Request for Public Comments on NHTSA Enforcement Guidance Bulletin 2016-02: Safety-Related Defects and Emerging Automotive Technologies, 18935-18939 [2016-07353]
Download as PDF
<![CDATA[
Federal Register / Vol. 81, No. 63 / Friday, April 1, 2016 / Notices
• Medical Direction;
• Education Systems;
• Public Education;
• Prevention;
• Public Access;
• Communication Systems;
• Clinical Care;
• Information Systems;
• Evaluation.
In 2014, NEMSAC recommended that
NHTSA undertake a major revision of
the EMS Agenda. NHTSA, on behalf of
FICEMS, intends to work closely with
EMS stakeholders in revising the EMS
Agenda. It is anticipated the revised
EMS Agenda will envision the evolution
of EMS systems over the next 30 years.
asabaliauskas on DSK3SPTVN1PROD with NOTICES
Questions on the Proposed Revision of
the EMS Agenda
Responses to the following questions
are requested to help plan the revision
of the EMS Agenda. Please provide
references as appropriate.
1. What are the most critical issues
facing EMS systems that should be
addressed in the revision of the EMS
Agenda? Please be as specific as
possible.
2. What progress has been made in
implementing the EMS Agenda since its
publication in 1996?
3. How have you used the EMS
Agenda? Please provide specific
examples.
4. As an EMS stakeholder, how might
the revised EMS Agenda be most useful
to you?
5. What significant changes have
occurred in EMS systems at the
national, State and local levels since
1996?
6. What significant changes will
impact EMS systems over the next 30
years?
7. How might the revised EMS
Agenda support the following FICEMS
Strategic Plan goals:
a. Coordinated, regionalized, and
accountable EMS and 9–1–1 systems
that provide safe, high-quality care;
b. data-driven and evidence-based
EMS systems that promote improved
patient care quality;
c. EMS systems fully integrated into
State, territorial, local, tribal, regional,
and Federal preparedness planning,
response, and recovery;
d. EMS systems that are sustainable,
forward looking, and integrated with the
evolving health care system;
e. an EMS culture in which safety
considerations for patients, providers,
and the community permeate the full
spectrum of activities; and
f. a well-educated and uniformly
credentialed EMS workforce.
8. How could the revised EMS
Agenda contribute to enhanced
VerDate Sep<11>2014
17:25 Mar 31, 2016
Jkt 238001
emergency medical services for
children?
9. How could the revised EMS
Agenda address the future of EMS data
collection and information sharing?
10. How could the revised EMS
Agenda support data-driven and
evidence-based improvements in EMS
systems?
11. How could the revised EMS
Agenda enhance collaboration among
EMS systems, health care providers,
hospitals, public safety answering
points, public health, insurers,
palliative care and others?
12. How will innovative patient care
delivery and finance models impact
EMS systems over the next 30 years?
13. How could the revised EMS
Agenda promote community
preparedness and resilience?
14. How could the revised EMS
Agenda contribute to improved
coordination for mass casualty incident
preparedness and response?
15. How could the revised EMS
Agenda enhance the exchange of
evidence based practices between
military and civilian medicine?
16. How could the revised EMS
Agenda support the seamless and
unimpeded transfer of military EMS
personnel to roles as civilian EMS
providers?
17. How could the revised EMS
Agenda support interstate credentialing
of EMS personnel?
18. How could the revised EMS
Agenda support improved patient
outcomes in rural and frontier
communities?
19. How could the revised EMS
Agenda contribute to improved EMS
education systems at the local, State,
and national levels?
20. How could the revised EMS
Agenda lead to improved EMS systems
in tribal communities?
21. How could the revised EMS
Agenda promote a culture of safety
among EMS personnel, agencies and
organizations?
22. Are there additional EMS
attributes that should be included in the
revised EMS Agenda? If so, please
provide an explanation for why these
additional EMS attributes should be
included.
23. Are there EMS attributes in the
EMS Agenda that should be eliminated
from the revised edition? If so, please
provide an explanation for why these
EMS attributes should be eliminated.
24. What are your suggestions for the
process that should be used in revising
the EMS Agenda?
25. What specific agencies/
organizations/entities are essential to
involve, in a revision of the EMS
Agenda?
PO 00000
Frm 00113
Fmt 4703
Sfmt 4703
18935
26. Do you have any additional
comments regarding the revision of the
EMS Agenda?
Issued on: March 22, 2016.
Jeffrey P. Michael,
Associate Administrator, Research and
Program Development.
[FR Doc. 2016–06960 Filed 3–31–16; 8:45 am]
BILLING CODE 4910–59–P
DEPARTMENT OF TRANSPORTATION
National Highway Traffic Safety
Administration
[Docket No. NHTSA–2016–0040]
Request for Public Comments on
NHTSA Enforcement Guidance Bulletin
2016–02: Safety-Related Defects and
Emerging Automotive Technologies
National Highway Traffic
Safety Administration (NHTSA),
Department of Transportation.
ACTION: Request for public comments.
AGENCY:
Automotive technology is at a
moment of rapid change and may evolve
farther in the next decade than in the
previous 45-plus year history of the
Agency. As the world moves toward
autonomous vehicles and innovative
mobility solutions, NHTSA is interested
in facilitating the rapid advance of
technologies that will promote safety.
NHTSA is commanded by Congress to
protect the safety of the driving public
against unreasonable risks of harm that
may occur because of the design,
construction, or performance of a motor
vehicle or motor vehicle equipment, and
mitigate risks of harm, including risks
that may be emerging or contingent. As
NHTSA always has done when
evaluating new technologies and
solutions, we will be guided by our
statutory mission, the laws we are
obligated to enforce, and the benefits of
the emerging technologies appearing on
America’s roadways.
NHTSA has broad enforcement
authority, under existing statutes and
regulations, to address existing and
emerging automotive technologies. This
proposed Enforcement Guidance
Bulletin sets forth NHTSA’s current
views on emerging automotive
technologies—including its view that
when vulnerabilities of such technology
or equipment pose an unreasonable risk
to safety, those vulnerabilities constitute
a safety-related defect—and suggests
guiding principles and best practices for
motor vehicle and equipment
manufacturers in this context. This
notice solicits comments from the
public, motor vehicle and equipment
manufacturers, and other interested
SUMMARY:
E:\FR\FM\01APN1.SGM
01APN1
18936
Federal Register / Vol. 81, No. 63 / Friday, April 1, 2016 / Notices
asabaliauskas on DSK3SPTVN1PROD with NOTICES
parties concerning the proposed
guidance for motor vehicle and
equipment manufacturers in developing
and implementing new and emerging
automotive technologies, safety
compliance programs, and other
business practices in connection with
such technologies.
DATES: Comments must be received on
or before May 2, 2016.
ADDRESSES: You may submit comments
by any of the following methods:
• Internet: Go to https://
www.regulations.gov and follow the
online instructions for submitting
comments.
• Mail: Docket Management Facility,
M–30, U.S. Department of
Transportation, 1200 New Jersey
Avenue SE., West Building, Room W12–
140, Washington, DC 20590.
• Hand Delivery or Courier: U.S.
Department of Transportation, 1200
New Jersey Avenue SE., West Building,
Room W12–140, Washington, DC 20590
between 9 a.m. and 5 p.m. Eastern Time,
Monday through Friday, except Federal
holidays.
