By Mark Schaub and Atticus Zhao, Corporate & Commercial Group, King & Wood Mallesons

A major concern for car manufacturers in China has been – assuming we can develop autonomous cars – will we also be able to sell them? This question arises because of China’s stringent registration process in respect of motor vehicles.

On 7 April 2021 it appeared that car manufacturers received an answer when the Ministry of Industry and Information Technology (“MIIT“) released the Draft Guide for the Administration of the Admission of Intelligent and Connected Vehicle Manufacturers and Products (for Trial Implementation) (the “Draft Admission Guide“) for public comment.[1]

China’s dual admission administration for motor vehicle manufacturers and motor vehicles i.e. motor vehicle manufacturers can only manufacture motor vehicles after both (i.e. vehicle and manufacturer) have been issued with admission permits. MIIT grants admission to specific motor vehicles by means of a public announcement.

The Draft Admission Guide, when it will be officially released, will provide the rules that will govern the admission of autonomous cars in China. This is crucial as admission establishes a legal basis for mass production of autonomous cars in China.

This article will provide an introduction and brief commentary on the main provisions of the Draft Admission Guide.

1. Applicable level of automation

The Draft Admission Guide applies to autonomous cars that are equipped with conditional automated driving functions and highly automated driving functions.

The terms conditional automated driving and highly automated driving are defined in a manner which largely corresponds to the commonly used Level 3 and Level 4 automation defined by the SAE International. At present the Draft Admission Guide has not incorporated Level 5 automation (i.e. fully automated driving) into the scope of admission. Accordingly, this is a signal to manufacturers that Level 5 will likely take some time yet. This should come as no surprise as it is consistent with market expectations.

2. Safety requirements for manufacturers of autonomous cars

The Draft Admission Guide sets out safety requirements for autonomous car manufacturers. These requirements are specified in the form of annex, including (i) functional safety and expected functional safety requirements; (ii) cybersecurity requirements; and (iii) management of software updates.

Issues of particular note include:

(1) Cybersecurity

Autonomous car manufacturers are required to comply with China’s cybersecurity laws and regulations, establish a cybersecurity protection system that covers the entire lifecycle of the autonomous car, take necessary measures to effectively respond to cybersecurity incidents, and protect cars and connected infrastructures from attacks, intrusions, interference and damages.

The Draft Admission Guide further stipulates that autonomous car manufacturers are required to establish a real-name registration system for telematics cards so that car purchasers must register their true user identity information, and cooperate with telecom providers to implement a real-name registration.

The interconnectivity software required to operate autonomous cars is a clear threat to cybersecurity. The Draft Admission Guide specifically requires autonomous car manufacturers to adopt necessary cybersecurity protection management and technical measures to enable an OTA (Over-The-Air) upgrade service platform. In addition, manufacturers will be required to conduct security testing of upgraded software to ensure the security of OTA upgrades.

Cybersecurity is an important challenge for autonomous cars and their manufacturers. The cybersecurity requirements emphasized by the Draft Admission Guide are consistent with a number of jurisdictions.[2]

(2) Data localization

By their very nature autonomous cars are equipped with various sensors, including multiple cameras. Their operation involves the collection of massive amounts of personal information as well as information relating to the road environment. As a result of the massive amounts of data generated, protection of personal information and data security is an important regulatory issue.

Data is also a complex issue for companies acting globally as it can be often unclear whether information generated or collected in China can be transferred overseas for processing. The Draft Admission Guide brings clarity in such regard (at least in respect of autonomous cars) – personal information and important data collected and generated in the course of operation in the PRC must be stored within the territory of PRC in accordance with relevant regulations. If, due to business needs, it is necessary to transfer data overseas then this shall be reported to the competent authorities of the industry. This is largely in line with the direction of China’s data laws.

