Request for Public Comments on NHTSA Enforcement Guidance Bulletin 2016-02: Safety-Related Defects and Emerging Automotive Technologies, 18935-18939 [2016-07353]

Download as PDF Federal Register / Vol. 81, No. 63 / Friday, April 1, 2016 / Notices • Medical Direction; • Education Systems; • Public Education; • Prevention; • Public Access; • Communication Systems; • Clinical Care; • Information Systems; • Evaluation. In 2014, NEMSAC recommended that NHTSA undertake a major revision of the EMS Agenda. NHTSA, on behalf of FICEMS, intends to work closely with EMS stakeholders in revising the EMS Agenda. It is anticipated the revised EMS Agenda will envision the evolution of EMS systems over the next 30 years. asabaliauskas on DSK3SPTVN1PROD with NOTICES Questions on the Proposed Revision of the EMS Agenda Responses to the following questions are requested to help plan the revision of the EMS Agenda. Please provide references as appropriate. 1. What are the most critical issues facing EMS systems that should be addressed in the revision of the EMS Agenda? Please be as specific as possible. 2. What progress has been made in implementing the EMS Agenda since its publication in 1996? 3. How have you used the EMS Agenda? Please provide specific examples. 4. As an EMS stakeholder, how might the revised EMS Agenda be most useful to you? 5. What significant changes have occurred in EMS systems at the national, State and local levels since 1996? 6. What significant changes will impact EMS systems over the next 30 years? 7. How might the revised EMS Agenda support the following FICEMS Strategic Plan goals: a. Coordinated, regionalized, and accountable EMS and 9–1–1 systems that provide safe, high-quality care; b. data-driven and evidence-based EMS systems that promote improved patient care quality; c. EMS systems fully integrated into State, territorial, local, tribal, regional, and Federal preparedness planning, response, and recovery; d. EMS systems that are sustainable, forward looking, and integrated with the evolving health care system; e. an EMS culture in which safety considerations for patients, providers, and the community permeate the full spectrum of activities; and f. a well-educated and uniformly credentialed EMS workforce. 8. How could the revised EMS Agenda contribute to enhanced VerDate Sep<11>2014 17:25 Mar 31, 2016 Jkt 238001 emergency medical services for children? 9. How could the revised EMS Agenda address the future of EMS data collection and information sharing? 10. How could the revised EMS Agenda support data-driven and evidence-based improvements in EMS systems? 11. How could the revised EMS Agenda enhance collaboration among EMS systems, health care providers, hospitals, public safety answering points, public health, insurers, palliative care and others? 12. How will innovative patient care delivery and finance models impact EMS systems over the next 30 years? 13. How could the revised EMS Agenda promote community preparedness and resilience? 14. How could the revised EMS Agenda contribute to improved coordination for mass casualty incident preparedness and response? 15. How could the revised EMS Agenda enhance the exchange of evidence based practices between military and civilian medicine? 16. How could the revised EMS Agenda support the seamless and unimpeded transfer of military EMS personnel to roles as civilian EMS providers? 17. How could the revised EMS Agenda support interstate credentialing of EMS personnel? 18. How could the revised EMS Agenda support improved patient outcomes in rural and frontier communities? 19. How could the revised EMS Agenda contribute to improved EMS education systems at the local, State, and national levels? 20. How could the revised EMS Agenda lead to improved EMS systems in tribal communities? 21. How could the revised EMS Agenda promote a culture of safety among EMS personnel, agencies and organizations? 22. Are there additional EMS attributes that should be included in the revised EMS Agenda? If so, please provide an explanation for why these additional EMS attributes should be included. 23. Are there EMS attributes in the EMS Agenda that should be eliminated from the revised edition? If so, please provide an explanation for why these EMS attributes should be eliminated. 24. What are your suggestions for the process that should be used in revising the EMS Agenda? 25. What specific agencies/ organizations/entities are essential to involve, in a revision of the EMS Agenda? PO 00000 Frm 00113 Fmt 4703 Sfmt 4703 18935 26. Do you have any additional comments regarding the revision of the EMS Agenda? Issued on: March 22, 2016. Jeffrey P. Michael, Associate Administrator, Research and Program Development. [FR Doc. 2016–06960 Filed 3–31–16; 8:45 am] BILLING CODE 4910–59–P DEPARTMENT OF TRANSPORTATION National Highway Traffic Safety Administration [Docket No. NHTSA–2016–0040] Request for Public Comments on NHTSA Enforcement Guidance Bulletin 2016–02: Safety-Related Defects and Emerging Automotive Technologies National Highway Traffic Safety Administration (NHTSA), Department of Transportation. ACTION: Request for public comments. AGENCY: Automotive technology is at a moment of rapid change and may evolve farther in the next decade than in the previous 45-plus year history of the Agency. As the world moves toward autonomous vehicles and innovative mobility solutions, NHTSA is interested in facilitating the rapid advance of technologies that will promote safety. NHTSA is commanded by Congress to protect the safety of the driving public against unreasonable risks of harm that may occur because of the design, construction, or performance of a motor vehicle or motor vehicle equipment, and mitigate risks of harm, including risks that may be emerging or contingent. As NHTSA always has done when evaluating new technologies and solutions, we will be guided by our statutory mission, the laws we are obligated to enforce, and the benefits of the emerging technologies appearing on America’s roadways. NHTSA has broad enforcement authority, under existing statutes and regulations, to address existing and emerging automotive technologies. This proposed Enforcement Guidance Bulletin sets forth NHTSA’s current views on emerging automotive technologies—including its view that when vulnerabilities of such technology or equipment pose an unreasonable risk to safety, those vulnerabilities constitute a safety-related defect—and suggests guiding principles and best practices for motor vehicle and equipment manufacturers in this context. This notice solicits comments from the public, motor vehicle and equipment manufacturers, and other interested SUMMARY: E:\FR\FM\01APN1.SGM 01APN1 18936 Federal Register / Vol. 81, No. 63 / Friday, April 1, 2016 / Notices asabaliauskas on DSK3SPTVN1PROD with NOTICES parties concerning the proposed guidance for motor vehicle and equipment manufacturers in developing and implementing new and emerging automotive technologies, safety compliance programs, and other business practices in connection with such technologies. DATES: Comments must be received on or before May 2, 2016. ADDRESSES: You may submit comments by any of the following methods: • Internet: Go to http:// www.regulations.gov and follow the online instructions for submitting comments. • Mail: Docket Management Facility, M–30, U.S. Department of Transportation, 1200 New Jersey Avenue SE., West Building, Room W12– 140, Washington, DC 20590. • Hand Delivery or Courier: U.S. Department of Transportation, 1200 New Jersey Avenue SE., West Building, Room W12–140, Washington, DC 20590 between 9 a.m. and 5 p.m. Eastern Time, Monday through Friday, except Federal holidays. • Facsimile: (202) 493–2251. Regardless of how you submit your comments, please mention the docket number of this document. You may also call the Docket at (202) 366–9322. Instructions: All comments received must include the Agency name and docket ID. Please submit your comments by only one means. Regardless of the method used for submitting comments, all submissions will be posted without change to http://www.regulations.gov, including any personal information provided. Thus, submitting such information makes it public. You may wish to read the Privacy Act notice, which can be viewed by clicking on the ‘‘Privacy and Security Notice’’ link in the footer of http://www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Justine Casselle, Office of the Chief Counsel, National Highway Traffic Safety Administration, or Elizabeth Mykytiuk, Office of the Chief Counsel, National Highway Traffic Safety Administration, at (202) 366–2992. SUPPLEMENTARY INFORMATION: I. Executive Summary Recent and continuing advances in automotive technology have great potential to generate significant safety benefits. Today’s motor vehicles are increasingly equipped with electronics, sensors, and computing power that enable the deployment of safety technologies and functions, such as forward-collision