• Facsimile: (202) 493–2251.
Regardless of how you submit your
comments, please mention the docket
number of this document.
You may also call the Docket at (202)
366–9322.
Instructions: All comments received
must include the Agency name and
docket ID. Please submit your comments
by only one means. Regardless of the
method used for submitting comments,
all submissions will be posted without
change to https://www.regulations.gov,
including any personal information
provided. Thus, submitting such
information makes it public. You may
wish to read the Privacy Act notice,
which can be viewed by clicking on the
‘‘Privacy and Security Notice’’ link in
the footer of https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT:
Justine Casselle, Office of the Chief
Counsel, National Highway Traffic
Safety Administration, or Elizabeth
Mykytiuk, Office of the Chief Counsel,
National Highway Traffic Safety
Administration, at (202) 366–2992.
SUPPLEMENTARY INFORMATION:
I. Executive Summary
Recent and continuing advances in
automotive technology have great
potential to generate significant safety
benefits. Today’s motor vehicles are
increasingly equipped with electronics,
sensors, and computing power that
enable the deployment of safety
technologies and functions, such as
forward-collision warning, automaticemergency braking, and lane keeping
assist, which dramatically enhance
safety. New technologies may not only
prevent drivers from crashing, but may
even do some or all of the driving for
them. The safety implications of such
emerging technologies are vast.
Importantly, as these technologies
become more widespread,
manufacturers must ensure their safe
development and implementation.
To facilitate automotive safety
innovation, to aid in the successful
development and deployment of
emerging automotive technologies, and
to protect the public from potential
flaws or threats associated with
emerging automotive technologies,
NHTSA is publishing, for guidance and
informational purposes, this
Enforcement Guidance Bulletin setting
forth the Agency’s current view of its
enforcement authority and principles
guiding its exercise of that authority.
This includes guiding principles and
best practices for use by motor vehicle
and equipment manufacturers. NHTSA
is not establishing a binding set of rules,
nor is the Agency suggesting that one
particular set of practices applies in all
situations. The Agency recognizes that
best practices vary depending on
circumstances, and manufacturers
remain free to choose the solution that
best fits their needs and the demands of
automotive safety. However, to address
safety concerns associated with
emerging technologies in a
comprehensive way, and to advise
regulated entities of the Agency’s
present views of certain enforcement
subjects and issues, NHTSA submits
this proposed Enforcement Guidance
Bulletin for public comment. Based on
the Agency’s review and analysis of that
input, it will develop and issue a final
‘‘Enforcement Guidance Bulletin’’ on
this topic.
I. Executive Summary
II. Legal and Policy Background
A. NHTSA’s Enforcement Authority Under
the Safety Act
B. Determining the Existence of a Defect
C. Determining an Unreasonable Risk to
Safety
III. Guidance and Recommended Best
Practices: Safety-Related Defects,
Unreasonable Risk, and Emerging
Technologies
II. Legal and Policy Background
VerDate Sep<11>2014
17:25 Mar 31, 2016
Jkt 238001
A. NHTSA’s Enforcement Authority
Under the Safety Act
The National Traffic and Motor
Vehicle Safety Act, as amended (‘‘Safety
Act’’), 49 U.S.C. 30101 et seq., provides
the basis and framework for NHTSA’s
enforcement authority over motor
vehicle and motor vehicle equipment
PO 00000
Frm 00114
Fmt 4703
Sfmt 4703
defects and noncompliances with
federal motor vehicle safety standards
(FMVSS). This authority includes
investigations, administrative
proceedings, civil penalties, and civil
enforcement actions. While automation
and other advanced technologies may
modify motor vehicle and equipment
design, NHTSA’s statutory enforcement
authority is general and flexible, which
allows it to keep pace with innovation.
The Agency has the authority to
respond to a safety problem posed by
new technologies in the same manner it
has responded to safety problems posed
by more established automotive
technology and equipment, such as
carburetors, the powertrain, vehicle
control systems, and forward collision
warning systems—by determining the
existence of a defect that poses an
unreasonable risk to motor vehicle
safety and ordering the manufacturer to
conduct a recall. See 49 U.S.C. 30118(b).
This enforcement authority applies
notwithstanding the presence or
absence of an FMVSS for any particular
type of advanced technology. See, e.g.,
United States v. Chrysler Corp., 158
F.3d 1350, 1351 (D.C. Cir. 1998)
(NHTSA ‘‘may seek the recall of a motor
vehicle either when a vehicle has ‘a
defect related to motor vehicle safety’ or
when a vehicle ‘does not comply with
an applicable motor vehicle safety
standard.’ ’’).1
Under the Safety Act, NHTSA has
authority over motor vehicles,
equipment included in or on a motor
vehicle at the time of delivery to the
first purchaser (i.e., original equipment),
and motor vehicle replacement
equipment. See 49 U.S.C. 30102(a)–(b).
Motor vehicle equipment is broadly
defined to include ‘‘any system, part, or
component of a motor vehicle as
originally manufactured’’ and ‘‘any
similar part or component manufactured
or sold for replacement or improvement
of a system, part, or component.’’ 49
U.S.C. 30102(a)(7)(A)–(B). The Safety
Act also gives NHTSA jurisdiction over
after-market improvements, accessories,
or additions to motor vehicles. See 49
U.S.C. 30102(a)(7)(B). All devices
‘‘manufactured, sold, delivered, or
offered to be sold for use on public
streets, roads, and highways with the
apparent purpose of safeguarding users
of motor vehicles against risk of
accident, injury, or death’’ are similarly
subject to NHTSA’s enforcement
authority. 49 U.S.C. 30102(a)(7)(C).
1 A manufacturer’s obligation to recall motor
vehicles and motor vehicle equipment determined
to have a safety-related defect is separate and
distinct from its obligation to recall motor vehicles
and motor vehicle equipment that fail to comply
with an applicable FMVSS. See 49 U.S.C. 30120.
E:\FR\FM\01APN1.SGM
01APN1
Federal Register / Vol. 81, No. 63 / Friday, April 1, 2016 / Notices
asabaliauskas on DSK3SPTVN1PROD with NOTICES
With respect to new and emerging
technologies, NHTSA considers
automated vehicle technologies,
systems, and equipment to be motor
vehicle equipment, whether they are
offered to the public as part of a new
motor vehicle (as original equipment) or
as an after-market replacement(s) of or
improvement(s) to original equipment.
NHTSA also considers software
(including, but not necessarily limited
to, the programs, instructions, code, and
data used to operate computers and
related devices), and after-market
software updates, to be motor vehicle
equipment within the meaning of the
Safety Act. Software that enables
devices not located in or on the motor
vehicle to connect to the motor vehicle
or its systems could, in some
circumstances, also be considered motor
vehicle equipment. Accordingly, a
manufacturer of new and emerging
vehicle technologies and equipment,
whether it is the supplier of the
equipment or the manufacturer of a
motor vehicle on which the equipment
is installed, has an obligation to notify
NHTSA of any and all safety-related
defects. See 49 CFR part 573. Any
manufacturer or supplier that fails to do
so may be subject to civil penalties. See
49 U.S.C. 30165(a).
NHTSA is charged with reducing
deaths, injuries, and economic losses
resulting from motor vehicle crashes.
