and continuity of ITS applications, systems and services, and therefore connectivity and data exchange between vehicles, transport providers and infrastructure operators.  This shall be implemented by making essential ITS services mandatory throughout the EU.

UK Developments

Apart from the EU developments, the UK Centre for Connected and Autonomous Vehicles has issued a series of reports about research projects regarding CAV issues, for example, on future transport innovations, and a market forecast capturing the latest changes in the global CAV market and advances in technology.

Part III:  Artificial Intelligence and Data Privacy

We have addressed the developments with respect to Artificial Intelligence and data privacy separately.

*          *          *

We will continue to closely monitor the regulatory and policy developments on IoT and CAV in EMEA – please watch this space for further updates.

Photo of Sophie Herold Sophie Herold

Sophie Herold is an associate in Covington’s Frankfurt office and a member of our Food, Drug and Device Practice and our Data Privacy and Cybersecurity Practice. She advises clients on a broad range of regulatory and compliance matters.

Sophie advises clients on all…

Sophie Herold is an associate in Covington’s Frankfurt office and a member of our Food, Drug and Device Practice and our Data Privacy and Cybersecurity Practice. She advises clients on a broad range of regulatory and compliance matters.

Sophie advises clients on all aspects of pharmaceutical and medical device regulation, clinical research, advertising, data protection and other regulatory issues over the entire product lifecycle. She also counsels clients on legal, contractual and privacy issues that affect digital health products and services. Besides, Sophie assists clients with data privacy and technology related matters, including medical apps, automated vehicles, IoT and AI-based devices.

Sophie’s practice includes advisory work. She also represents clients before authorities and in court.

Photo of Bart Szewczyk Bart Szewczyk

Having served in senior advisory positions in the U.S. government, Bart Szewczyk advises on European and global public policy, particularly on technology, trade and foreign investment, business and human rights, and environmental, social, and governance issues, as well as conducts international arbitration. He…

Having served in senior advisory positions in the U.S. government, Bart Szewczyk advises on European and global public policy, particularly on technology, trade and foreign investment, business and human rights, and environmental, social, and governance issues, as well as conducts international arbitration. He also teaches grand strategy as an Adjunct Professor at Sciences Po in Paris and is a Nonresident Senior Fellow at the German Marshall Fund.

Bart recently worked as Advisor on Global Affairs at the European Commission’s think-tank, where he covered a wide range of foreign policy issues, including international order, defense, geoeconomics, transatlantic relations, Russia and Eastern Europe, Middle East and North Africa, and China and Asia. Previously, between 2014 and 2017, he served as Member of Secretary John Kerry’s Policy Planning Staff at the U.S. Department of State, where he covered Europe, Eurasia, and global economic affairs. From 2016 to 2017, he also concurrently served as Senior Policy Advisor to the U.S. Ambassador to the United Nations, Samantha Power, where he worked on refugee policy. He joined the U.S. government from teaching at Columbia Law School, as one of two academics selected nationwide for the Council on Foreign Relations International Affairs Fellowship. He has also consulted for the World Bank and Rasmussen Global.

Prior to government, Bart was an Associate Research Scholar and Lecturer-in-Law at Columbia Law School, where he worked on international law and U.S. foreign relations law. Before academia, he taught international law and international organizations at George Washington University Law School, and served as a visiting fellow at the EU Institute for Security Studies. He also clerked at the International Court of Justice for Judges Peter Tomka and Christopher Greenwood and at the U.S. Court of Appeals for the Third Circuit for the late Judge Leonard Garth..

Bart holds a Ph.D. from Cambridge University where he studied as a Gates Scholar, a J.D. from Yale Law School, an M.P.A. from Princeton University, and a B.S. in economics (summa cum laude) from The Wharton School at the University of Pennsylvania. He has published in Foreign AffairsForeign PolicyHarvard International Law JournalColumbia Journal of European LawAmerican Journal of International LawGeorge Washington Law ReviewSurvival, and elsewhere. He is the author of three books: Europe’s Grand Strategy: Navigating a New World Order (Palgrave Macmillan 2021); with David McKean, Partners of First Resort: America, Europe, and the Future of the West (Brookings Institution Press 2021); and European Sovereignty, Legitimacy, and Power (Routledge 2021).