warning, automaticemergency braking, and lane keeping assist, which dramatically enhance safety. New technologies may not only prevent drivers from crashing, but may even do some or all of the driving for them. The safety implications of such emerging technologies are vast. Importantly, as these technologies become more widespread, manufacturers must ensure their safe development and implementation. To facilitate automotive safety innovation, to aid in the successful development and deployment of emerging automotive technologies, and to protect the public from potential flaws or threats associated with emerging automotive technologies, NHTSA is publishing, for guidance and informational purposes, this Enforcement Guidance Bulletin setting forth the Agency’s current view of its enforcement authority and principles guiding its exercise of that authority. This includes guiding principles and best practices for use by motor vehicle and equipment manufacturers. NHTSA is not establishing a binding set of rules, nor is the Agency suggesting that one particular set of practices applies in all situations. The Agency recognizes that best practices vary depending on circumstances, and manufacturers remain free to choose the solution that best fits their needs and the demands of automotive safety. However, to address safety concerns associated with emerging technologies in a comprehensive way, and to advise regulated entities of the Agency’s present views of certain enforcement subjects and issues, NHTSA submits this proposed Enforcement Guidance Bulletin for public comment. Based on the Agency’s review and analysis of that input, it will develop and issue a final ‘‘Enforcement Guidance Bulletin’’ on this topic. I. Executive Summary II. Legal and Policy Background A. NHTSA’s Enforcement Authority Under the Safety Act B. Determining the Existence of a Defect C. Determining an Unreasonable Risk to Safety III. Guidance and Recommended Best Practices: Safety-Related Defects, Unreasonable Risk, and Emerging Technologies II. Legal and Policy Background VerDate Sep<11>2014 17:25 Mar 31, 2016 Jkt 238001 A. NHTSA’s Enforcement Authority Under the Safety Act The National Traffic and Motor Vehicle Safety Act, as amended (‘‘Safety Act’’), 49 U.S.C. 30101 et seq., provides the basis and framework for NHTSA’s enforcement authority over motor vehicle and motor vehicle equipment PO 00000 Frm 00114 Fmt 4703 Sfmt 4703 defects and noncompliances with federal motor vehicle safety standards (FMVSS). This authority includes investigations, administrative proceedings, civil penalties, and civil enforcement actions. While automation and other advanced technologies may modify motor vehicle and equipment design, NHTSA’s statutory enforcement authority is general and flexible, which allows it to keep pace with innovation. The Agency has the authority to respond to a safety problem posed by new technologies in the same manner it has responded to safety problems posed by more established automotive technology and equipment, such as carburetors, the powertrain, vehicle control systems, and forward collision warning systems—by determining the existence of a defect that poses an unreasonable risk to motor vehicle safety and ordering the manufacturer to conduct a recall. See 49 U.S.C. 30118(b). This enforcement authority applies notwithstanding the presence or absence of an FMVSS for any particular type of advanced technology. See, e.g., United States v. Chrysler Corp., 158 F.3d 1350, 1351 (D.C. Cir. 1998) (NHTSA ‘‘may seek the recall of a motor vehicle either when a vehicle has ‘a defect related to motor vehicle safety’ or when a vehicle ‘does not comply with an applicable motor vehicle safety standard.’ ’’).1 Under the Safety Act, NHTSA has authority over motor vehicles, equipment included in or on a motor vehicle at the time of delivery to the first purchaser (i.e., original equipment), and motor vehicle replacement equipment. See 49 U.S.C. 30102(a)–(b). Motor vehicle equipment is broadly defined to include ‘‘any system, part, or component of a motor vehicle as originally manufactured’’ and ‘‘any similar part or component manufactured or sold for replacement or improvement of a system, part, or component.’’ 49 U.S.C. 30102(a)(7)(A)–(B). The Safety Act also gives NHTSA jurisdiction over after-market improvements, accessories, or additions to motor vehicles. See 49 U.S.C. 30102(a)(7)(B). All devices ‘‘manufactured, sold, delivered, or offered to be sold for use on public streets, roads, and highways with the apparent purpose of safeguarding users of motor vehicles against risk of accident, injury, or death’’ are similarly subject to NHTSA’s enforcement authority. 49 U.S.C. 30102(a)(7)(C). 1 A manufacturer’s obligation to recall motor vehicles and motor vehicle equipment determined to have a safety-related defect is separate and distinct from its obligation to recall motor vehicles and motor vehicle equipment that fail to comply with an applicable FMVSS. See 49 U.S.C. 30120. E:\FR\FM\01APN1.SGM 01APN1 Federal Register / Vol. 81, No. 63 / Friday, April 1, 2016 / Notices asabaliauskas on DSK3SPTVN1PROD with NOTICES With respect to new and emerging technologies, NHTSA considers automated vehicle technologies, systems, and equipment to be motor vehicle equipment, whether they are offered to the public as part of a new motor vehicle (as original equipment) or as an after-market replacement(s) of or improvement(s) to original equipment. NHTSA also considers software (including, but not necessarily limited to, the programs, instructions, code, and data used to operate computers and related devices), and after-market software updates, to be motor vehicle equipment within the meaning of the Safety Act. Software that enables devices not located in or on the motor vehicle to connect to the motor vehicle or its systems could, in some circumstances, also be considered motor vehicle equipment. Accordingly, a manufacturer of new and emerging vehicle technologies and equipment, whether it is the supplier of the equipment or the manufacturer of a motor vehicle on which the equipment is installed, has an obligation to notify NHTSA of any and all safety-related defects. See 49 CFR part 573. Any manufacturer or supplier that fails to do so may be subject to civil penalties. See 49 U.S.C. 30165(a). NHTSA is charged with reducing deaths, injuries, and economic losses resulting from motor vehicle crashes. See 49 U.S.C. 30101. Part of that mandate includes ensuring that motor vehicles and motor vehicle equipment, including new technologies, perform in ways that ‘‘protect[] the public against unreasonable risk of accidents occurring because of the design, construction, or performance of a motor vehicle, and against unreasonable risk of death or injury in an accident.’’ 49 U.S.C. 30102(a)(8). This responsibility also includes the nonoperational safety of a motor vehicle. Id. In pursuit of these safety objectives, and in the absence of adequate action by the manufacturer, NHTSA is authorized to determine that a motor vehicle or motor vehicle equipment is defective and that the defect poses an unreasonable risk to safety. See 49 U.S.C. 30118(b) and (c)(1). B. Determining the Existence of a Defect Under the Safety Act, a ‘‘defect’’ includes ‘‘any defect in performance, construction, a component, or material of a motor vehicle or motor vehicle equipment.’’ 49 U.S.C. 30102(a)(2). It also includes a defect in design. See United States v. General Motors Corp., 518 F.2d 420, 436 (D.C. Cir. 1975) (‘‘Wheels’’). A defect in an item of motor vehicle equipment (including hardware, software and other electronic systems) VerDate Sep<11>2014 17:25 Mar 31, 2016 Jkt 238001 may be considered a defect of the motor vehicle itself. See 49 U.S.C. 30102(b)(1)(F). Congress intended the Safety Act to represent a ‘‘commonsense’’ approach to safety and courts have followed that approach in determining what constitutes a ‘‘defect.’’ Wheels, 518 F.2d at 436. Accord Center for Auto Safety, Inc. v. National Highway Traffic Safety Administration, 342 F. Supp. 2d 1, 15 (D.D.C. 2004); Clarke v. TRW, Inc., 921 F. Supp. 927, 934 (N.D.N.Y. 1996). For this reason, a defect determination does not require an engineering explanation or root cause, but instead ‘‘may be based exclusively on the performance record of the component.’’ Wheels, 518 F.2d at 432 (‘‘[A] determination of a ‘defect’ does not require any predicate of a finding identifying engineering, metallurgical, or manufacturing failures.’’). Thus, a motor vehicle or item of equipment contains a defect if it is subject to a significant number of failures in normal operation, ‘‘including those failures occurring during ‘specified use’ or resulting from predictable abuse, but not including those resulting from normal deterioration due to age and wear.’’ 2 Center for Auto Safety, 342 F.2d at 13–14 (citing Wheels, 518 F.2d at 427). A ‘‘significant number of failures’’ is merely a ‘‘non-de minimus’’ quantity; it need not be a ‘‘substantial percentage of the total.’’ Wheels, 518 F.2d at 438 n.84. Whether there have been a ‘‘significant number of failures’’ is a fact-specific inquiry that includes considerations such as: The failure rate of the component in question; the failure rates of comparable components; and the importance of the component to the safe operation of the vehicle. Id. at 427. In addition, where appropriate, the determination of the existence of a defect may depend upon the failure rate in the affected class of vehicles compared to that of other peer vehicles. See United States v. Gen. Motors Corp., 841 F.2d 400, 412 (D.C. Cir.1988) (‘‘XCars’’). Finally, to constitute a defect, the failures must be attributable to the motor vehicle or equipment itself, rather than the driver or the road conditions. See id. It must be noted, however, that in some circumstances, a crash, injury, or death need not occur in order for a 2 ‘‘The protection afforded by the [Safety] Act was not limited to careful drivers who fastidiously observed speed limits and conscientiously complied with manufacturer’s instructions on vehicle maintenance and operation . . . . [the statute provides] an added area of safety to an owner who is lackadaisical, who neglects regular maintenance . . .’’ Wheels, 518 F.2d at 434. PO 00000 Frm 00115 Fmt 4703 Sfmt 4703 18937 vulnerability or safety risk to be considered a defect. The Agency relies on the performance record of a vehicle or component in making a defect determination where the engineering or root cause is unknown. See Wheels, 518 F.2d at 432. Where, however, the engineering or root cause is known, the Agency need not proceed with analyzing the performance record. See id.; see also United States v. Gen. Motors Corp., 565 F.2d 754, 758 (D.C. Cir. 1977) (‘‘Carburetors’’) (finding a defect to be safety-related if it ‘‘results in hazards as potentially dangerous as sudden engine fire, and where there is no dispute that at least some such hazards . . . can definitely be expected to occur in the future.’’). For software or other electronic systems, for example, when the engineering or root cause of the vulnerability or risk is known, a defect exists regardless of whether there have been any actual failures. C. Determining an Unreasonable Risk to Safety In order to support a recall, a defect must be related to motor vehicle safety. United States v. General Motors Corp., 561 F.2d 923, 928–29 (D.C. Cir. 1977) (‘‘Pitman Arms’’). In the context of the Safety Act, ‘‘motor vehicle safety’’ refers to an ‘‘unreasonable risk of accidents’’ and an ‘‘unreasonable risk of death or injury in an accident.’’ 49 U.S.C. 30102(a)(8). Thus, while the defect analysis has generally entailed a retrospective look at how many failures have occurred (see Wheels, Center for Auto Safety, and Pitman Arms), the safety-relatedness question is forwardlooking, and concerns the hazards that may arise in the future. See, e.g., Carburetors, 565 F.2d at 758. In general, for a defect to present an ‘‘unreasonable risk,’’ there must be a likelihood that it will cause or be associated with a ‘‘non-negligible’’ number of crashes, injuries, or deaths in the future. See, e.g., Carburetors, 565 F.2d at 759. This prediction of future hazards is called a ‘‘risk analysis.’’ See, e.g., Pitman Arms, 561 F.2d at 924 (Leventhal, J., dissenting) (‘‘GM presented a ‘risk analysis’ which predicts the likely number of future injuries or deaths to be expected in the remaining service life of the affected models’’). A forward-looking risk analysis is compelled by the purpose of the Safety Act, which ‘‘is not to protect individuals from the risks associated with defective vehicles only after serious injuries have already occurred; it is to prevent serious injuries stemming from established defects before they occur.’’ Carburetors, 565 F.2d at 759 (emphasis added). E:\FR\FM\01APN1.SGM 01APN1 18938 Federal Register / Vol. 81, No. 63 / Friday, April 1, 2016 / Notices asabaliauskas on DSK3SPTVN1PROD with NOTICES If the hazard is sufficiently serious, and at least some harm, however small, is expected to occur in the future, the risk may be deemed unreasonable. Carburetors, 565 F.2d at 759 (‘‘In the context of this case . . . even an ‘exceedingly small’ number of injuries from this admittedly defective and clearly dangerous carburetor appears to us ‘unreasonably large.’ ’’). In other words, where a defect presents a ‘‘clearly’’ or ‘‘potentially dangerous’’ hazard, and where ‘‘at least some such hazards’’—even an ‘‘exceedingly small’’ number—will occur in the future, that defect is necessarily safety-related. See Carburetors, 565 F.2d 754. This is so regardless of whether any injuries have already occurred, or whether the projected number of failures/injuries in the future is trending down. See id. at 759. Moreover, a defect may be considered ‘‘per se’’ safety-related if it causes the failure of a critical component; causes a vehicle fire; causes a loss of vehicle control; or suddenly moves the driver away from steering, accelerator, and brake controls— regardless of how many injuries or accidents are likely to occur in the future. See Carburetors, 565 F.2d 754 (engine fires); Pitman Arms, 561 F.2d 923 (loss of control); United States v. Ford Motor Co., 453 F. Supp. 1240 (D.D.C. 1978) (‘‘Wipers’’) (loss of visibility); United States v. Ford Motor Co., 421 F. Supp. 1239, 1243–1244 (D.D.C. 1976) (‘‘Seatbacks’’) (loss of control). Similarly, where it is alleged that a defect ‘‘is systematic and is prevalent in a particular class [of motor vehicles or equipment], . . . this is prima facie an unreasonable risk.’’ Pitman Arms, 561 F.2d at 929. III. Guidance and Recommended Best Practices: Safety-Related Defects, Unreasonable Risk, and Emerging Technologies Consistent with the foregoing background, NHTSA’s enforcement authority concerning safety-related defects in motor vehicles and equipment extends and applies equally to new and emerging automotive technologies. This includes, for example, automation technology and equipment, as well as advanced crash avoidance technologies. Where an autonomous vehicle or other emerging automotive technology causes crashes or injuries, or has a manifested safetyrelated failure or defect, and a manufacturer fails to act, NHTSA will exercise its enforcement authority to the fullest extent. Similarly, should the Agency determine that an autonomous vehicle or other new automotive technology presents a safety concern, VerDate Sep<11>2014 17:25 Mar 31, 2016 Jkt 238001 the Agency will evaluate such technology through its investigative authority to determine whether the technology presents an unreasonable risk to safety. To avoid violating Safety Act requirements and standards, manufacturers of emerging technology and the motor vehicles on which such technology is installed are strongly encouraged to take steps to proactively identify and resolve safety concerns before their products are available for use on public roadways. The Agency recognizes that much emerging automotive technology heavily involves electronic systems (such as hardware, software, sensors, global positioning systems (GPS) and vehicle-to-vehicle (V2V) safety communications systems). The Agency acknowledges that the increased use of electronic systems in motor vehicles and equipment may raise new and different safety concerns. However, the complexities of these systems do not diminish manufacturers’ duties under the Safety Act—both motor vehicle manufacturers and equipment manufacturers remain responsible for ensuring that their vehicles or equipment are free of safety-related defects or noncompliances, and do not otherwise pose an unreasonable risk to safety. Manufacturers are also reminded that they remain responsible for promptly reporting to NHTSA any safety-related defects or noncompliances, as well as timely notifying owners and dealers of the same. In assessing whether a motor vehicle or piece of motor vehicle equipment poses an unreasonable risk to safety, NHTSA considers the likelihood of the occurrence of a harm (i.e., fire, stalling, or malicious cybersecurity attack), the potential frequency of a harm, the severity of a harm, known engineering or root cause, and other relevant factors. Where a threatened harm is substantial, low potential frequency may not carry as much weight in NHTSA’s analysis. Software installed in or on a motor vehicle—which is motor vehicle equipment—presents its own unique safety risks. Because software often interacts with a motor vehicle’s critical safety systems (i.e., systems encompassing critical control functions such as braking, steering, or acceleration) the operation of those systems could be substantially altered by after-market software updates. Additionally, software located outside the motor vehicle (i.e., portable devices with vehicle-related software applications) could be used to affect and control a motor vehicle’s safety systems. If software