See 49 U.S.C. 30101. Part of that
mandate includes ensuring that motor
vehicles and motor vehicle equipment,
including new technologies, perform in
ways that ‘‘protect[] the public against
unreasonable risk of accidents occurring
because of the design, construction, or
performance of a motor vehicle, and
against unreasonable risk of death or
injury in an accident.’’ 49 U.S.C.
30102(a)(8). This responsibility also
includes the nonoperational safety of a
motor vehicle. Id. In pursuit of these
safety objectives, and in the absence of
adequate action by the manufacturer,
NHTSA is authorized to determine that
a motor vehicle or motor vehicle
equipment is defective and that the
defect poses an unreasonable risk to
safety. See 49 U.S.C. 30118(b) and (c)(1).
B. Determining the Existence of a Defect
Under the Safety Act, a ‘‘defect’’
includes ‘‘any defect in performance,
construction, a component, or material
of a motor vehicle or motor vehicle
equipment.’’ 49 U.S.C. 30102(a)(2). It
also includes a defect in design. See
United States v. General Motors Corp.,
518 F.2d 420, 436 (D.C. Cir. 1975)
(‘‘Wheels’’). A defect in an item of motor
vehicle equipment (including hardware,
software and other electronic systems)
VerDate Sep<11>2014
17:25 Mar 31, 2016
Jkt 238001
may be considered a defect of the motor
vehicle itself. See 49 U.S.C.
30102(b)(1)(F).
Congress intended the Safety Act to
represent a ‘‘commonsense’’ approach to
safety and courts have followed that
approach in determining what
constitutes a ‘‘defect.’’ Wheels, 518 F.2d
at 436. Accord Center for Auto Safety,
Inc. v. National Highway Traffic Safety
Administration, 342 F. Supp. 2d 1, 15
(D.D.C. 2004); Clarke v. TRW, Inc., 921
F. Supp. 927, 934 (N.D.N.Y. 1996). For
this reason, a defect determination does
not require an engineering explanation
or root cause, but instead ‘‘may be based
exclusively on the performance record
of the component.’’ Wheels, 518 F.2d at
432 (‘‘[A] determination of a ‘defect’
does not require any predicate of a
finding identifying engineering,
metallurgical, or manufacturing
failures.’’). Thus, a motor vehicle or
item of equipment contains a defect if
it is subject to a significant number of
failures in normal operation, ‘‘including
those failures occurring during
‘specified use’ or resulting from
predictable abuse, but not including
those resulting from normal
deterioration due to age and
wear.’’ 2 Center for Auto Safety, 342 F.2d
at 13–14 (citing Wheels, 518 F.2d at
427).
A ‘‘significant number of failures’’ is
merely a ‘‘non-de minimus’’ quantity; it
need not be a ‘‘substantial percentage of
the total.’’ Wheels, 518 F.2d at 438 n.84.
Whether there have been a ‘‘significant
number of failures’’ is a fact-specific
inquiry that includes considerations
such as: The failure rate of the
component in question; the failure rates
of comparable components; and the
importance of the component to the safe
operation of the vehicle. Id. at 427. In
addition, where appropriate, the
determination of the existence of a
defect may depend upon the failure rate
in the affected class of vehicles
compared to that of other peer vehicles.
See United States v. Gen. Motors Corp.,
841 F.2d 400, 412 (D.C. Cir.1988) (‘‘XCars’’). Finally, to constitute a defect,
the failures must be attributable to the
motor vehicle or equipment itself, rather
than the driver or the road conditions.
See id.
It must be noted, however, that in
some circumstances, a crash, injury, or
death need not occur in order for a
2 ‘‘The protection afforded by the [Safety] Act was
not limited to careful drivers who fastidiously
observed speed limits and conscientiously
complied with manufacturer’s instructions on
vehicle maintenance and operation . . . . [the
statute provides] an added area of safety to an
owner who is lackadaisical, who neglects regular
maintenance . . .’’ Wheels, 518 F.2d at 434.
PO 00000
Frm 00115
Fmt 4703
Sfmt 4703
18937
vulnerability or safety risk to be
considered a defect. The Agency relies
on the performance record of a vehicle
or component in making a defect
determination where the engineering or
root cause is unknown. See Wheels, 518
F.2d at 432. Where, however, the
engineering or root cause is known, the
Agency need not proceed with
analyzing the performance record. See
id.; see also United States v. Gen.
Motors Corp., 565 F.2d 754, 758 (D.C.
Cir. 1977) (‘‘Carburetors’’) (finding a
defect to be safety-related if it ‘‘results
in hazards as potentially dangerous as
sudden engine fire, and where there is
no dispute that at least some such
hazards . . . can definitely be expected
to occur in the future.’’). For software or
other electronic systems, for example,
when the engineering or root cause of
the vulnerability or risk is known, a
defect exists regardless of whether there
have been any actual failures.
C. Determining an Unreasonable Risk to
Safety
In order to support a recall, a defect
must be related to motor vehicle safety.
United States v. General Motors Corp.,
561 F.2d 923, 928–29 (D.C. Cir. 1977)
(‘‘Pitman Arms’’). In the context of the
Safety Act, ‘‘motor vehicle safety’’ refers
to an ‘‘unreasonable risk of accidents’’
and an ‘‘unreasonable risk of death or
injury in an accident.’’ 49 U.S.C.
30102(a)(8). Thus, while the defect
analysis has generally entailed a
retrospective look at how many failures
have occurred (see Wheels, Center for
Auto Safety, and Pitman Arms), the
safety-relatedness question is forwardlooking, and concerns the hazards that
may arise in the future. See, e.g.,
Carburetors, 565 F.2d at 758.
In general, for a defect to present an
‘‘unreasonable risk,’’ there must be a
likelihood that it will cause or be
associated with a ‘‘non-negligible’’
number of crashes, injuries, or deaths in
the future. See, e.g., Carburetors, 565
F.2d at 759. This prediction of future
hazards is called a ‘‘risk analysis.’’ See,
e.g., Pitman Arms, 561 F.2d at 924
(Leventhal, J., dissenting) (‘‘GM
presented a ‘risk analysis’ which
predicts the likely number of future
injuries or deaths to be expected in the
remaining service life of the affected
models’’). A forward-looking risk
analysis is compelled by the purpose of
the Safety Act, which ‘‘is not to protect
individuals from the risks associated
with defective vehicles only after
serious injuries have already occurred;
it is to prevent serious injuries
stemming from established defects
before they occur.’’ Carburetors, 565
F.2d at 759 (emphasis added).
E:\FR\FM\01APN1.SGM
01APN1
18938
Federal Register / Vol. 81, No. 63 / Friday, April 1, 2016 / Notices
asabaliauskas on DSK3SPTVN1PROD with NOTICES
If the hazard is sufficiently serious,
and at least some harm, however small,
is expected to occur in the future, the
risk may be deemed unreasonable.
Carburetors, 565 F.2d at 759 (‘‘In the
context of this case . . . even an
‘exceedingly small’ number of injuries
from this admittedly defective and
clearly dangerous carburetor appears to
us ‘unreasonably large.’ ’’). In other
words, where a defect presents a
‘‘clearly’’ or ‘‘potentially dangerous’’
hazard, and where ‘‘at least some such
hazards’’—even an ‘‘exceedingly small’’
number—will occur in the future, that
defect is necessarily safety-related. See
Carburetors, 565 F.2d 754. This is so
regardless of whether any injuries have
already occurred, or whether the
projected number of failures/injuries in
the future is trending down. See id. at
759. Moreover, a defect may be
considered ‘‘per se’’ safety-related if it
causes the failure of a critical
component; causes a vehicle fire; causes
a loss of vehicle control; or suddenly
moves the driver away from steering,
accelerator, and brake controls—
regardless of how many injuries or
accidents are likely to occur in the
future. See Carburetors, 565 F.2d 754
(engine fires); Pitman Arms, 561 F.2d
923 (loss of control); United States v.
