BCL partner, Richard Reichman and solicitor, Suzanne Gallagher consider the review into the UK’s regulatory framework for autonomous vehicles by the Law Commission of England and Wales and the Scottish Law Commission.
As part of the government’s desire to make the UK a leading destination for the development of autonomous vehicles, a review is being undertaken by the Law Commission of England and Wales and the Scottish Law Commission. A joint preliminary consultation paper (‘the Paper*’) was recently published in which they explore the challenges in regulating this nascent technology. This is the first time they have explored how the law should be adapted to circumstances that (in the main) do not yet exist, which presents its own unique challenges. Their approach has been to ask open questions and make tentative proposals but not to form any definitive view at this early stage. It is hoped that this approach will generate focused and critical feedback that will feed into further consultation before making final recommendations by March 2021.
The Paper considers how the regulatory framework may need to be adapted for self-driving vehicles. As part of that review, they consider critical questions for lawmakers regarding how to regulate corporates in the automated vehicle sector and the allocation of criminal responsibility between the driver (or ‘user in charge’, when the automated system is in operation) of the vehicle, and the manufacturer or developer.
It is tentatively proposed that automated driving systems would only be allowed where they are authorised. The Paper envisages an “Automated Driving System Entity”, which is described as “the organisation putting the system forward for authorisation”, which would have legal responsibilities to ensure that the systems are safe and be subject to a system of regulatory sanctions (for example, improvement notices, fines and, where appropriate, withdrawal of approval) if the vehicle functions in a way which would be considered a criminal offence if a human was driving.
A number of possible safety assurance mechanisms are explored including both self-certification and third party testing. The Paper refers to the approach proposed by the Australian authorities, which, alongside self-certification against fixed criteria, includes a primary safety duty, described as “an overarching and positive general duty…to ensure the safety of automated driving system so far as reasonably practicable”. This is language which will be familiar from the UK’s well-established health and safety legal framework.
Whilst it is uncontroversial that drivers should continue to be liable for offences (mostly under the Road Traffic Act 1988) committed when the vehicle is under their control, a more challenging conundrum is how criminal liability will be determined when an automated driving system is engaged. In those circumstances, the Paper tentatively proposes that the ‘user in charge’ of the vehicle should be able to rely on a legal ‘safe harbour’ i.e. they should not be criminally responsible for offences regarding the way a vehicle is driven whilst in automated mode.
When considering criminal liability for accidents resulting in death or injury, the Commission notes that it would be possible to apply the law as it currently stands to certain situations involving automated vehicles. The offence of gross negligence manslaughter could extend to those who are “grossly negligent in installing (or failing to install) software, in servicing vehicles, or in interfering with vehicles or roads”.
The Paper states that a conviction for corporate manslaughter would be possible for an organisation developing automated driving systems; the way in which its activities were managed or organised would need to cause a death and amount to a gross breach of a duty of care (the duty of care relating to supplying goods or services is referenced). Failings by senior management would need to be a substantial element of that breach. The challenges faced by prosecutors in securing convictions for corporate manslaughter are noted; most companies convicted of corporate manslaughter have been small or medium-sized where it is easier to point to failings by senior managers who are intimately involved in day-to-day decisions than in large companies with complex management structures. A further problem raised is that the offence only applies to fatalities; there is no equivalent offence which would apply to serious injuries.
The Paper poses the question whether new criminal offences are required for corporates when their “wrongs…result in death or serious injury”. If so, several possible models which could be followed are listed. As well as considering the possibility of the familiar general duty of safety model, as outlined above, the Paper refers to a ‘failure to prevent’ offence as a possible model to follow.
‘Failure to prevent’ offences are a novel extension of the criminal law to address difficulties in attaching criminal responsibility to corporate entities due to the ‘identification principle’ (in order to establish corporate criminal liability for mens rea offences, this principle requires the prosecution to first establish that an individual who was a ‘directing mind’ of the corporation committed the offence). To date, there have only been a small number of ‘failure to prevent’ offences which relate solely to specific instances of financial crime (partly justified on the basis of the intended benefit to the organisation). Such offences have been drafted on the basis of a corporate failing to prevent a predicate offence (i.e. bribery or facilitating tax evasion) by an associated person (this is widely defined and includes employees or agents) with a defence of having in place adequate/reasonable procedures. In contrast to corporate manslaughter, which was also intended to address problems with the ‘identification principle’, ‘failure to prevent’ offences do not require the identification of any senior management failings.
There have been repeated and ongoing calls to extend failure to prevent criminal liability to other areas of financial crime. There does not appear to have previously been any consideration of utilising such offences beyond financial crime.
At this early stage, the Paper only sets out a summary of the Bribery Act ‘failure to prevent’ offence by way of an example and so it is unclear how it is envisaged that a ‘failure to prevent’ offence may function in this context. If ultimately pursued, this has the potential to be a radical departure from the existing operation and justification of ‘failure to prevent’ offences and a further extension of corporate criminal responsibility, making convictions and associated penalties more likely.
The appropriate regulatory regime to enable the safe introduction of autonomous vehicles that are controlled by artificial intelligence and machine learning with little or no human intervention, whilst not stifling innovation, clearly necessitates the type of careful review envisaged. The responses to the preliminary consultation (by 8 February 2019) and further consultations carried out during the review will be crucial in informing the debate. The possibility of new corporate offences, which could have more general application or be a precedent for subsequent change, means there may be wider implications for the ongoing evolution of corporate criminal liability.
*The preliminary consultation paper (‘the Paper’) can be found here on the Law Commission’s website.
Richard Reichman is a partner specialising in corporate crime, financial crime and regulatory investigations. He is recommended by The Legal 500 for his “extensive experience” and being “extremely thorough and appreciat[ing] the big picture issues”. He has experience in a broad range of regulatory offences, such as health and safety (generally following major or fatal incidents), environmental, food safety, fire safety and trading, as well as financial offences such as fraud, bribery, insider dealing and money laundering. Richard is involved in cases involving cybercrime (for example, computer-specific offences such as hacking) or a technological dimension. He has acted for victims of cybersecurity breaches and advises regarding data protection issues falling within the scope of the Information Commissioner’s Office.
Suzanne Gallagher is a solicitor specialising in corporate crime. Since qualifying in 2016, she has gained experience in a variety of regulatory and criminal investigations including health and safety, environmental protection, fire safety, fraud and money laundering. Prior to joining private practice, Suzanne worked in facilitating regulatory harmonisation in the European Union and in promoting international legal standards at the United Nations. She also worked in the pharmaceuticals industry in Tokyo.