The Recorder

Each year, more connected and autonomous vehicles (CAVs) enter the road, yet the governing legal framework seems to lag behind. This is particularly true for cybersecurity and privacy. While several jurisdictions have recently released voluntary guidelines or draft bills on cybersecurity, binding privacy regulation remains overdue. This article compares privacy regime in Germany, United States, and China, and purports to inform global CAV players, users, and others what to anticipate in this hot yet gray space.

Woman in self-driving car

The Unique Nature of Intelligent Vehicles Thanks to rapid innovations in Internet of Things, sensor technologies, and data analytics, traditional automakers have allied with technology leaders in a manic race to build intelligence into driving machines from connected cars to autonomous vehicles (AVs). Intelligent vehicles are only starting to evolve, yet already they generate a complex array of cybersecurity and privacy issues.

CAVs are particularly vulnerable to cybersecurity attacks. A modern car has 50 to 150 electronic control units, each with roughly 100 million lines of code and potentially 1.5 million bugs ripe for exploitation. The addition of mobile, wireless, and Internet technologies needed to turn a car into a CAV opens up countless new access points for hackers. These vulnerabilities are multiplied by a highly fragmented supply chain with over 20 different suppliers (more than a mobile phone) where imperfect parts integration may lead to further compromises.

Download the PDF to learn more!