Ford Motor Co., 453 F. Supp. 1240
(D.D.C. 1978) (‘‘Wipers’’) (loss of
visibility); United States v. Ford Motor
Co., 421 F. Supp. 1239, 1243–1244
(D.D.C. 1976) (‘‘Seatbacks’’) (loss of
control). Similarly, where it is alleged
that a defect ‘‘is systematic and is
prevalent in a particular class [of motor
vehicles or equipment], . . . this is
prima facie an unreasonable risk.’’
Pitman Arms, 561 F.2d at 929.
III. Guidance and Recommended Best
Practices: Safety-Related Defects,
Unreasonable Risk, and Emerging
Technologies
Consistent with the foregoing
background, NHTSA’s enforcement
authority concerning safety-related
defects in motor vehicles and
equipment extends and applies equally
to new and emerging automotive
technologies. This includes, for
example, automation technology and
equipment, as well as advanced crash
avoidance technologies. Where an
autonomous vehicle or other emerging
automotive technology causes crashes or
injuries, or has a manifested safetyrelated failure or defect, and a
manufacturer fails to act, NHTSA will
exercise its enforcement authority to the
fullest extent. Similarly, should the
Agency determine that an autonomous
vehicle or other new automotive
technology presents a safety concern,
VerDate Sep<11>2014
17:25 Mar 31, 2016
Jkt 238001
the Agency will evaluate such
technology through its investigative
authority to determine whether the
technology presents an unreasonable
risk to safety.
To avoid violating Safety Act
requirements and standards,
manufacturers of emerging technology
and the motor vehicles on which such
technology is installed are strongly
encouraged to take steps to proactively
identify and resolve safety concerns
before their products are available for
use on public roadways. The Agency
recognizes that much emerging
automotive technology heavily involves
electronic systems (such as hardware,
software, sensors, global positioning
systems (GPS) and vehicle-to-vehicle
(V2V) safety communications systems).
The Agency acknowledges that the
increased use of electronic systems in
motor vehicles and equipment may raise
new and different safety concerns.
However, the complexities of these
systems do not diminish manufacturers’
duties under the Safety Act—both motor
vehicle manufacturers and equipment
manufacturers remain responsible for
ensuring that their vehicles or
equipment are free of safety-related
defects or noncompliances, and do not
otherwise pose an unreasonable risk to
safety. Manufacturers are also reminded
that they remain responsible for
promptly reporting to NHTSA any
safety-related defects or
noncompliances, as well as timely
notifying owners and dealers of the
same.
In assessing whether a motor vehicle
or piece of motor vehicle equipment
poses an unreasonable risk to safety,
NHTSA considers the likelihood of the
occurrence of a harm (i.e., fire, stalling,
or malicious cybersecurity attack), the
potential frequency of a harm, the
severity of a harm, known engineering
or root cause, and other relevant factors.
Where a threatened harm is substantial,
low potential frequency may not carry
as much weight in NHTSA’s analysis.
Software installed in or on a motor
vehicle—which is motor vehicle
equipment—presents its own unique
safety risks. Because software often
interacts with a motor vehicle’s critical
safety systems (i.e., systems
encompassing critical control functions
such as braking, steering, or
acceleration) the operation of those
systems could be substantially altered
by after-market software updates.
Additionally, software located outside
the motor vehicle (i.e., portable devices
with vehicle-related software
applications) could be used to affect and
control a motor vehicle’s safety systems.
If software has manifested a safety-
PO 00000
Frm 00116
Fmt 4703
Sfmt 4703
related performance failure, or
otherwise presents an unreasonable risk
to safety, then the software failure or
safety-risk constitutes a defect
compelling a recall.
In the case of cybersecurity
vulnerabilities, NHTSA will weigh
several factors in determining whether a
vulnerability poses an unreasonable risk
to safety (and thus constitutes a safetyrelated defect), including: (i) The
amount of time elapsed since the
vulnerability was discovered (e.g., less
than one day, three months, or more
than six months); (ii) the level of
expertise needed to exploit the
vulnerability (e.g., whether a layman
can exploit the vulnerability or whether
it takes experts to do so); (iii) the
accessibility of knowledge of the
underlying system (e.g., whether how
the system works is public knowledge
or whether it is sensitive and restricted);
(iv) the necessary window of
opportunity to exploit the vulnerability
(e.g., an unlimited window or a very
narrow window); and, (v) the level of
equipment needed to exploit the
vulnerability (e.g., standard or highly
specialized).
NHTSA uses those factors, and others,
to help assess the overall probability of
a malicious cybersecurity attack. The
probability of an attack includes
circumstances in which a vulnerability
has been identified, but no actual
incidents have been documented or
confirmed. Confirmed field incidents
may increase the weight NHTSA places
on the probability of an attack in its
assessment. Even before evidence of an
attack, it is foreseeable that hackers will
try to exploit cybersecurity
vulnerabilities. For instance, if a
cybersecurity vulnerability in any of a
motor vehicle’s entry points (e.g., Wi-Fi,
infotainment systems, the OBD–II port)
allows remote access to a motor
vehicle’s critical safety systems (i.e.,
systems encompassing critical control
functions such as braking, steering, or
acceleration), NHTSA may consider
such a vulnerability to be a safetyrelated defect compelling a recall.
Manufacturers should consider
adopting a life-cycle approach to safety
risks when developing automated
vehicles, other innovative automotive
technologies, and safety compliance
programs and other business practices
in connection with such technologies. A
life-cycle approach would include
‘‘elements of assessment, design,
implementation, and operations as well
as an effective testing and certification
program.’’ National Highway Traffic
Safety Administration, A Summary of
Cybersecurity Best Practices, (Oct.
2014), https://www.nhtsa.gov/DOT/
E:\FR\FM\01APN1.SGM
01APN1
asabaliauskas on DSK3SPTVN1PROD with NOTICES
Federal Register / Vol. 81, No. 63 / Friday, April 1, 2016 / Notices
NHTSA/NVS/Crash%20Avoidance/
Technical%20Publications/2014/
812075_CybersecurityBestPractices.pdf.
Considering hardware, software, and
network and cloud security,
manufacturers should consider
developing a simulator, using case
scenarios and threat modeling on all
systems, sub-systems, and devices, to
test for safety risks, including
cybersecurity vulnerabilities, at all steps
in the manufacturing process for the
entire supply chain, to implement an
effective risk mitigation plan. See id.
Manufacturers of emerging
technologies and the motor vehicles on
which such technology is installed have
a continuing obligation to proactively
identify safety concerns and mitigate the
risks of harm. If a manufacturer
discovers or is otherwise made aware of
any defects, noncompliances, or other
unreasonable risks to safety after the
vehicle and/or technology has been in
safe operation for some time, then it
should strongly consider promptly
contacting the appropriate NHTSA
personnel to determine the necessary
next steps. Where a manufacturer fails
to adequately address a safety concern,
NHTSA, when appropriate, will
explicitly address that concern through
its enforcement authority.
