IoT Raises New Challenges for Assigning Liability

Current regulatory framework is outdated. What can be done?

663
 It’s the dead of winter.

As you drive on your daily commute to work, you rely on an app and road signs to show you real-time road conditions. The app and signs say the road surface is at +5°C (41°F).

So you’re fine.

But as you drive along the road, suddenly your car begins sliding on a layer of ice, out of control, and you violently slam into another car. The actual temperature on the road was closer to -5°C (23°F).

Who’s to Blame?

Fortunately you escaped injury, but that evening you wonder who’s responsible. Is it the app? The manufacturer of the sensors? The operator of the sensor network? The road operator? The third-party that provided the software? The telecoms operator that sent you the data? Or you, for simply relying too much on technology and not being more careful?

For devices that aren’t connected to the internet (i.e. “dumb” devices), product liability is usually less complicated. When you buy a product, such as a toy car, you expect it to be safe and functional. And most of all, you expect it to cause you no harm.

Manufacturers of consumer products are legally bound to make sure products are free of defects. Being in compliance with regulations, such as the EU low voltage directive, is a strong indication already that a product won’t be defective.

If a product harms its user, it’s up to the injured party to prove the causal relationship between the damage and the defective product. A product can be considered defective if it doesn’t provide the safety that the consumer is entitled to. This takes into account the reasonable use of the product and its presentation (including instructions or warnings).

In that sense, finding a relationship between harm and the defective product is definitely possible. However, in the current EU liability directive it’s not at all clear whether apps and non-embedded software are even considered products. This is also a problem for IoT, particularly with smart objects or sensors.

Human Aren’t Fully in Control Anymore

In the above scenario, the smart device (the road surface temperature sensor) sent you inaccurate information. That much is clear.

But assigning responsibility for the faulty information, and the resulting accident, is almost impossible to determine. Maybe the third-party software malfunctioned, maybe the app wasn’t functioning correctly, maybe the party that installed the sensors into the asphalt made a mistake.

With the advent of IoT and connected devices, and our increasing reliance on software, humans aren’t in full control anymore. There’s a shift in responsibility from the manufacturer of a product to multiple involved actors. Deciding who pays for the car damages becomes tricky when more than ‘just two cars’ are involved in an accident.

 

IoT For All Newsletter
Sign up for our weekly newsletter and exclusive content!

 

Currently, if a product is defective, stops working, or sends faulty information, in nearly all cases the manufacturer is liable. But as mentioned, the current regulatory framework that deals with liability is outdated.

The situation with the road surface sensor is just one of many examples that reveal the shift in responsibilities and liability from only the manufacturer to multiple parties.

Recently, the European Union started an investigative process to figure out how we should handle products that are defective because of the software that’s installed on them. The goal is to draft an updated framework that considers the connectivity of devices in relation to liability. One that, ultimately, divides responsibilities and liability neatly between the user, manufacturer, software provider, and any other players involved.

Ultimately, the Consumer Needs to be Protected

Will this all get figured out? Probably, but regulations will, for the time being, lag behind.

It’s estimated that by 2020, there will be 50 billion connected devices. That’s about 42 billion more than in 2012. The demand for a tangible solution to reduce liability is becoming increasingly pressing. At the same time, we see that new IoT technologies driving multiple applications are well ahead of standards and thus testing and certification.

So what can a manufacturer do to reduce liability right now?

The answer is relatively simple: just test, even when there is no up-to-date standard, regulation, or directive yet. Make sure your product is safe and intrinsically secure, make sure it lives up to the latest, state-of-the-art developments in the field and do whatever possible to reduce any risks.

Ultimately, the consumer needs to be protected. So it’s up to the manufacturer to find partners that can help them address everything that needs to be considered when developing a safe and secure product, from the early drawing phase to the eventual go-to-market.

By Beat Kreuter, Global Service Area Director Consumer Safety, DEKRA

DEKRA Certification B.V. is an independent third party testing, inspection, and certification body and is in no way affiliated with, nor contracted by nor otherwise linked to any of IoT For All’s sponsors nor their products.

Dekra Product Safety on IoT For All