has manifested a safety- PO 00000 Frm 00116 Fmt 4703 Sfmt 4703 related performance failure, or otherwise presents an unreasonable risk to safety, then the software failure or safety-risk constitutes a defect compelling a recall. In the case of cybersecurity vulnerabilities, NHTSA will weigh several factors in determining whether a vulnerability poses an unreasonable risk to safety (and thus constitutes a safetyrelated defect), including: (i) The amount of time elapsed since the vulnerability was discovered (e.g., less than one day, three months, or more than six months); (ii) the level of expertise needed to exploit the vulnerability (e.g., whether a layman can exploit the vulnerability or whether it takes experts to do so); (iii) the accessibility of knowledge of the underlying system (e.g., whether how the system works is public knowledge or whether it is sensitive and restricted); (iv) the necessary window of opportunity to exploit the vulnerability (e.g., an unlimited window or a very narrow window); and, (v) the level of equipment needed to exploit the vulnerability (e.g., standard or highly specialized). NHTSA uses those factors, and others, to help assess the overall probability of a malicious cybersecurity attack. The probability of an attack includes circumstances in which a vulnerability has been identified, but no actual incidents have been documented or confirmed. Confirmed field incidents may increase the weight NHTSA places on the probability of an attack in its assessment. Even before evidence of an attack, it is foreseeable that hackers will try to exploit cybersecurity vulnerabilities. For instance, if a cybersecurity vulnerability in any of a motor vehicle’s entry points (e.g., Wi-Fi, infotainment systems, the OBD–II port) allows remote access to a motor vehicle’s critical safety systems (i.e., systems encompassing critical control functions such as braking, steering, or acceleration), NHTSA may consider such a vulnerability to be a safetyrelated defect compelling a recall. Manufacturers should consider adopting a life-cycle approach to safety risks when developing automated vehicles, other innovative automotive technologies, and safety compliance programs and other business practices in connection with such technologies. A life-cycle approach would include ‘‘elements of assessment, design, implementation, and operations as well as an effective testing and certification program.’’ National Highway Traffic Safety Administration, A Summary of Cybersecurity Best Practices, (Oct. 2014), http://www.nhtsa.gov/DOT/ E:\FR\FM\01APN1.SGM 01APN1 asabaliauskas on DSK3SPTVN1PROD with NOTICES Federal Register / Vol. 81, No. 63 / Friday, April 1, 2016 / Notices NHTSA/NVS/Crash%20Avoidance/ Technical%20Publications/2014/ 812075_CybersecurityBestPractices.pdf. Considering hardware, software, and network and cloud security, manufacturers should consider developing a simulator, using case scenarios and threat modeling on all systems, sub-systems, and devices, to test for safety risks, including cybersecurity vulnerabilities, at all steps in the manufacturing process for the entire supply chain, to implement an effective risk mitigation plan. See id. Manufacturers of emerging technologies and the motor vehicles on which such technology is installed have a continuing obligation to proactively identify safety concerns and mitigate the risks of harm. If a manufacturer discovers or is otherwise made aware of any defects, noncompliances, or other unreasonable risks to safety after the vehicle and/or technology has been in safe operation for some time, then it should strongly consider promptly contacting the appropriate NHTSA personnel to determine the necessary next steps. Where a manufacturer fails to adequately address a safety concern, NHTSA, when appropriate, will explicitly address that concern through its enforcement authority. Applicability/Legal Statement: This proposed Enforcement Guidance Bulletin sets forth NHTSA’s current views on the topic of emerging automotive technology and suggests guiding principles and best practices to be utilized by motor vehicle and equipment manufacturers in this context. This proposed Bulletin is not a final agency action and is intended as guidance only. This proposed Bulletin does not have the force or effect of law. This Bulletin is not intended, nor can it be relied upon, to create any rights enforceable by any party against NHTSA, the U.S. Department of Transportation, or the United States. These recommended practices do not establish any defense to any violations of the Safety Act, or regulations thereunder, or violation of any statutes or regulations that NHTSA administers. This Bulletin may be revised in writing without notice to reflect changes in the Agency’s views and analysis, or to clarify and update text. Authority: 49 U.S.C. 30101–30103, 30116– 30121, 30166; delegation of authority at 49 CFR 1.95 and 49 CFR 501.8. VerDate Sep<11>2014 17:25 Mar 31, 2016 Jkt 238001 Issued in Washington, DC, on March 25, 2016 under authority delegated pursuant to 49 CFR 1.95. Paul A. Hemmersbaugh, Chief Counsel. [FR Doc. 2016–07353 Filed 3–29–16; 4:15 pm] BILLING CODE 4910–59–P DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency Agency Information Collection Activities; Information Collection Renewal; Submission for OMB Review; Securities Exchange Act Disclosure Rules and Securities of Federal Savings Associations Office of the Comptroller of the Currency (OCC), Treasury. ACTION: Notice and request for comment. AGENCY: The OCC, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on a continuing information collection, as required by the Paperwork Reduction Act of 1995 (PRA). In accordance with the requirements of the PRA, the OCC may not conduct or sponsor, and respondents are not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The OCC is soliciting comment concerning the renewal of its information collection titled, ‘‘Securities Exchange Act Disclosure Rules and Securities of Federal Savings Associations.’’ The OCC also is giving notice that it has sent the collection to OMB for review. DATES: Comments must be received by May 2, 2016. ADDRESSES: Because paper mail in the Washington, DC area and at the OCC is subject to delay, commenters are encouraged to submit comments by email, if possible. Comments may be sent to: Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, Attention: 1557–0106, 400 7th Street SW., suite 3E–218, mail stop 9W–11, Washington, DC 20219. In addition, comments may be sent by fax to (571) 465–4326 or by electronic mail to prainfo@occ.treas.gov. You may personally inspect and photocopy comments at the OCC, 400 7th Street SW., Washington, DC 20219. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by SUMMARY: PO 00000 Frm 00117 Fmt 4703 Sfmt 4703 18939 calling (202) 649–6700 or, for persons who are deaf or hard of hearing, TTY, (202) 649–5597. Upon arrival, visitors will be required to present valid government-issued photo identification and submit to security screening in order to inspect and photocopy comments. All comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not include any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure. Additionally, please send a copy of your comments by mail to: OCC Desk Officer, 1557–0106, U.S. Office of Management and Budget, 725 17th Street NW., #10235, Washington, DC 20503, or by email to: oira_submission@ omb.eop.gov. FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, Clearance Officer, (202) 649–5490 or, for persons who are deaf or hard of hearing, TTY, (202) 649– 5597, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th Street SW., Washington, DC 20219. SUPPLEMENTARY INFORMATION: The OCC is proposing to extend OMB approval of the following information collection: Title: Securities Exchange Act Disclosure Rules and Securities of Federal Savings Associations. OMB Control No.: 1557–0106. Description: This submission covers an existing regulation and involves no change to the regulation or to the information collection requirements. The Securities and Exchange Commission (SEC) is required by statute to collect, in accordance with its regulations, certain information and documents from any firm that is required to register its stock with the SEC.1 Federal law requires the OCC to apply similar regulations to any national bank or Federal savings association similarly required to be registered (those with a class of equity securities held by 2,000 or more shareholders).2 12 CFR part 11 ensures that a national bank or Federal savings association whose securities are subject to registration provides adequate information about its operations to current and potential shareholders, depositors, and the public. The OCC reviews the information to ensure that it complies with Federal law and makes public all information required to be filed under the rule. Investors, 1 15 2 15 E:\FR\FM\01APN1.SGM U.S.C. 78m(a)(1). U.S.C. 78l(i). 01APN1