Applicability/Legal Statement: This
proposed Enforcement Guidance
Bulletin sets forth NHTSA’s current
views on the topic of emerging
automotive technology and suggests
guiding principles and best practices to
be utilized by motor vehicle and
equipment manufacturers in this
context. This proposed Bulletin is not a
final agency action and is intended as
guidance only. This proposed Bulletin
does not have the force or effect of law.
This Bulletin is not intended, nor can it
be relied upon, to create any rights
enforceable by any party against
NHTSA, the U.S. Department of
Transportation, or the United States.
These recommended practices do not
establish any defense to any violations
of the Safety Act, or regulations
thereunder, or violation of any statutes
or regulations that NHTSA administers.
This Bulletin may be revised in writing
without notice to reflect changes in the
Agency’s views and analysis, or to
clarify and update text.
Authority: 49 U.S.C. 30101–30103, 30116–
30121, 30166; delegation of authority at 49
CFR 1.95 and 49 CFR 501.8.
VerDate Sep<11>2014
17:25 Mar 31, 2016
Jkt 238001
Issued in Washington, DC, on March 25,
2016 under authority delegated pursuant to
49 CFR 1.95.
Paul A. Hemmersbaugh,
Chief Counsel.
[FR Doc. 2016–07353 Filed 3–29–16; 4:15 pm]
BILLING CODE 4910–59–P
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the
Currency
Agency Information Collection
Activities; Information Collection
Renewal; Submission for OMB Review;
Securities Exchange Act Disclosure
Rules and Securities of Federal
Savings Associations
Office of the Comptroller of the
Currency (OCC), Treasury.
ACTION: Notice and request for comment.
AGENCY:
The OCC, as part of its
continuing effort to reduce paperwork
and respondent burden, invites the
general public and other Federal
agencies to take this opportunity to
comment on a continuing information
collection, as required by the Paperwork
Reduction Act of 1995 (PRA).
In accordance with the requirements
of the PRA, the OCC may not conduct
or sponsor, and respondents are not
required to respond to, an information
collection unless it displays a currently
valid Office of Management and Budget
(OMB) control number.
The OCC is soliciting comment
concerning the renewal of its
information collection titled, ‘‘Securities
Exchange Act Disclosure Rules and
Securities of Federal Savings
Associations.’’ The OCC also is giving
notice that it has sent the collection to
OMB for review.
DATES: Comments must be received by
May 2, 2016.
ADDRESSES: Because paper mail in the
Washington, DC area and at the OCC is
subject to delay, commenters are
encouraged to submit comments by
email, if possible. Comments may be
sent to: Legislative and Regulatory
Activities Division, Office of the
Comptroller of the Currency, Attention:
1557–0106, 400 7th Street SW., suite
3E–218, mail stop 9W–11, Washington,
DC 20219. In addition, comments may
be sent by fax to (571) 465–4326 or by
electronic mail to prainfo@occ.treas.gov.
You may personally inspect and
photocopy comments at the OCC, 400
7th Street SW., Washington, DC 20219.
For security reasons, the OCC requires
that visitors make an appointment to
inspect comments. You may do so by
SUMMARY:
PO 00000
Frm 00117
Fmt 4703
Sfmt 4703
18939
calling (202) 649–6700 or, for persons
who are deaf or hard of hearing, TTY,
(202) 649–5597. Upon arrival, visitors
will be required to present valid
government-issued photo identification
and submit to security screening in
order to inspect and photocopy
comments.
All comments received, including
attachments and other supporting
materials, are part of the public record
and subject to public disclosure. Do not
include any information in your
comment or supporting materials that
you consider confidential or
inappropriate for public disclosure.
Additionally, please send a copy of
your comments by mail to: OCC Desk
Officer, 1557–0106, U.S. Office of
Management and Budget, 725 17th
Street NW., #10235, Washington, DC
20503, or by email to: oira_submission@
omb.eop.gov.
FOR FURTHER INFORMATION CONTACT:
Shaquita Merritt, Clearance Officer,
(202) 649–5490 or, for persons who are
deaf or hard of hearing, TTY, (202) 649–
5597, Legislative and Regulatory
Activities Division, Office of the
Comptroller of the Currency, 400 7th
Street SW., Washington, DC 20219.
SUPPLEMENTARY INFORMATION: The OCC
is proposing to extend OMB approval of
the following information collection:
Title: Securities Exchange Act
Disclosure Rules and Securities of
Federal Savings Associations.
OMB Control No.: 1557–0106.
Description: This submission covers
an existing regulation and involves no
change to the regulation or to the
information collection requirements.
The Securities and Exchange
Commission (SEC) is required by statute
to collect, in accordance with its
regulations, certain information and
documents from any firm that is
required to register its stock with the
SEC.1 Federal law requires the OCC to
apply similar regulations to any national
bank or Federal savings association
similarly required to be registered (those
with a class of equity securities held by
2,000 or more shareholders).2
12 CFR part 11 ensures that a national
bank or Federal savings association
whose securities are subject to
registration provides adequate
information about its operations to
current and potential shareholders,
depositors, and the public. The OCC
reviews the information to ensure that it
complies with Federal law and makes
public all information required to be
filed under the rule. Investors,
1 15
2 15
E:\FR\FM\01APN1.SGM
U.S.C. 78m(a)(1).
U.S.C. 78l(i).
01APN1
]]>Agencies
[Federal Register Volume 81, Number 63 (Friday, April 1, 2016)]
[Notices]
[Pages 18935-18939]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-07353]
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
National Highway Traffic Safety Administration
[Docket No. NHTSA-2016-0040]
Request for Public Comments on NHTSA Enforcement Guidance
Bulletin 2016-02: Safety-Related Defects and Emerging Automotive
Technologies
AGENCY: National Highway Traffic Safety Administration (NHTSA),
Department of Transportation.
ACTION: Request for public comments.
-----------------------------------------------------------------------
SUMMARY: Automotive technology is at a moment of rapid change and may
evolve farther in the next decade than in the previous 45-plus year
history of the Agency. As the world moves toward autonomous vehicles
and innovative mobility solutions, NHTSA is interested in facilitating
the rapid advance of technologies that will promote safety. NHTSA is
commanded by Congress to protect the safety of the driving public
against unreasonable risks of harm that may occur because of the
design, construction, or performance of a motor vehicle or motor
vehicle equipment, and mitigate risks of harm, including risks that may
be emerging or contingent. As NHTSA always has done when evaluating new
technologies and solutions, we will be guided by our statutory mission,
the laws we are obligated to enforce, and the benefits of the emerging
technologies appearing on America's roadways.
NHTSA has broad enforcement authority, under existing statutes and
regulations, to address existing and emerging automotive technologies.
This proposed Enforcement Guidance Bulletin sets forth NHTSA's current
views on emerging automotive technologies--including its view that when
vulnerabilities of such technology or equipment pose an unreasonable
risk to safety, those vulnerabilities constitute a safety-related
defect--and suggests guiding principles and best practices for motor
vehicle and equipment manufacturers in this context. This notice
solicits comments from the public, motor vehicle and equipment
manufacturers, and other interested
[[Page 18936]]
parties concerning the proposed guidance for motor vehicle and
equipment manufacturers in developing and implementing new and emerging
automotive technologies, safety compliance programs, and other business
practices in connection with such technologies.
