Last modified more than a year ago

Lessons learned from evaluating CCAM projects

Regulations and Policies

Lessons learned in the field of regulations and policies were taken from an examination of CCAM projects as well as from the experiences encountered by ARCADE project partners.

Several areas related to lessons learned and regulations and policies can be found below:

  1. Complexity of the legal domain
  2. Legal aspects for experiments and legal aspects for deployment
  3. Regulation and standardisation
  4. EU-wide harmonisation
  5. Technical and behavioural aspects of regulation
  6. Specific legal requirements for (personal and non-personal) data protection
  7. Ethics

The sections below provide an overview of the areas listed above with examples linked to each of them. A comprehensive list of lessons learned deriving from CCAM projects can be found here.

1.      Complexity of the legal domain

The legal domain is often perceived as a complex, complicated and precise world. Every single word in a regulation has a meaning, is carefully selected and reviewed and by no means chosen at random. Many people are reluctant to such precision. Moreover, they often fear that regulations bring too many constraints that are not compatible with cost-efficient engineering. Therefore, they need assistance to understand the meaning of regulations and clearly see what is possible, what isn’t and what could be possible under what conditions. Both complexity and sensitivity of regulations claim for the elaboration of a crystal-clear presentation of the challenges, the expectations, and the implications of regulations. This must be done by experts in a project to ensure a full understanding and compliance to existing and forthcoming regulations.

“Due to the complexity in the legal domain and the required precision, it was important to develop a good starting point and a glossary for the general discussion with experts from different fields. This was quite a challenge, and it was very appropriate to consider this task from the beginning of the project while defining timelines and plans.”

AdaptIVe project

2.      Legal aspects for experiments and legal aspects for deployment

Many people who are not closely involved in regulations for automated driving may confuse regulations concerning experiments on open roads and regulations concerning automated driving once deployed in real-life. For example, the L3Pilot project made an overview of regulations applicable in seven countries whenever one company wishes to carry out tests with automated driving prototypes. In most countries, legislation requires specific authorisation for experimenting automated vehicles on open roads. On the other hand, Germany is the only EU Member State having established a law in 2018, which presents the conditions for allowing automated driving in the Highway Code. This particular law sets the framework for allowing automated driving on roads and does not take into consideration experiments/tests. Other EU Member States followed the German example, like France, which started issuing regulatory texts related to automated driving in 2021 and should pursue regulating in the coming years.

Subsequently, while looking at laws and regulations, one has to be very clear about whether it concerns experiments or real-life driving on open roads.

“In most countries, legislation requires specific authorisation for experimenting automated cars on open roads. For example, in France, any applicant must fill in a questionnaire and supply two dossiers, one describing the experiment in full detail and another one describing the modifications brought to a series vehicle to make it a test vehicle for automated driving functions. Both dossiers have to underline what safety actions are envisaged by the applicant to secure the experiment at the highest level (contract with road maintenance operator, description of the functional safety analysis process, explanation about who takes over the vehicle in case of a system failure, etc.).”

L3Pilot project

3.      EU-wide harmonisation

One corollary of the above topic is an increasing demand for harmonising regulations about automated driving experiments (FOTs and Pilots) in Europe. Application procedures for experiments vary from country to country and permission to carry out experiments can take months in countries where procedures are long and safety requirements are strict. These procedures could take a lot of time and effort, especially when it comes to cross-border experiments where an application is needed in two or three different countries in parallel. Therefore, a harmonised EU regulation in this field would be highly appreciated.

“More harmonised EU-wide regulation is needed to enable the implementation of pilots and integration of automated transportation in cities.”

FABULOS project

4.      Regulation and standardisation

Those who are not closely involved in regulations for automated driving may confuse between regulations and standards (e.g. ISO). Confusion is less and less frequent since familiarisation with these aspects is increasing, but still, reference to standards or legislation should be make it clear systematically, noticeably when regulation itself refers to standards.

“In the context of this type of project, having a dedicated Work Package on standardisation is highly recommended, as this also generates insights and understanding for many project partners as they develop their technologies.”

SECREDAS project

5.      Technical and behavioural aspects of regulation

There are generally two kinds of regulations involved when considering automated driving (apart from data protection): technical regulations and highway code (generally the highway code can also contain some technical considerations). In Europe, applicable technical regulations come from the UN-ECE (United Nations Economic Commission for Europe) whereas the highway code is national, but compliant to the Vienna Convention (Convention on Road Traffic, 1968) and/or the Geneva Convention (Convention on Road Traffic, 1949) for countries having signed either one of the two. Therefore, regulations must be regarded broadly, in their technical aspects as well as behavioural. Technical aspects concern the vehicle and communications, but also the road and road equipment.

“Although vehicle automation is at its start, the negative impacts of transition areas can only be avoided when specific countermeasures are initiated already now. This especially includes legal aspects like the definition of special signage for automated vehicles and their handling, as those aspects will take time. This also means signage at the roadside, including VMS content, and signage from automated vehicles to surrounding traffic.”

TransAID project

“Regulation on national, European and international level for external HMI components and indication for automated vehicles would be needed to allow easy-to-learn, comprehensible information transfer to other road users, interACT results were shared with the relevant regulation bodies but future projects should further contribute to this discussion as many research questions and details are not yet explored.”

interACT project

6.      Specific legal requirements for data protection

The General Regulation on Data Protection (GDPR) applies from 25 May 2018 onwards. This Regulation is intended to frame the processing of so-called personal data, i.e. data allowing the direct or indirect identification of a person. Automated vehicles are likely to process a certain amount of personal data and shall therefore comply with the principles and requirements set by the Regulation. In particular, the data collected must be proportionate to the purposes announced and be processed safely. Moreover, the consent of the driver shall be obtained before processing his/her data, after he/she has received proper and transparent information (unless the data collection is imposed by law).

This Regulation assigns responsibilities and liabilities. It is of high importance regarding the protection of personal data. Even complex and still debated on details and specific topics (such as research, which receives special attention and exemptions), companies have established rigorous processes to comply with the Regulation, including data security with new physical and organisational requirements. These requirements are necessary but sometimes costly. In order to save time and reduce costs, privacy by design should become a standard..

“The only way of managing this liability risk in data management is to ensure processes conform with the over-arching provisions of the GDPR from acquisition to destruction. At each stage of the development of the technology, the privacy impact consideration needs to be addressed.”

Cloud LSVA project

7.      Ethics

Ethics is a key aspect in automated driving and ISO is now preparing a standard concerning automated driving and ethics. A few years back, the “trolley problem” was popular since the public wondered how a machine would react in case of a dilemma, in a close-to-accident situation (see for example This flagship of the ethics area has now disappeared and Europe and some EU Member States like France and Germany started publishing white papers on ethics that overcome this theoretic ‘trolley problem’. Particular attention should be allocated to ethics and its real concerns that are presented in the references below.

Ethics Commission Report on Automated and Connected Driving, Germany

Ethics of connected and automated vehicles – Recommendations on road safety, privacy, fairness, explainability and responsibility, European Commission

Feedback form

Have feedback on this section??? Let us know!

Send feedback


Please add your feedback in the field below.

Your feedback has been sent!
Thank you for your input.

An error occured...
Please try again later.