Agencies

[Federal Register Volume 81, Number 63 (Friday, April 1, 2016)]
[Notices]
[Pages 18935-18939]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-07353]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

National Highway Traffic Safety Administration

[Docket No. NHTSA-2016-0040]


Request for Public Comments on NHTSA Enforcement Guidance 
Bulletin 2016-02: Safety-Related Defects and Emerging Automotive 
Technologies

AGENCY: National Highway Traffic Safety Administration (NHTSA), 
Department of Transportation.

ACTION: Request for public comments.

-----------------------------------------------------------------------

SUMMARY: Automotive technology is at a moment of rapid change and may 
evolve farther in the next decade than in the previous 45-plus year 
history of the Agency. As the world moves toward autonomous vehicles 
and innovative mobility solutions, NHTSA is interested in facilitating 
the rapid advance of technologies that will promote safety. NHTSA is 
commanded by Congress to protect the safety of the driving public 
against unreasonable risks of harm that may occur because of the 
design, construction, or performance of a motor vehicle or motor 
vehicle equipment, and mitigate risks of harm, including risks that may 
be emerging or contingent. As NHTSA always has done when evaluating new 
technologies and solutions, we will be guided by our statutory mission, 
the laws we are obligated to enforce, and the benefits of the emerging 
technologies appearing on America's roadways.
    NHTSA has broad enforcement authority, under existing statutes and 
regulations, to address existing and emerging automotive technologies. 
This proposed Enforcement Guidance Bulletin sets forth NHTSA's current 
views on emerging automotive technologies--including its view that when 
vulnerabilities of such technology or equipment pose an unreasonable 
risk to safety, those vulnerabilities constitute a safety-related 
defect--and suggests guiding principles and best practices for motor 
vehicle and equipment manufacturers in this context. This notice 
solicits comments from the public, motor vehicle and equipment 
manufacturers, and other interested

[[Page 18936]]

parties concerning the proposed guidance for motor vehicle and 
equipment manufacturers in developing and implementing new and emerging 
automotive technologies, safety compliance programs, and other business 
practices in connection with such technologies.

DATES: Comments must be received on or before May 2, 2016.

ADDRESSES: You may submit comments by any of the following methods:
     Internet: Go to http://www.regulations.gov and follow the 
online instructions for submitting comments.
     Mail: Docket Management Facility, M-30, U.S. Department of 
Transportation, 1200 New Jersey Avenue SE., West Building, Room W12-
140, Washington, DC 20590.
     Hand Delivery or Courier: U.S. Department of 
Transportation, 1200 New Jersey Avenue SE., West Building, Room W12-
140, Washington, DC 20590 between 9 a.m. and 5 p.m. Eastern Time, 
Monday through Friday, except Federal holidays.
     Facsimile: (202) 493-2251.
    Regardless of how you submit your comments, please mention the 
docket number of this document.
    You may also call the Docket at (202) 366-9322.
    Instructions: All comments received must include the Agency name 
and docket ID. Please submit your comments by only one means. 
Regardless of the method used for submitting comments, all submissions 
will be posted without change to http://www.regulations.gov, including 
any personal information provided. Thus, submitting such information 
makes it public. You may wish to read the Privacy Act notice, which can 
be viewed by clicking on the ``Privacy and Security Notice'' link in 
the footer of http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Justine Casselle, Office of the Chief 
Counsel, National Highway Traffic Safety Administration, or Elizabeth 
Mykytiuk, Office of the Chief Counsel, National Highway Traffic Safety 
Administration, at (202) 366-2992.