DATES: Comments must be received on or before May 2, 2016.
ADDRESSES: You may submit comments by any of the following methods:
Internet: Go to https://www.regulations.gov and follow the
online instructions for submitting comments.
Mail: Docket Management Facility, M-30, U.S. Department of
Transportation, 1200 New Jersey Avenue SE., West Building, Room W12-
140, Washington, DC 20590.
Hand Delivery or Courier: U.S. Department of
Transportation, 1200 New Jersey Avenue SE., West Building, Room W12-
140, Washington, DC 20590 between 9 a.m. and 5 p.m. Eastern Time,
Monday through Friday, except Federal holidays.
Facsimile: (202) 493-2251.
Regardless of how you submit your comments, please mention the
docket number of this document.
You may also call the Docket at (202) 366-9322.
Instructions: All comments received must include the Agency name
and docket ID. Please submit your comments by only one means.
Regardless of the method used for submitting comments, all submissions
will be posted without change to https://www.regulations.gov, including
any personal information provided. Thus, submitting such information
makes it public. You may wish to read the Privacy Act notice, which can
be viewed by clicking on the ``Privacy and Security Notice'' link in
the footer of https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Justine Casselle, Office of the Chief
Counsel, National Highway Traffic Safety Administration, or Elizabeth
Mykytiuk, Office of the Chief Counsel, National Highway Traffic Safety
Administration, at (202) 366-2992.
SUPPLEMENTARY INFORMATION:
I. Executive Summary
II. Legal and Policy Background
A. NHTSA's Enforcement Authority Under the Safety Act
B. Determining the Existence of a Defect
C. Determining an Unreasonable Risk to Safety
III. Guidance and Recommended Best Practices: Safety-Related
Defects, Unreasonable Risk, and Emerging Technologies
I. Executive Summary
Recent and continuing advances in automotive technology have great
potential to generate significant safety benefits. Today's motor
vehicles are increasingly equipped with electronics, sensors, and
computing power that enable the deployment of safety technologies and
functions, such as forward-collision warning, automatic-emergency
braking, and lane keeping assist, which dramatically enhance safety.
New technologies may not only prevent drivers from crashing, but may
even do some or all of the driving for them. The safety implications of
such emerging technologies are vast. Importantly, as these technologies
become more widespread, manufacturers must ensure their safe
development and implementation.
To facilitate automotive safety innovation, to aid in the
successful development and deployment of emerging automotive
technologies, and to protect the public from potential flaws or threats
associated with emerging automotive technologies, NHTSA is publishing,
for guidance and informational purposes, this Enforcement Guidance
Bulletin setting forth the Agency's current view of its enforcement
authority and principles guiding its exercise of that authority. This
includes guiding principles and best practices for use by motor vehicle
and equipment manufacturers. NHTSA is not establishing a binding set of
rules, nor is the Agency suggesting that one particular set of
practices applies in all situations. The Agency recognizes that best
practices vary depending on circumstances, and manufacturers remain
free to choose the solution that best fits their needs and the demands
of automotive safety. However, to address safety concerns associated
with emerging technologies in a comprehensive way, and to advise
regulated entities of the Agency's present views of certain enforcement
subjects and issues, NHTSA submits this proposed Enforcement Guidance
Bulletin for public comment. Based on the Agency's review and analysis
of that input, it will develop and issue a final ``Enforcement Guidance
Bulletin'' on this topic.
II. Legal and Policy Background
A. NHTSA's Enforcement Authority Under the Safety Act
The National Traffic and Motor Vehicle Safety Act, as amended
(``Safety Act''), 49 U.S.C. 30101 et seq., provides the basis and
framework for NHTSA's enforcement authority over motor vehicle and
motor vehicle equipment defects and noncompliances with federal motor
vehicle safety standards (FMVSS). This authority includes
investigations, administrative proceedings, civil penalties, and civil
enforcement actions. While automation and other advanced technologies
may modify motor vehicle and equipment design, NHTSA's statutory
enforcement authority is general and flexible, which allows it to keep
pace with innovation. The Agency has the authority to respond to a
safety problem posed by new technologies in the same manner it has
responded to safety problems posed by more established automotive
technology and equipment, such as carburetors, the powertrain, vehicle
control systems, and forward collision warning systems--by determining
the existence of a defect that poses an unreasonable risk to motor
vehicle safety and ordering the manufacturer to conduct a recall. See
49 U.S.C. 30118(b). This enforcement authority applies notwithstanding
the presence or absence of an FMVSS for any particular type of advanced
technology. See, e.g., United States v. Chrysler Corp., 158 F.3d 1350,
1351 (D.C. Cir. 1998) (NHTSA ``may seek the recall of a motor vehicle
either when a vehicle has `a defect related to motor vehicle safety' or
when a vehicle `does not comply with an applicable motor vehicle safety
standard.' '').\1\
---------------------------------------------------------------------------
\1\ A manufacturer's obligation to recall motor vehicles and
motor vehicle equipment determined to have a safety-related defect
is separate and distinct from its obligation to recall motor
vehicles and motor vehicle equipment that fail to comply with an
applicable FMVSS. See 49 U.S.C. 30120.
---------------------------------------------------------------------------
Under the Safety Act, NHTSA has authority over motor vehicles,
equipment included in or on a motor vehicle at the time of delivery to
the first purchaser (i.e., original equipment), and motor vehicle
replacement equipment. See 49 U.S.C. 30102(a)-(b). Motor vehicle
equipment is broadly defined to include ``any system, part, or
component of a motor vehicle as originally manufactured'' and ``any
similar part or component manufactured or sold for replacement or
improvement of a system, part, or component.'' 49 U.S.C.
30102(a)(7)(A)-(B). The Safety Act also gives NHTSA jurisdiction over
after-market improvements, accessories, or additions to motor vehicles.
See 49 U.S.C. 30102(a)(7)(B). All devices ``manufactured, sold,
delivered, or offered to be sold for use on public streets, roads, and
highways with the apparent purpose of safeguarding users of motor
vehicles against risk of accident, injury, or death'' are similarly
subject to NHTSA's enforcement authority. 49 U.S.C. 30102(a)(7)(C).
[[Page 18937]]
With respect to new and emerging technologies, NHTSA considers
automated vehicle technologies, systems, and equipment to be motor
vehicle equipment, whether they are offered to the public as part of a
new motor vehicle (as original equipment) or as an after-market
replacement(s) of or improvement(s) to original equipment. NHTSA also
considers software (including, but not necessarily limited to, the
programs, instructions, code, and data used to operate computers and
related devices), and after-market software updates, to be motor
vehicle equipment within the meaning of the Safety Act. Software that
enables devices not located in or on the motor vehicle to connect to
the motor vehicle or its systems could, in some circumstances, also be
considered motor vehicle equipment. Accordingly, a manufacturer of new
and emerging vehicle technologies and equipment, whether it is the
supplier of the equipment or the manufacturer of a motor vehicle on
which the equipment is installed, has an obligation to notify NHTSA of
any and all safety-related defects. See 49 CFR part 573. Any
manufacturer or supplier that fails to do so may be subject to civil
penalties. See 49 U.S.C. 30165(a).
