The Internet of Things (IoT) has been identified as the third wave of the internet or the Fourth Industrial Revolution. Since the term was coined to describe the connection of physical objects to the internet via sensors, the IoT has transformed everyday devices into smart devices − blurring the lines between the physical, digital and biological worlds.
With 6.4 billion devices connected to the internet already and an average of 5 million new devices connecting each day, the IoT is more than a reality. Exponential growth of the IoT will have considerable consequences for the legal and insurance industries and present significant new challenges.
Apart from obvious data security and privacy concerns, numerous product and professional liability risks are emerging, some potentially overlapping. A simple software glitch or mechanical malfunction of an IoT product could result in a wide range of substantial losses. It could also make the product susceptible to an attack from an outside source, allowing hackers to control the device, potentially causing both tangible losses (such as damage to property or personal injury) and intangible losses (such as data loss, privacy invasion and reputational damage).
For example, the first IoT class action, brought in the USA in March 2015 against Toyota Motor Corporation, Ford Motor Co and General Motors LLC was prompted by studies that demonstrated that hackers could get into the controls of the vehicles, causing sudden acceleration, turns, loss of brakes, activation of the horn, faulty operation of the headlights and modification of the speedometer and gas gauge readings. Concerns about driver privacy were also identified.
Now in light of the inevitability of automated vehicles entering the market and, given the complex, intertwined associated legal issues, automated vehicles are likely to become the ‘canary in the coal mine’ for the formulation of IoT ready laws as to assumptions, allocation and apportionment of liability and insurable risk.
The question of how to insure automated vehicles has been the subject of much debate in the industry. Amongst the latest government proposals is a suggestion that car owners should buy a single policy (much as they do now) and the insurer will be able to claim from other parties in the supply chain (manufacturer, vehicle and parts providers, software developers and/or data providers) or, where applicable, argue reduction on account of contributory negligence as against the injured party.
One example of such government initiatives is the UK’s proposed Vehicle Technology and Aviation Bill 2017 (the Bill)*, which passed Second Reading on Monday 6 March 2017. According to the explanatory notes, the Bill is intended to address a number of particular market failures, which will potentially put the UK at the 'forefront of the most modern transport revolution'.
According to the Bill, insurance cover for automated vehicles must offer protection not only when the driver is in control, but also when the vehicle is driving itself. Of interest is also the provision that in the circumstances where an accident is caused wholly by the person's negligence in allowing the vehicle to drive itself when it was not appropriate to do so, the insurer (or owner of an automated vehicle) may be exempted from liability to the person in charge of the vehicle.
The Bill proposes two express exemptions to insurance cover: where the software has been illegally altered or is out-of-date, if such alterations (or failure to update software) caused or contributed to the cause of the accident.
Whilst the Bill is not yet in its final form, the idea of facilitating quick and easy access to compensation by innocent victims involved in a collision with an automated vehicle seems to be a sensible approach and one that will hopefully be replicated in other jurisdictions and, to the extent possible, in the legislation regulating other IoT devices.
Although, according to some predictions, it could be up to 10 years before automated vehicles are sold to the general public, it is reasonable to expect a lot more legislative developments in the transport industry (and in the IoT space generally), as governments across the globe gear up to meet the new challenges, which exponentially changing technologies are promising to bring in the not too distant future.
Meanwhile, insurers need to prepare for the emerging risks associated with the increased interconnectedness of devices. They need to be ready to avert possible gaps in insurance coverage in circumstances where cyber policies do not cover property damage or personal injury and where other policies, such as PL, PI, D&O and E&O policies may inadvertently cover risk, which was not intended by the underwriters.
* Detailed examination of the Bill by the House of Commons Public Bill Committee is expected to commence on Tuesday 14 March 2017. Kennedys (London) is currently preparing a submission for the Committee’s consideration and our Vehicle Technology working group will continue to monitor and report on the Bill's progress.