SUPPLEMENTARY INFORMATION: 

I. Executive Summary
II. Legal and Policy Background
    A. NHTSA's Enforcement Authority Under the Safety Act
    B. Determining the Existence of a Defect
    C. Determining an Unreasonable Risk to Safety
III. Guidance and Recommended Best Practices: Safety-Related 
Defects, Unreasonable Risk, and Emerging Technologies

I. Executive Summary

    Recent and continuing advances in automotive technology have great 
potential to generate significant safety benefits. Today's motor 
vehicles are increasingly equipped with electronics, sensors, and 
computing power that enable the deployment of safety technologies and 
functions, such as forward-collision warning, automatic-emergency 
braking, and lane keeping assist, which dramatically enhance safety. 
New technologies may not only prevent drivers from crashing, but may 
even do some or all of the driving for them. The safety implications of 
such emerging technologies are vast. Importantly, as these technologies 
become more widespread, manufacturers must ensure their safe 
development and implementation.
    To facilitate automotive safety innovation, to aid in the 
successful development and deployment of emerging automotive 
technologies, and to protect the public from potential flaws or threats 
associated with emerging automotive technologies, NHTSA is publishing, 
for guidance and informational purposes, this Enforcement Guidance 
Bulletin setting forth the Agency's current view of its enforcement 
authority and principles guiding its exercise of that authority. This 
includes guiding principles and best practices for use by motor vehicle 
and equipment manufacturers. NHTSA is not establishing a binding set of 
rules, nor is the Agency suggesting that one particular set of 
practices applies in all situations. The Agency recognizes that best 
practices vary depending on circumstances, and manufacturers remain 
free to choose the solution that best fits their needs and the demands 
of automotive safety. However, to address safety concerns associated 
with emerging technologies in a comprehensive way, and to advise 
regulated entities of the Agency's present views of certain enforcement 
subjects and issues, NHTSA submits this proposed Enforcement Guidance 
Bulletin for public comment. Based on the Agency's review and analysis 
of that input, it will develop and issue a final ``Enforcement Guidance 
Bulletin'' on this topic.

II. Legal and Policy Background

A. NHTSA's Enforcement Authority Under the Safety Act

    The National Traffic and Motor Vehicle Safety Act, as amended 
(``Safety Act''), 49 U.S.C. 30101 et seq., provides the basis and 
framework for NHTSA's enforcement authority over motor vehicle and 
motor vehicle equipment defects and noncompliances with federal motor 
vehicle safety standards (FMVSS). This authority includes 
investigations, administrative proceedings, civil penalties, and civil 
enforcement actions. While automation and other advanced technologies 
may modify motor vehicle and equipment design, NHTSA's statutory 
enforcement authority is general and flexible, which allows it to keep 
pace with innovation. The Agency has the authority to respond to a 
safety problem posed by new technologies in the same manner it has 
responded to safety problems posed by more established automotive 
technology and equipment, such as carburetors, the powertrain, vehicle 
control systems, and forward collision warning systems--by determining 
the existence of a defect that poses an unreasonable risk to motor 
vehicle safety and ordering the manufacturer to conduct a recall. See 
49 U.S.C. 30118(b). This enforcement authority applies notwithstanding 
the presence or absence of an FMVSS for any particular type of advanced 
technology. See, e.g., United States v. Chrysler Corp., 158 F.3d 1350, 
1351 (D.C. Cir. 1998) (NHTSA ``may seek the recall of a motor vehicle 
either when a vehicle has `a defect related to motor vehicle safety' or 
when a vehicle `does not comply with an applicable motor vehicle safety 
standard.' '').\1\
---------------------------------------------------------------------------

    \1\ A manufacturer's obligation to recall motor vehicles and 
motor vehicle equipment determined to have a safety-related defect 
is separate and distinct from its obligation to recall motor 
vehicles and motor vehicle equipment that fail to comply with an 
applicable FMVSS. See 49 U.S.C. 30120.
---------------------------------------------------------------------------

    Under the Safety Act, NHTSA has authority over motor vehicles, 
equipment included in or on a motor vehicle at the time of delivery to 
the first purchaser (i.e., original equipment), and motor vehicle 
replacement equipment. See 49 U.S.C. 30102(a)-(b). Motor vehicle 
equipment is broadly defined to include ``any system, part, or 
component of a motor vehicle as originally manufactured'' and ``any 
similar part or component manufactured or sold for replacement or 
improvement of a system, part, or component.'' 49 U.S.C. 
30102(a)(7)(A)-(B). The Safety Act also gives NHTSA jurisdiction over 
after-market improvements, accessories, or additions to motor vehicles. 
See 49 U.S.C. 30102(a)(7)(B). All devices ``manufactured, sold, 
delivered, or offered to be sold for use on public streets, roads, and 
highways with the apparent purpose of safeguarding users of motor 
vehicles against risk of accident, injury, or death'' are similarly 
subject to NHTSA's enforcement authority. 49 U.S.C. 30102(a)(7)(C).

[[Page 18937]]

    With respect to new and emerging technologies, NHTSA considers 
automated vehicle technologies, systems, and equipment to be motor 
vehicle equipment, whether they are offered to the public as part of a 
new motor vehicle (as original equipment) or as an after-market 
replacement(s) of or improvement(s) to original equipment. NHTSA also 
considers software (including, but not necessarily limited to, the 
programs, instructions, code, and data used to operate computers and 
related devices), and after-market software updates, to be motor 
vehicle equipment within the meaning of the Safety Act. Software that 
enables devices not located in or on the motor vehicle to connect to 
the motor vehicle or its systems could, in some circumstances, also be 
considered motor vehicle equipment. Accordingly, a manufacturer of new 
and emerging vehicle technologies and equipment, whether it is the 
supplier of the equipment or the manufacturer of a motor vehicle on 
which the equipment is installed, has an obligation to notify NHTSA of 
any and all safety-related defects. See 49 CFR part 573. Any 
manufacturer or supplier that fails to do so may be subject to civil 
penalties. See 49 U.S.C. 30165(a).
    NHTSA is charged with reducing deaths, injuries, and economic 
losses resulting from motor vehicle crashes. See 49 U.S.C. 30101. Part 
of that mandate includes ensuring that motor vehicles and motor vehicle 
equipment, including new technologies, perform in ways that ``protect[] 
the public against unreasonable risk of accidents occurring because of 
the design, construction, or performance of a motor vehicle, and 
against unreasonable risk of death or injury in an accident.'' 49 
U.S.C. 30102(a)(8). This responsibility also includes the 
nonoperational safety of a motor vehicle. Id. In pursuit of these 
safety objectives, and in the absence of adequate action by the 
manufacturer, NHTSA is authorized to determine that a motor vehicle or 
motor vehicle equipment is defective and that the defect poses an 
unreasonable risk to safety. See 49 U.S.C. 30118(b) and (c)(1).