NHTSA is charged with reducing deaths, injuries, and economic
losses resulting from motor vehicle crashes. See 49 U.S.C. 30101. Part
of that mandate includes ensuring that motor vehicles and motor vehicle
equipment, including new technologies, perform in ways that ``protect[]
the public against unreasonable risk of accidents occurring because of
the design, construction, or performance of a motor vehicle, and
against unreasonable risk of death or injury in an accident.'' 49
U.S.C. 30102(a)(8). This responsibility also includes the
nonoperational safety of a motor vehicle. Id. In pursuit of these
safety objectives, and in the absence of adequate action by the
manufacturer, NHTSA is authorized to determine that a motor vehicle or
motor vehicle equipment is defective and that the defect poses an
unreasonable risk to safety. See 49 U.S.C. 30118(b) and (c)(1).
B. Determining the Existence of a Defect
Under the Safety Act, a ``defect'' includes ``any defect in
performance, construction, a component, or material of a motor vehicle
or motor vehicle equipment.'' 49 U.S.C. 30102(a)(2). It also includes a
defect in design. See United States v. General Motors Corp., 518 F.2d
420, 436 (D.C. Cir. 1975) (``Wheels''). A defect in an item of motor
vehicle equipment (including hardware, software and other electronic
systems) may be considered a defect of the motor vehicle itself. See 49
U.S.C. 30102(b)(1)(F).
Congress intended the Safety Act to represent a ``commonsense''
approach to safety and courts have followed that approach in
determining what constitutes a ``defect.'' Wheels, 518 F.2d at 436.
Accord Center for Auto Safety, Inc. v. National Highway Traffic Safety
Administration, 342 F. Supp. 2d 1, 15 (D.D.C. 2004); Clarke v. TRW,
Inc., 921 F. Supp. 927, 934 (N.D.N.Y. 1996). For this reason, a defect
determination does not require an engineering explanation or root
cause, but instead ``may be based exclusively on the performance record
of the component.'' Wheels, 518 F.2d at 432 (``[A] determination of a
`defect' does not require any predicate of a finding identifying
engineering, metallurgical, or manufacturing failures.''). Thus, a
motor vehicle or item of equipment contains a defect if it is subject
to a significant number of failures in normal operation, ``including
those failures occurring during `specified use' or resulting from
predictable abuse, but not including those resulting from normal
deterioration due to age and wear.'' \2\ Center for Auto Safety, 342
F.2d at 13-14 (citing Wheels, 518 F.2d at 427).
---------------------------------------------------------------------------
\2\ ``The protection afforded by the [Safety] Act was not
limited to careful drivers who fastidiously observed speed limits
and conscientiously complied with manufacturer's instructions on
vehicle maintenance and operation . . . . [the statute provides] an
added area of safety to an owner who is lackadaisical, who neglects
regular maintenance . . .'' Wheels, 518 F.2d at 434.
---------------------------------------------------------------------------
A ``significant number of failures'' is merely a ``non-de minimus''
quantity; it need not be a ``substantial percentage of the total.''
Wheels, 518 F.2d at 438 n.84. Whether there have been a ``significant
number of failures'' is a fact-specific inquiry that includes
considerations such as: The failure rate of the component in question;
the failure rates of comparable components; and the importance of the
component to the safe operation of the vehicle. Id. at 427. In
addition, where appropriate, the determination of the existence of a
defect may depend upon the failure rate in the affected class of
vehicles compared to that of other peer vehicles. See United States v.
Gen. Motors Corp., 841 F.2d 400, 412 (D.C. Cir.1988) (``X-Cars'').
Finally, to constitute a defect, the failures must be attributable to
the motor vehicle or equipment itself, rather than the driver or the
road conditions. See id.
It must be noted, however, that in some circumstances, a crash,
injury, or death need not occur in order for a vulnerability or safety
risk to be considered a defect. The Agency relies on the performance
record of a vehicle or component in making a defect determination where
the engineering or root cause is unknown. See Wheels, 518 F.2d at 432.
Where, however, the engineering or root cause is known, the Agency need
not proceed with analyzing the performance record. See id.; see also
United States v. Gen. Motors Corp., 565 F.2d 754, 758 (D.C. Cir. 1977)
(``Carburetors'') (finding a defect to be safety-related if it
``results in hazards as potentially dangerous as sudden engine fire,
and where there is no dispute that at least some such hazards . . . can
definitely be expected to occur in the future.''). For software or
other electronic systems, for example, when the engineering or root
cause of the vulnerability or risk is known, a defect exists regardless
of whether there have been any actual failures.
C. Determining an Unreasonable Risk to Safety
In order to support a recall, a defect must be related to motor
vehicle safety. United States v. General Motors Corp., 561 F.2d 923,
928-29 (D.C. Cir. 1977) (``Pitman Arms''). In the context of the Safety
Act, ``motor vehicle safety'' refers to an ``unreasonable risk of
accidents'' and an ``unreasonable risk of death or injury in an
accident.'' 49 U.S.C. 30102(a)(8). Thus, while the defect analysis has
generally entailed a retrospective look at how many failures have
occurred (see Wheels, Center for Auto Safety, and Pitman Arms), the
safety-relatedness question is forward-looking, and concerns the
hazards that may arise in the future. See, e.g., Carburetors, 565 F.2d
at 758.
In general, for a defect to present an ``unreasonable risk,'' there
must be a likelihood that it will cause or be associated with a ``non-
negligible'' number of crashes, injuries, or deaths in the future. See,
e.g., Carburetors, 565 F.2d at 759. This prediction of future hazards
is called a ``risk analysis.'' See, e.g., Pitman Arms, 561 F.2d at 924
(Leventhal, J., dissenting) (``GM presented a `risk analysis' which
predicts the likely number of future injuries or deaths to be expected
in the remaining service life of the affected models''). A forward-
looking risk analysis is compelled by the purpose of the Safety Act,
which ``is not to protect individuals from the risks associated with
defective vehicles only after serious injuries have already occurred;
it is to prevent serious injuries stemming from established defects
before they occur.'' Carburetors, 565 F.2d at 759 (emphasis added).
[[Page 18938]]
If the hazard is sufficiently serious, and at least some harm,
however small, is expected to occur in the future, the risk may be
deemed unreasonable. Carburetors, 565 F.2d at 759 (``In the context of
this case . . . even an `exceedingly small' number of injuries from
this admittedly defective and clearly dangerous carburetor appears to
us `unreasonably large.' ''). In other words, where a defect presents a
``clearly'' or ``potentially dangerous'' hazard, and where ``at least
some such hazards''--even an ``exceedingly small'' number--will occur
in the future, that defect is necessarily safety-related. See
Carburetors, 565 F.2d 754. This is so regardless of whether any
injuries have already occurred, or whether the projected number of
failures/injuries in the future is trending down. See id. at 759.
Moreover, a defect may be considered ``per se'' safety-related if it
causes the failure of a critical component; causes a vehicle fire;
causes a loss of vehicle control; or suddenly moves the driver away
from steering, accelerator, and brake controls--regardless of how many
injuries or accidents are likely to occur in the future. See
Carburetors, 565 F.2d 754 (engine fires); Pitman Arms, 561 F.2d 923
(loss of control); United States v. Ford Motor Co., 453 F. Supp. 1240
(D.D.C. 1978) (``Wipers'') (loss of visibility); United States v. Ford
Motor Co., 421 F. Supp. 1239, 1243-1244 (D.D.C. 1976) (``Seatbacks'')
(loss of control). Similarly, where it is alleged that a defect ``is
systematic and is prevalent in a particular class [of motor vehicles or
equipment], . . . this is prima facie an unreasonable risk.'' Pitman
Arms, 561 F.2d at 929.