China’s regulatory requirements for online car-hailing platforms contain similar provisions regarding data localization. The Interim Measures for the Administration of Online Taxi Booking Business Operations and Services clearly stipulate that “online car-hailing platforms shall comply with the relevant national regulations on cybersecurity and data security, and the personal information collected and business data generated shall be stored and used in China for a period of no less than 2 years. The aforementioned information and data shall not be transferred unless otherwise provided by laws and regulations.” [3]

This is also underscored by the Cybersecurity Law which explicitly requires operators of critical information infrastructure to store personal information and important data collected and generated in the course of their operations in the PRC within the territory.[4] The in-country storage requirements set out in the Draft Admission Guide will lead to concerns for car manufacturers as to whether they will be considered to be critical information infrastructure operators.

Beyond restrictions on transferring and storing of data the Draft Admission Guide also requires autonomous car manufacturers to follow the law when collecting, using and protecting personal information. The car manufacturers are also obliged to implement a data classification and grading management system and develop a catalogue for important data.  The Draft Admission Guide also puts manufacturers on notice to ensure no leaks of any sensitive information occur which relate to national security concerns. As there are no specific provisions which have been issued in respect of the definition of important data in the Cybersecurity Law and other regulations, it is unclear at present how autonomous car manufacturers will develop such a catalogue for important data.

3. Admission requirements for autonomous cars

The Draft Admission Guide sets out the following admission requirements for autonomous cars:

(1) Operational design condition and risk minimisation operations

Autonomous cars “shall specify their automated driving functions and operational design conditions. The operational design conditions shall include the operational design range, vehicle status, driver status and other necessary conditions. The operational design conditions shall include, but not be limited to, roads, traffic, electromagnetic environment, weather, and lighting.”

The Draft Admission Guide further requires that autonomous cars “be capable of automatically detecting the failure of the automated driving system and whether the operational design conditions remain continuously met, and shall be capable of taking risk mitigation measures to reach a minimal risk level.”

(2) Human-machine interaction functions

Autonomous cars “shall be equipped with human-machine interaction functions and display the operational status of the automated driving system, and shall be capable of monitoring driver engagement behaviour. Where dynamic driving tasks require driver’s participation, the driver’s capability to perform the corresponding driving task shall be assessed. The car shall be able to interact with other road users reasonably by using light signals, sound and other means in accordance with the law.”

(3) Data logging and storage

Autonomous cars are required to “have event data logging and automated driving data storage functions. The data collected and logged shall include at least the operational status of the automated driving system, driver status, driving environment information, and vehicle control information, and shall meet relevant performance and safety requirements to ensure the integrity of the data logged by the device in the event of an accident.”

Event data logging and automated driving data storage functions are crucial for determining liability in the event of a road traffic violation or accident involving an autonomous car.

(4) Process assurance requirements and testing requirements

The Draft Admission Guide requires autonomous cars to meet process assurance requirements such as functional safety, expected functional safety and cybersecurity, and specifically set out the process assurance requirements.

The Draft Admission Guide further requires autonomous cars to meet testing requirements for simulation, closed fields, real-world roads, cybersecurity, software upgrades and data storage to avoid foreseeable and preventable safety incidents within the cars’ operational design conditions.

4. Conclusion

China has accelerated its promulgation of laws, regulations, policies and standards related to autonomous cars in 2021. The Draft Admission Guide coupled with the Draft Regulations of Shenzhen Special Economic Zone on the Administration of Intelligent and Connected Vehicles for public comments and the Draft Proposed Amendments of the Road Traffic Safety Law issued by the Ministry of Public Security of China indicate that law makers are seeking real life solutions to the soon to be reality of autonomous cars.

The Draft Admission Guide sets out a commercial case for autonomous cars as it sets admission conditions for autonomous cars and their manufacturers. These requirements understandably centre on the core issues of safety and security. Further, and underscoring safety concerns, at present the authorities are only considering mass production of Level 3 and Level 4 autonomous cars in China. Level 5 autonomous cars are expected to be some way down the track.

[1] https://www.miit.gov.cn/jgsj/zbys/qcgy/art/2021/art_67412baef004441a9cafe0a440a928a2.html

[2] Please refer to our article on cybersecurity for self-driving cars-  https://www.chinalawinsight.com/2018/02/articles/corporate-ma/blockchain-an-achilles-boot-for-self-driving-cars/

[3] Interim Measures for the Administration of Online Tax Booking Business Operations and Services, Article 27.

[4]  Cybersecurity Law Article 37.