B. Determining the Existence of a Defect

    Under the Safety Act, a ``defect'' includes ``any defect in 
performance, construction, a component, or material of a motor vehicle 
or motor vehicle equipment.'' 49 U.S.C. 30102(a)(2). It also includes a 
defect in design. See United States v. General Motors Corp., 518 F.2d 
420, 436 (D.C. Cir. 1975) (``Wheels''). A defect in an item of motor 
vehicle equipment (including hardware, software and other electronic 
systems) may be considered a defect of the motor vehicle itself. See 49 
U.S.C. 30102(b)(1)(F).
    Congress intended the Safety Act to represent a ``commonsense'' 
approach to safety and courts have followed that approach in 
determining what constitutes a ``defect.'' Wheels, 518 F.2d at 436. 
Accord Center for Auto Safety, Inc. v. National Highway Traffic Safety 
Administration, 342 F. Supp. 2d 1, 15 (D.D.C. 2004); Clarke v. TRW, 
Inc., 921 F. Supp. 927, 934 (N.D.N.Y. 1996). For this reason, a defect 
determination does not require an engineering explanation or root 
cause, but instead ``may be based exclusively on the performance record 
of the component.'' Wheels, 518 F.2d at 432 (``[A] determination of a 
`defect' does not require any predicate of a finding identifying 
engineering, metallurgical, or manufacturing failures.''). Thus, a 
motor vehicle or item of equipment contains a defect if it is subject 
to a significant number of failures in normal operation, ``including 
those failures occurring during `specified use' or resulting from 
predictable abuse, but not including those resulting from normal 
deterioration due to age and wear.'' \2\ Center for Auto Safety, 342 
F.2d at 13-14 (citing Wheels, 518 F.2d at 427).
---------------------------------------------------------------------------

    \2\ ``The protection afforded by the [Safety] Act was not 
limited to careful drivers who fastidiously observed speed limits 
and conscientiously complied with manufacturer's instructions on 
vehicle maintenance and operation . . . . [the statute provides] an 
added area of safety to an owner who is lackadaisical, who neglects 
regular maintenance . . .'' Wheels, 518 F.2d at 434.
---------------------------------------------------------------------------

    A ``significant number of failures'' is merely a ``non-de minimus'' 
quantity; it need not be a ``substantial percentage of the total.'' 
Wheels, 518 F.2d at 438 n.84. Whether there have been a ``significant 
number of failures'' is a fact-specific inquiry that includes 
considerations such as: The failure rate of the component in question; 
the failure rates of comparable components; and the importance of the 
component to the safe operation of the vehicle. Id. at 427. In 
addition, where appropriate, the determination of the existence of a 
defect may depend upon the failure rate in the affected class of 
vehicles compared to that of other peer vehicles. See United States v. 
Gen. Motors Corp., 841 F.2d 400, 412 (D.C. Cir.1988) (``X-Cars''). 
Finally, to constitute a defect, the failures must be attributable to 
the motor vehicle or equipment itself, rather than the driver or the 
road conditions. See id.
    It must be noted, however, that in some circumstances, a crash, 
injury, or death need not occur in order for a vulnerability or safety 
risk to be considered a defect. The Agency relies on the performance 
record of a vehicle or component in making a defect determination where 
the engineering or root cause is unknown. See Wheels, 518 F.2d at 432. 
Where, however, the engineering or root cause is known, the Agency need 
not proceed with analyzing the performance record. See id.; see also 
United States v. Gen. Motors Corp., 565 F.2d 754, 758 (D.C. Cir. 1977) 
(``Carburetors'') (finding a defect to be safety-related if it 
``results in hazards as potentially dangerous as sudden engine fire, 
and where there is no dispute that at least some such hazards . . . can 
definitely be expected to occur in the future.''). For software or 
other electronic systems, for example, when the engineering or root 
cause of the vulnerability or risk is known, a defect exists regardless 
of whether there have been any actual failures.

C. Determining an Unreasonable Risk to Safety

    In order to support a recall, a defect must be related to motor 
vehicle safety. United States v. General Motors Corp., 561 F.2d 923, 
928-29 (D.C. Cir. 1977) (``Pitman Arms''). In the context of the Safety 
Act, ``motor vehicle safety'' refers to an ``unreasonable risk of 
accidents'' and an ``unreasonable risk of death or injury in an 
accident.'' 49 U.S.C. 30102(a)(8). Thus, while the defect analysis has 
generally entailed a retrospective look at how many failures have 
occurred (see Wheels, Center for Auto Safety, and Pitman Arms), the 
safety-relatedness question is forward-looking, and concerns the 
hazards that may arise in the future. See, e.g., Carburetors, 565 F.2d 
at 758.
    In general, for a defect to present an ``unreasonable risk,'' there 
must be a likelihood that it will cause or be associated with a ``non-
negligible'' number of crashes, injuries, or deaths in the future. See, 
e.g., Carburetors, 565 F.2d at 759. This prediction of future hazards 
is called a ``risk analysis.'' See, e.g., Pitman Arms, 561 F.2d at 924 
(Leventhal, J., dissenting) (``GM presented a `risk analysis' which 
predicts the likely number of future injuries or deaths to be expected 
in the remaining service life of the affected models''). A forward-
looking risk analysis is compelled by the purpose of the Safety Act, 
which ``is not to protect individuals from the risks associated with 
defective vehicles only after serious injuries have already occurred; 
it is to prevent serious injuries stemming from established defects 
before they occur.'' Carburetors, 565 F.2d at 759 (emphasis added).

[[Page 18938]]

    If the hazard is sufficiently serious, and at least some harm, 
however small, is expected to occur in the future, the risk may be 
deemed unreasonable. Carburetors, 565 F.2d at 759 (``In the context of 
this case . . . even an `exceedingly small' number of injuries from 
this admittedly defective and clearly dangerous carburetor appears to 
us `unreasonably large.' ''). In other words, where a defect presents a 
``clearly'' or ``potentially dangerous'' hazard, and where ``at least 
some such hazards''--even an ``exceedingly small'' number--will occur 
in the future, that defect is necessarily safety-related. See 
Carburetors, 565 F.2d 754. This is so regardless of whether any 
injuries have already occurred, or whether the projected number of 
failures/injuries in the future is trending down. See id. at 759. 
Moreover, a defect may be considered ``per se'' safety-related if it 
causes the failure of a critical component; causes a vehicle fire; 
causes a loss of vehicle control; or suddenly moves the driver away 
from steering, accelerator, and brake controls--regardless of how many 
injuries or accidents are likely to occur in the future. See 
Carburetors, 565 F.2d 754 (engine fires); Pitman Arms, 561 F.2d 923 
(loss of control); United States v. Ford Motor Co., 453 F. Supp. 1240 
(D.D.C. 1978) (``Wipers'') (loss of visibility); United States v. Ford 
Motor Co., 421 F. Supp. 1239, 1243-1244 (D.D.C. 1976) (``Seatbacks'') 
(loss of control). Similarly, where it is alleged that a defect ``is 
systematic and is prevalent in a particular class [of motor vehicles or 
equipment], . . . this is prima facie an unreasonable risk.'' Pitman 
Arms, 561 F.2d at 929.

