Kennedys backs combination of criminal and regulatory regimes to help build confidence in driverless public transport

We have recommended that new criminal offences dealing with cyber-attacks on buses, taxis and other forms of driverless public transport will be needed as the technology emerges, in our response to a Law Commission consultation.

In our response, we have also said operators of driverless public transport should take personal responsibility for their safety as part of the protections needed to build consumer confidence in the concept.

We highlighted the importance of bringing public sentiment along with technological development in our response to a Law Commission consultation on the regulation of what is referred to as Highly Automated Road Passenger Services, or HARPS.

This refers to a service which uses highly automated vehicles to supply road journeys to passengers without a human driver or user-in-charge with legal responsibility for its safety.

Government-led education of the public is required to avoid the very real possibility that the public will take a negative view of autonomous vehicle technology, and thereby inhibit rollout and public uptake and trust

We acknowledge that there will be many challenges in implementing passenger-only transport services, not least ensuring safety, accessibility for all, and data privacy to name a few.

“The approach taken to meet these challenges will ultimately determine consumer acceptance and the extent to which these new services will be successfully adopted,” our response says. “Achieving ‘a transport system that works better for disabled and older people’ must underpin the regulatory framework and the importance of co-design and consultation with vulnerable users cannot be overstated.”

But equally, we feel that “autonomous vehicles represent opportunities to unlock new capacity in urban transport systems by improving efficiency within the existing infrastructure, potentially reducing the need to invest billions in new metro or rail systems, and support the green agenda”.

The response highlights the variety of cyber-risks involved in autonomous vehicles, such as data theft, malware/ransomware attacks and even state-sponsored attacks to block Wi-Fi and other communications channels such as GPS to halt a HARPS public transport network in a large city.

Research we have done shows that, alongside the regulatory review, the views of a large cross-section of society in the UK must be monitored

We have said: “Given the potential harm that could be suffered by passengers if HARPS vehicles became compromised, it is likely that criminal regulation will need to evolve to create new offences to catch this type of danger/disruption.

“If route data and tracking data is compromised this could have serious implications on the safety and security of the UK’s infrastructure. Currently there is not adequate criminal regulation to prosecute individuals who compromise such systems; this is also a problem that arises in respect of drone technology.”

Our response supports the proposal for a single standardised national system of operator licensing, but says the regulatory regime must balance strict requirements focused on passenger safety with sufficient flexibility to accommodate innovative change and development.

We say: “By way of example, the regulations could implement a similar regime to that of the Financial Conduct Authority’s Senior Manager and Certification Regime, in that the relevant principle may be ‘passenger safety’. In so doing, HARPS operators would be required to identify a senior manager, ultimately responsible for the safety compliance of the HARPS vehicle(s), and to whom a sub-category of senior staff would report to in respect of the specific elements necessary to achieve that compliance.”

This would mean an employee responsible for insurance, an employee responsible for software updates, an employee responsible for hardware updates/maintenance, and so on.

The operator would also be required to demonstrate that it has taken and will proactively take substantive action to ensure passenger safety. “This way, regulation will be better placed to keep pace with technology and not pose a barrier to innovation.”

Deborah Newberry, Head of Corporate and Public Affairs at Kennedys, says: “Research we have done shows that, alongside the regulatory review, the views of a large cross-section of society in the UK must be monitored. Government-led education of the public is required to avoid the very real possibility that the public will take a negative view of autonomous vehicle technology, and thereby inhibit rollout and public uptake and trust.

“The fact is that the world is on the cusp of a transport revolution: one in which machines will increasingly take control from humans. That shift raises fundamental concerns around public safety and where the liability rests when accidents occur.

“It also means a major shift in the amount of data that is collected by vehicles, and how that data is stored and used. Faced with these challenges, we need both criminal and civil measures of the kind we have outlined. But decision-makers cannot forget that the views of end-users will be integral to deciding the scale and speed at which markets choose to adopt autonomous vehicle technology.”


Our engagement in the motor insurance market led to the publication of our second report on the topic of autonomous vehicles (AVs). This latest report is one of the largest on the topic and the first to explore public support for all autonomous vehicles; not just driverless vehicles. This can be downloaded via the link below.