In a rare display of bipartisanship, the U.S. House of Representatives has passed a bill that will speed the development of self-driving automobiles. On September 6, 2017, the House unanimously passed the Safely Ensuring Lives Future Deployment in Vehicle Evolution Act (SELF-DRIVE Act).

Among other things, the SELF-DRIVE Act delineates the Federal Government’s roles in overseeing safety, testing, cybersecurity, and privacy matters of self-driving cars, mandates actions from auto manufacturers, and examines IoT component standards. The bill also preempts state laws that conflict with the Act and regulations that result from it.

The U.S. Senate is currently working on a companion bill, and reconciliation of the two bills is expected to rapidly proceed.

IoT Market Should Thrive Under this Bill

Congress’ newly reinvigorated efforts to hasten the deployment of self-driving cars has been cheered by suppliers of IoT self-driving car components, including software, sensor, and semiconductor manufacturers.

For example, a recent study by a reliable market research company concluded that the world market for automotive semiconductors will grow from the 2015 level of $30.3 billion to $41 billion in 2020. Markets for self-driving auto sensors and cameras are also expected to grow exponentially.

More Regulations for Auto Manufacturers and IoT Component Suppliers

While IoT component manufacturers should do quite well under the SELF-DRIVE Act, self-driving auto manufacturers will be subject to many new regulations. IoT components used in self-driving cars may also be subject to new standards. Nonetheless, there is much in the bill that will help make the U.S. a prime market for self-driving cars, as well as an important industry location for them.

Key Provisions of the SELF-DRIVE Act

Exponential Increase in Self-Driving Car Permits

The bill will increase the number of annual self-driving car permits granted by the National Highway Safety Administration (“NHTSA”) to auto manufacturers. The current limit is 2,500; under the bill that will increase to 25,000 in the first year after passage, up to 100,000 after three years.

Manufacturers will also be granted renewal expectancy. In order to obtain permits, manufacturers will need to demonstrate certain safety standards in their self-driving cars. Manufacturers will also be required to provide NHTSA with reports about any and all crashes in which their “permitted vehicles” are involved.

Federal Preemption of Conflicting State Laws

Under the bill, NHTSA will oversee and regulate the design, construction and performance of self-driving cars; all conflicting state laws will be preempted. This will create a uniform set of regulations; exempting auto and IoT suppliers from having to comply with a patchwork of state regulations. States will retain jurisdiction over insurance, safety and emissions inspections, insurance, and registration matters.

New Safety Standards

The SELF-DRIVE Act directs the Secretary of Transportation (“SoT”) to, within two years after the bill’s passage, issue a final rule requiring self-driving auto manufacturers to submit assessment certifications to NHTSA regarding how they are addressing safety issues that arise in their vehicles.

The bill also mandates that within one year after passage, the SoT must submit a rulemaking and “safety priority plan” detailing NHTSA’s safety priorities to both houses of Congress and the public. In addition to the safety priorities, the plan and rulemaking will contain information about objectives for additional performance standards of testing self-driving cars. IoT equipment standards will likely be updated as safety and performance standards of human-machine interface, sensors, actuators, and software will be evaluated.

The subject rulemaking proceeding must be initiated 18 months after passage of the bill. The safety priority plan will be updated every two years, or more frequently as determined by the SoT.

Cybersecurity

The bill requires that all self-driving auto manufacturers develop a written cybersecurity policy that details the manufacturer’s practices for detecting and responding to cyberattacks. The policy must include:

A process for identifying, assessing, and mitigating reasonably foreseeable vulnerabilities from cyberattacks and unauthorized intrusions;

A process for taking preventative and corrective actions against vulnerabilities, including response plans, intrusion detection, and prevention systems;

Identification of a cybersecurity officer and point of contact for cybersecurity matters;

A process for limiting access to automated driving systems; and

A process for employee training and supervision for implementation and maintenance of the company’s cybersecurity policy.

Privacy

The SELF-DRIVE Act also requires self-driving auto manufacturers to develop a written privacy plan to protect sensitive information about owners, operators, and occupants of self-driving cars. This privacy plan requires manufacturers to delineate the following:

Practices concerning how pertinent information is collected, used, stored, and shared;

Choices offered to vehicle owners, operators, and occupants concerning the collection, use, storage and sharing of their information;

Data minimization, de-identification, and retention of information about the owners, occupants, and operators of their cars; and

Method(s) for providing notice to affected parties about the company’s privacy policy.

Violations of the bill’s privacy requirements will be treated as unfair or deceptive acts or practices under the Federal Trade Commission Act. As such, the Federal Trade Commission will enforce the bill’s privacy provisions.

Consumer Information Notice Requirements

The bill tasks the SoT with conducting a study on the most effective means of informing consumers of the capabilities and limitations of self-driving cars. After the study is completed, the SoT will initiate a rulemaking proceeding to require manufacturers to inform consumers about the capabilities and limitations of their cars.

Industry Council

Within six months of enactment, the SELF-DRIVE Act requires the SoT to establish within the NHTSA a “Highly Automated Vehicle Council.” The Council’s duties include gathering information, developing technical advice, and presenting best practices recommendations to the SoT regarding all manner of regulatory concerns of self-driving cars…

The Council will include representatives from industry, academia, state and local authorities, engineers, consumer and safety advocates, environmental experts, and the NHTSA.

Senate Actions

In addition to drafting a companion bill to the SELF-DRIVE Act, the U.S. Senate is in the process of conducting hearings on regulating self-driving trucks and other commercial vehicles. The most recent hearing examined the benefits of automated truck safety technology, as well as the potential impact on jobs and the economy.

Senator John Thune (R-S.D.), Chairman of the Senate Committee on Commerce, Science, and Transportation has stated that the inclusion or exclusion of trucks, buses, and other heavy duty vehicles has been a key topic of discussion in the ongoing bipartisan efforts to implement self-driving vehicle legislation.

Attention to Self-Driving Car Legislation is Critical

Congress has prioritized self-driving vehicle legislation. With broad support from heavy hitters from Silicon Valley and Detroit, a final bill could be ready for the President’s signature within a matter of months. The resulting law and the regulations promulgated as a result will surely impact the IoT industry in a big way.

IoT components will be an important part of the safety, cybersecurity, and privacy aspects of the SELF-DRIVE Act and related legislation. Marashlian & Donahue is keeping a close watch on all developments and will be providing updates to interested parties on a regular basis.