III. Guidance and Recommended Best Practices: Safety-Related Defects, 
Unreasonable Risk, and Emerging Technologies

    Consistent with the foregoing background, NHTSA's enforcement 
authority concerning safety-related defects in motor vehicles and 
equipment extends and applies equally to new and emerging automotive 
technologies. This includes, for example, automation technology and 
equipment, as well as advanced crash avoidance technologies. Where an 
autonomous vehicle or other emerging automotive technology causes 
crashes or injuries, or has a manifested safety-related failure or 
defect, and a manufacturer fails to act, NHTSA will exercise its 
enforcement authority to the fullest extent. Similarly, should the 
Agency determine that an autonomous vehicle or other new automotive 
technology presents a safety concern, the Agency will evaluate such 
technology through its investigative authority to determine whether the 
technology presents an unreasonable risk to safety.
    To avoid violating Safety Act requirements and standards, 
manufacturers of emerging technology and the motor vehicles on which 
such technology is installed are strongly encouraged to take steps to 
proactively identify and resolve safety concerns before their products 
are available for use on public roadways. The Agency recognizes that 
much emerging automotive technology heavily involves electronic systems 
(such as hardware, software, sensors, global positioning systems (GPS) 
and vehicle-to-vehicle (V2V) safety communications systems). The Agency 
acknowledges that the increased use of electronic systems in motor 
vehicles and equipment may raise new and different safety concerns. 
However, the complexities of these systems do not diminish 
manufacturers' duties under the Safety Act--both motor vehicle 
manufacturers and equipment manufacturers remain responsible for 
ensuring that their vehicles or equipment are free of safety-related 
defects or noncompliances, and do not otherwise pose an unreasonable 
risk to safety. Manufacturers are also reminded that they remain 
responsible for promptly reporting to NHTSA any safety-related defects 
or noncompliances, as well as timely notifying owners and dealers of 
the same.
    In assessing whether a motor vehicle or piece of motor vehicle 
equipment poses an unreasonable risk to safety, NHTSA considers the 
likelihood of the occurrence of a harm (i.e., fire, stalling, or 
malicious cybersecurity attack), the potential frequency of a harm, the 
severity of a harm, known engineering or root cause, and other relevant 
factors. Where a threatened harm is substantial, low potential 
frequency may not carry as much weight in NHTSA's analysis.
    Software installed in or on a motor vehicle--which is motor vehicle 
equipment--presents its own unique safety risks. Because software often 
interacts with a motor vehicle's critical safety systems (i.e., systems 
encompassing critical control functions such as braking, steering, or 
acceleration) the operation of those systems could be substantially 
altered by after-market software updates. Additionally, software 
located outside the motor vehicle (i.e., portable devices with vehicle-
related software applications) could be used to affect and control a 
motor vehicle's safety systems. If software has manifested a safety-
related performance failure, or otherwise presents an unreasonable risk 
to safety, then the software failure or safety-risk constitutes a 
defect compelling a recall.
    In the case of cybersecurity vulnerabilities, NHTSA will weigh 
several factors in determining whether a vulnerability poses an 
unreasonable risk to safety (and thus constitutes a safety-related 
defect), including: (i) The amount of time elapsed since the 
vulnerability was discovered (e.g., less than one day, three months, or 
more than six months); (ii) the level of expertise needed to exploit 
the vulnerability (e.g., whether a layman can exploit the vulnerability 
or whether it takes experts to do so); (iii) the accessibility of 
knowledge of the underlying system (e.g., whether how the system works 
is public knowledge or whether it is sensitive and restricted); (iv) 
the necessary window of opportunity to exploit the vulnerability (e.g., 
an unlimited window or a very narrow window); and, (v) the level of 
equipment needed to exploit the vulnerability (e.g., standard or highly 
specialized).
    NHTSA uses those factors, and others, to help assess the overall 
probability of a malicious cybersecurity attack. The probability of an 
attack includes circumstances in which a vulnerability has been 
identified, but no actual incidents have been documented or confirmed. 
Confirmed field incidents may increase the weight NHTSA places on the 
probability of an attack in its assessment. Even before evidence of an 
attack, it is foreseeable that hackers will try to exploit 
cybersecurity vulnerabilities. For instance, if a cybersecurity 
vulnerability in any of a motor vehicle's entry points (e.g., Wi-Fi, 
infotainment systems, the OBD-II port) allows remote access to a motor 
vehicle's critical safety systems (i.e., systems encompassing critical 
control functions such as braking, steering, or acceleration), NHTSA 
may consider such a vulnerability to be a safety-related defect 
compelling a recall.
    Manufacturers should consider adopting a life-cycle approach to 
safety risks when developing automated vehicles, other innovative 
automotive technologies, and safety compliance programs and other 
business practices in connection with such technologies. A life-cycle 
approach would include ``elements of assessment, design, 
implementation, and operations as well as an effective testing and 
certification program.'' National Highway Traffic Safety 
Administration, A Summary of Cybersecurity Best Practices, (Oct. 2014), 
http://www.nhtsa.gov/DOT/

[[Page 18939]]

NHTSA/NVS/Crash%20Avoidance/Technical%20Publications/2014/
812075_CybersecurityBestPractices.pdf. Considering hardware, software, 
and network and cloud security, manufacturers should consider 
developing a simulator, using case scenarios and threat modeling on all 
systems, sub-systems, and devices, to test for safety risks, including 
cybersecurity vulnerabilities, at all steps in the manufacturing 
process for the entire supply chain, to implement an effective risk 
mitigation plan. See id.
    Manufacturers of emerging technologies and the motor vehicles on 
which such technology is installed have a continuing obligation to 
proactively identify safety concerns and mitigate the risks of harm. If 
a manufacturer discovers or is otherwise made aware of any defects, 
noncompliances, or other unreasonable risks to safety after the vehicle 
and/or technology has been in safe operation for some time, then it 
should strongly consider promptly contacting the appropriate NHTSA 
personnel to determine the necessary next steps. Where a manufacturer 
fails to adequately address a safety concern, NHTSA, when appropriate, 
will explicitly address that concern through its enforcement authority.
    Applicability/Legal Statement: This proposed Enforcement Guidance 
Bulletin sets forth NHTSA's current views on the topic of emerging 
automotive technology and suggests guiding principles and best 
practices to be utilized by motor vehicle and equipment manufacturers 
in this context. This proposed Bulletin is not a final agency action 
and is intended as guidance only. This proposed Bulletin does not have 
the force or effect of law. This Bulletin is not intended, nor can it 
be relied upon, to create any rights enforceable by any party against 
NHTSA, the U.S. Department of Transportation, or the United States. 
These recommended practices do not establish any defense to any 
violations of the Safety Act, or regulations thereunder, or violation 
of any statutes or regulations that NHTSA administers. This Bulletin 
may be revised in writing without notice to reflect changes in the 
Agency's views and analysis, or to clarify and update text.

    Authority: 49 U.S.C. 30101-30103, 30116-30121, 30166; delegation 
of authority at 49 CFR 1.95 and 49 CFR 501.8.

    Issued in Washington, DC, on March 25, 2016 under authority 
delegated pursuant to 49 CFR 1.95.
Paul A. Hemmersbaugh,
Chief Counsel.
[FR Doc. 2016-07353 Filed 3-29-16; 4:15 pm]
 BILLING CODE 4910-59-P