The Liability for Cybersecurity Breaches of Connected and Autonomous Vehicles

Connected and autonomous vehicle (CAV) use, having been tested in various cities around the world and adopted in many areas through public transport, is being prepared for private sector use. The connected dimension of CAV provides for the vehicle to communicate with other vehicles and local infrastructure to operate in a safe manner. Yet, it is this communication of data and operation through software which causes potential problems in the event of the software suffering from unlawful modification (hacking). The consequences of a CAV being hacked could result in its features being compromised resulting in accidents, damage, financial loss, deaths and personal injury. It is also likely that hacking will affect fleets of vehicles operating on the same software version rather than individual vehicles. In this paper we argue there is a need for a strategy to determine how responsibility for the damage and loss caused following the mass hacking of CAVs is to be apportioned. This discussion is presently missing in the evolving literature on CAV maturity and we conclude that a national compensatory body offering a guarantee fund from which victims may seek redress would provide the most appropriate solution for all stakeholders.