III. Guidance and Recommended Best Practices: Safety-Related Defects,
Unreasonable Risk, and Emerging Technologies
Consistent with the foregoing background, NHTSA's enforcement
authority concerning safety-related defects in motor vehicles and
equipment extends and applies equally to new and emerging automotive
technologies. This includes, for example, automation technology and
equipment, as well as advanced crash avoidance technologies. Where an
autonomous vehicle or other emerging automotive technology causes
crashes or injuries, or has a manifested safety-related failure or
defect, and a manufacturer fails to act, NHTSA will exercise its
enforcement authority to the fullest extent. Similarly, should the
Agency determine that an autonomous vehicle or other new automotive
technology presents a safety concern, the Agency will evaluate such
technology through its investigative authority to determine whether the
technology presents an unreasonable risk to safety.
To avoid violating Safety Act requirements and standards,
manufacturers of emerging technology and the motor vehicles on which
such technology is installed are strongly encouraged to take steps to
proactively identify and resolve safety concerns before their products
are available for use on public roadways. The Agency recognizes that
much emerging automotive technology heavily involves electronic systems
(such as hardware, software, sensors, global positioning systems (GPS)
and vehicle-to-vehicle (V2V) safety communications systems). The Agency
acknowledges that the increased use of electronic systems in motor
vehicles and equipment may raise new and different safety concerns.
However, the complexities of these systems do not diminish
manufacturers' duties under the Safety Act--both motor vehicle
manufacturers and equipment manufacturers remain responsible for
ensuring that their vehicles or equipment are free of safety-related
defects or noncompliances, and do not otherwise pose an unreasonable
risk to safety. Manufacturers are also reminded that they remain
responsible for promptly reporting to NHTSA any safety-related defects
or noncompliances, as well as timely notifying owners and dealers of
the same.
In assessing whether a motor vehicle or piece of motor vehicle
equipment poses an unreasonable risk to safety, NHTSA considers the
likelihood of the occurrence of a harm (i.e., fire, stalling, or
malicious cybersecurity attack), the potential frequency of a harm, the
severity of a harm, known engineering or root cause, and other relevant
factors. Where a threatened harm is substantial, low potential
frequency may not carry as much weight in NHTSA's analysis.
Software installed in or on a motor vehicle--which is motor vehicle
equipment--presents its own unique safety risks. Because software often
interacts with a motor vehicle's critical safety systems (i.e., systems
encompassing critical control functions such as braking, steering, or
acceleration) the operation of those systems could be substantially
altered by after-market software updates. Additionally, software
located outside the motor vehicle (i.e., portable devices with vehicle-
related software applications) could be used to affect and control a
motor vehicle's safety systems. If software has manifested a safety-
related performance failure, or otherwise presents an unreasonable risk
to safety, then the software failure or safety-risk constitutes a
defect compelling a recall.
In the case of cybersecurity vulnerabilities, NHTSA will weigh
several factors in determining whether a vulnerability poses an
unreasonable risk to safety (and thus constitutes a safety-related
defect), including: (i) The amount of time elapsed since the
vulnerability was discovered (e.g., less than one day, three months, or
more than six months); (ii) the level of expertise needed to exploit
the vulnerability (e.g., whether a layman can exploit the vulnerability
or whether it takes experts to do so); (iii) the accessibility of
knowledge of the underlying system (e.g., whether how the system works
is public knowledge or whether it is sensitive and restricted); (iv)
the necessary window of opportunity to exploit the vulnerability (e.g.,
an unlimited window or a very narrow window); and, (v) the level of
equipment needed to exploit the vulnerability (e.g., standard or highly
specialized).
NHTSA uses those factors, and others, to help assess the overall
probability of a malicious cybersecurity attack. The probability of an
attack includes circumstances in which a vulnerability has been
identified, but no actual incidents have been documented or confirmed.
Confirmed field incidents may increase the weight NHTSA places on the
probability of an attack in its assessment. Even before evidence of an
attack, it is foreseeable that hackers will try to exploit
cybersecurity vulnerabilities. For instance, if a cybersecurity
vulnerability in any of a motor vehicle's entry points (e.g., Wi-Fi,
infotainment systems, the OBD-II port) allows remote access to a motor
vehicle's critical safety systems (i.e., systems encompassing critical
control functions such as braking, steering, or acceleration), NHTSA
may consider such a vulnerability to be a safety-related defect
compelling a recall.
Manufacturers should consider adopting a life-cycle approach to
safety risks when developing automated vehicles, other innovative
automotive technologies, and safety compliance programs and other
business practices in connection with such technologies. A life-cycle
approach would include ``elements of assessment, design,
implementation, and operations as well as an effective testing and
certification program.'' National Highway Traffic Safety
Administration, A Summary of Cybersecurity Best Practices, (Oct. 2014),
https://www.nhtsa.gov/DOT/
[[Page 18939]]
NHTSA/NVS/Crash%20Avoidance/Technical%20Publications/2014/
812075_CybersecurityBestPractices.pdf. Considering hardware, software,
and network and cloud security, manufacturers should consider
developing a simulator, using case scenarios and threat modeling on all
systems, sub-systems, and devices, to test for safety risks, including
cybersecurity vulnerabilities, at all steps in the manufacturing
process for the entire supply chain, to implement an effective risk
mitigation plan. See id.
Manufacturers of emerging technologies and the motor vehicles on
which such technology is installed have a continuing obligation to
proactively identify safety concerns and mitigate the risks of harm. If
a manufacturer discovers or is otherwise made aware of any defects,
noncompliances, or other unreasonable risks to safety after the vehicle
and/or technology has been in safe operation for some time, then it
should strongly consider promptly contacting the appropriate NHTSA
personnel to determine the necessary next steps. Where a manufacturer
fails to adequately address a safety concern, NHTSA, when appropriate,
will explicitly address that concern through its enforcement authority.
Applicability/Legal Statement: This proposed Enforcement Guidance
Bulletin sets forth NHTSA's current views on the topic of emerging
automotive technology and suggests guiding principles and best
practices to be utilized by motor vehicle and equipment manufacturers
in this context. This proposed Bulletin is not a final agency action
and is intended as guidance only. This proposed Bulletin does not have
the force or effect of law. This Bulletin is not intended, nor can it
be relied upon, to create any rights enforceable by any party against
NHTSA, the U.S. Department of Transportation, or the United States.
These recommended practices do not establish any defense to any
violations of the Safety Act, or regulations thereunder, or violation
of any statutes or regulations that NHTSA administers. This Bulletin
may be revised in writing without notice to reflect changes in the
Agency's views and analysis, or to clarify and update text.
Authority: 49 U.S.C. 30101-30103, 30116-30121, 30166; delegation
of authority at 49 CFR 1.95 and 49 CFR 501.8.
Issued in Washington, DC, on March 25, 2016 under authority
delegated pursuant to 49 CFR 1.95.
Paul A. Hemmersbaugh,
Chief Counsel.
[FR Doc. 2016-07353 Filed 3-29-16; 4:15 pm]
BILLING CODE 4910-59-P
