In 2021, European lawmakers and agencies issued a number of proposals to regulate artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAV”), and data privacy, as well as reports and funding programs to pursue the developments in these emerging areas. From the adoption of more stringent cybersecurity standards for IoT devices to the deployment of standards-based autonomous vehicles, federal lawmakers and agencies have also promulgated new rules and guidance to promote consumer awareness and safety. While our team tracks developments across EMEA, this roundup focuses on a summary of the key developments in Europe in 2021 and what is likely to happen in 2022.
Part I: Internet of Things
With digital policy being a core priority for the current European Commission, the EU has pursued a range of initiatives in the area of IoT. These developments tend to be interspersed throughout a range of policy and legislative decisions, which are highlighted below.
Connecting Europe Facility and IoT Funding
In July 2021, the European Parliament and Council of the EU adopted a regulation establishing the Connecting Europe Facility (€33.7 billion for 2021-2027) to accelerate investment in trans-European networks while respecting technological neutrality. In particular, the regulation noted that the viability of “Internet of Things” services will require uninterrupted cross-border coverage with 5G systems, to enable users and objects to remain connected while on the move. Given that 5G deployment in Europe is still sparse, road corridors and train connections are expected to be key areas for the first phase of new applications in the area of connected mobility and therefore constitute vital cross-border projects for funding under the Connecting Europe Facility. The Parliament had also called earlier for “stable and adequate funding” for investments in AI and IoT, as well as for building transport and ICT infrastructure for intelligent transport systems (ITS), to ensure the success of the EU’s data economy.
In May 2021, the Council adopted a decision establishing a specific research funding programme (€83.4 billion for 2021-2027) under Horizon Europe. In specifying the EU’s priorities, the decision identified the importance of IoT in health care, cybersecurity, key digital technologies including quantum technologies, next generation Internet, space, and satellite communications.
Safety and Security of IoT
In June 2021, the Parliament adopted a resolution calling for tighter EU cybersecurity standards for connected devices, apps and operating systems, amid recent cyberattacks on critical infrastructure in the EU. It recommended that connected products and associated services, including supply chains, be made secure-by-design, resilient to cyber incidents, and quickly patched if vulnerabilities are discovered.
The resolution welcomed the European Commission’s plans to propose horizontal legislation on cybersecurity requirements for connected products and associated services and recommended that the Commission harmonize national laws in order to avoid the fragmentation of the Single Market. The text also demanded legislation imposing cybersecurity requirements for apps, software, embedded software (that control various devices and machines that are not computers) and operating systems (software that runs a computer’s basic functions) by 2023.
In January 2022, the Commission published the results of its inquiry into the consumer IoT sector launched earlier in July 2020. The report’s aim was to assess the sector’s competitive landscape, emerging trends and potential competition issues. It noted that European smart home revenue will more than double between 2020 and 2025 (from €17 billion to €38.1 billion). While the consumer IoT sector is still developing, the sector inquiry was prompted by indications of company behavior that may be conducive to distortion of competition. The Commission’s report will contribute to its standardization strategy and upcoming legislative and non-legislative initiatives aimed at clarifying and improving the standard essential patent (SEP) framework. It will also feed into the ongoing legislative debate on the scope of the Digital Markets Act (DMA) and specifically into some of the obligations proposed.
Part II: Connected and Automated Vehicles
In 2021, the groundwork has been laid for regulating the CAV sector. Legislative developments at the national level were the main focus in this context. However, it is also apparent at the EU level that substantial legislative changes are on their way, so we can expect to see some developments in this regard in 2022. This is reflected by the fact that the authorities are paving the way for increasing regulation of the automotive sector through funding programs and standards.
The development dynamics in the field of automated, autonomous and connected driving is evident these days. In 2021, Federal lawmakers focused their legislative proposals on adopting a legal framework for the use of autonomous vehicles. As a pioneer, the German government has come forward with the enactment of the German Autonomous Driving Act as of 12 July 2021 which is supposed to provide a temporary solution until harmonized rules are in place at the EU level (so far Regulation (EU) 2018/858: always requires a person in charge of the vehicle and thus full steerability of the vehicle). The law includes regulations of the technical requirements for the manufacturing, design and equipment of motor vehicles with autonomous driving functions, the inspection and procedure for the granting of an operating licence by the Federal Motor Vehicle Transport Authority (Kraftfahrt-Bundesamt), obligations of the persons involved in the operation of the autonomous vehicles, data processing which will be needed for the operation, and the adaptation and creation of uniform provisions to facilitate autonomous vehicle testing.
In this respect, the French decree amending the provisions of the Highway Code and the Transport Code as of 1 July 2021 is also worth mentioning which allows a driver to disclaim liability when the automated driving system operates in accordance with its conditions of use. It further regulates the interaction between the driver and the automated driving system as well as the expected attention from the driver when the automatic driving system is engaged and allows the autonomous vehicles to be operated on predefined routes and zones starting in September 2022.
The European Commission just recently adopted the first Work Programme for the digital part of the Connecting Europe Facility (CEF Digital), which defines the scope and objectives of the EU-supported actions that are necessary to improve Europe’s digital connectivity infrastructures. These actions will receive more than €1 billion in funding between 2021 and 2023. A key action that CEF Digital supports is the implementation of digital connectivity infrastructures related to cross-border projects in the areas of transport or energy and supporting operational digital platforms directly associated to transport or energy infrastructures.
Besides, the International Organization for Standardization (ISO) and SAE International published a standard that addresses the cybersecurity perspective in engineering of electrical and electronic (E/E) systems within road vehicles, and is supposed to help manufacturers keep abreast of changing technologies and cyber attack methods.
In terms of legislative proposals, the European Commission plans to adopt a new directive “Adapting liability rules to the digital age and circular economy”. The initiative was prompted by an evaluation of the Product Liability Directive 85/374/EEC and addresses challenges which arise when liability rules are applied to new emerging technologies (e.g. AI, IoT, CAV). This Inception Impact Assessment proposes to adapt the framework to take into account developments related to the transition to a circular and digital economy in terms of liability for damage caused by new and refurbished products, and to address challenges associated with artificial intelligence. This includes gaps and limitations that could potentially limit the scope and effectiveness of the Product Liability Directive if applied to the mobility systems on CAV.
Furthermore, the European Commission published a proposal for a directive amending Directive 2010/40/EU on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport (“proposed ITS Directive”). The proposed ITS Directive is supposed to cover new developments such as connected and automated mobility and online platforms allowing users to access several modes of transport. The ecosystem envisaged in the proposed ITS Directive would be based on a set of standards and aims enable interoperability and continuity of ITS applications, systems and services, and therefore connectivity and data exchange between vehicles, transport providers and infrastructure operators. This shall be implemented by making essential ITS services mandatory throughout the EU.
Apart from the EU developments, the UK Centre for Connected and Autonomous Vehicles has issued a series of reports about research projects regarding CAV issues, for example, on future transport innovations, and a market forecast capturing the latest changes in the global CAV market and advances in technology.
Part III: Artificial Intelligence and Data Privacy
* * *
We will continue to closely monitor the regulatory and policy developments on IoT and CAV in EMEA – please watch this space for further updates.