• AXA calls for clarity on data sharing and cyber security to drive forward the driverless cars revolution

    July 6th 2017. Posted in Corporate

    AXA is calling on the government to clarify the rules on the sharing of data for autonomous vehicles and for the development of cyber security standards. This is fundamental to support the development and exploitation of the technology required to maintain the future of driverless cars.

    In a report, jointly produced by AXA, insurance lead in the Flourish driverless cars consortium, along with independent UK law firm Burges Salmon, it identifies the emerging issues relating to the evolution of Connected & Autonomous Vehicles (CAVs) and makes recommendations pertaining to investment, data and cyber security that will contribute to the next stage of driverless vehicles development.

    The transport sector is undergoing a period of unprecedented technological change, which has the potential to open up new opportunities for UK growth and improve accessibility to better meet the needs of the customer.

    David Williams, Technical Director, AXA said:

    “Connectivity is fundamental to the evolution of the transport ecosystem but brings with it new and emerging risks, such as cyber security and data protection.

    “The fact is the emerging CAV ecosystem is bigger than any one industry. If we genuinely believe in the societal benefits CAVs can bring then it is incumbent on motor manufacturers, infrastructure providers and transport network operators to standardise and allow access to crucial data. That way, the relevant third parties such as insurers and the emergency services will be able play their part in the event of an accident.

    “If we are serious about a world in which children born today will never need to take a driving test then we need to get CAV cyber security and data protection right.”

    Chris Jackson, Head of Transport at Burges Salmon, comments:

    "From the legal perspective, we've picked some calibrated recommendations in specific areas because it's a huge area of importance. It's difficult to identify the specifics so we've broken it down into two parts.

    “Firstly security - will this be categorised as operators of essential services and the cyber strategy that flows from that. Secondly, data - there are specifics measures that apply to specific data to draw that balance between usability and the effectiveness of the system opening up the competition but also protecting people's data. Who is processing it, what is the position of an operator, what is the regulation, what is the basis of consent? For example, do people have the right to turn off location services if they are an effective part of making the system safe? The temptation is for all parties to look at data as one amorphous lump but it's much wider than that and that's what we're working to resolve."

    The Flourish consortium is looking at the development in user-centric autonomous vehicle technology and connected transport systems. The programme, co-funded by the UK’s innovation agency - Innovate UK, focuses on the core themes of connectivity, autonomy and customer interaction.

    To access a full copy of the report, please click on the following link: www.flourishmobility.com/publications 

    In the report, AXA and Burges Salmon recommend the following measures:


    • The Government should consult on the implications of the General Data Protection Regulation for connected and autonomous vehicles and access to data for third parties, as this will play a crucial role in the development of the technology. In particular, the Government should look at how the system of data controllers and processors will work in the context of autonomous vehicles; whether the standards of consent are appropriate in this context; and what role encryption can and should play in relation to CAV data.
    • The ICO should produce further guidance on whether CAV data falls into either data processes for public health purposes in the public interest or for archiving purposes in scientific research, in order to clarify the extent of the ‘right to be forgotten’ in this area.
    • The Government should clarify its position on security services or other regulatory access to encrypted data, in order to allow for any need for security services or regulators to access CAV data to be taken into account during the development of the technology.


    • The ICO should clarify what form of consent is required for use of ‘Special Categories’ under the GDPR, including whether or not an individual can provide consent on behalf of another individual.
    • DCMS should work with stakeholders to establish necessary alternative legal bases to consent or permitted use for the processing of CAV data, for example where data is required to ensure the safety of CAVs.

    Cyber Security

    • The Government should also consult on cyber security issues raised by a connected transport ecosystem, to ensure that the unique risks are understood and the appropriate safeguards put in place when the technology is rolled out.
    • The Government should clarify whether CAV operators will be designated as “operators of essential services” within the UK and therefore whether they are required to comply with the NIS Directive, including in the light of the Brexit negotiation outcome.
    • The Government should clarify in other respects how it would intend to regulate the standards and operation of CAVs and CAV systems as they relate to data and data security so that they can be incorporated by design.
    • Government and Industry should consider potential approaches to approvals and regulation of the supply chain including parts and maintenance organisations. This should draw on experience in equivalent industries and transport modes such as Rail (for example the approval of Entities in Charge of Maintenance) and Aviation (Maintenance Organisation Approvals and Production Organisation Approvals).


    • The Government should continue to invest in the development of CAV technology, including through funding for creation of test facilities, and industry-led research and development projects.
    Media Contacts 
    Notes for Editors 

    AXA is involved in three other government funded autonomous vehicle trials:

    The Venturer consortium is trialling autonomous vehicles in the Bristol and South Gloucestershire council areas to explore the feasibility of driverless cars in the UK. The project will investigate the legal and insurance aspects of driverless cars and explore how the public react to such vehicles.

    UK Autodrive is a three year programme led by engineering and consultancy firm, Arup. The consortium - which includes forward thinking local authorities, the UK’s leading technology and automotive businesses and academic institutions - will develop autonomous vehicle technologies and integrate driverless vehicles into existing urban environment.

    CAPRI will deliver a pilot scheme that could pave the way for the use of connected and autonomous vehicles to move people around airports, hospitals, business parks, shopping and tourist centres.

    About FLOURISH

    FLOURISH is a multi-sector collaboration, helping to advance the successful implementation of Connected and Autonomous Vehicles (CAVs) in the UK, by developing services and capabilities that link user needs and system requirements. The three year project, worth £5.5 million, seeks to develop products and services that maximise the benefits of Connected and Autonomous vehicles for users and transport authorities. By adopting a user-centred approach, FLOURISH will achieve a better understanding of consumer demands and expectations, including the implications and challenges of an ageing society.

    FLOURISH will address vulnerabilities in the technology powering CAVs, with a focus on the critical areas of cyber security and wireless communications. The project is trialled in the Bristol and South Gloucestershire region and is part funded from the government's £100 million Intelligent Mobility fund, which is administered by the Centre for Connected and Autonomous Vehicles (CCAV) and delivered by the UK's Innovation Agency, Innovate UK.

    About AXA

    The AXA Group is a worldwide leader in insurance and asset management, with 166,000 employees serving 107 million clients in 64 countries. In 2016, IFRS revenues amounted to Euro 100.2 billion and IFRS underlying earnings to Euro 5.7 billion. AXA had Euro 1,429 billion in assets under management as of December 31, 2016. In 2016 Interbrand ranked AXA the 1st insurance brand worldwide for the 8th consecutive year.

    In the UK AXA operates through a number of business units including: AXA Insurance, AXA PPP healthcare and AXA Ireland. AXA employs over 10,000 staff in the UK.

    The AXA ordinary share is listed on compartment A of Euronext Paris under the ticker symbol CS (ISN FR 0000120628 – Bloomberg: CS FP – Reuters: AXAF.PA). AXA’s American Depository Share is also quoted on the OTC QX platform under the ticker symbol AXAHY.

    The AXA Group is included in the main international SRI indexes, such as Dow Jones Sustainability Index (DJSI) and FTSE4GOOD.

    It is a founding member of the UN Environment Programme’s Finance Initiative (UNEP FI) Principles for Sustainable Insurance and a signatory of the UN Principles for Responsible Investment.