By Marty Stern
The National Highway Traffic Safety Administration (NHTSA) just released a Request for Public Comments on a proposed Enforcement Guidance Bulletin regarding “Safety-Related Defects and Emerging Automotive Technologies” focusing on software and connected car technologies. Comments are due May 2.
Most notably, the request for comments indicates that software can be classified as motor vehicle equipment under the Motor Vehicle Safety Act, which NHTSA administers. According to the release, “software that enables devices not located in or on the motor vehicle to connect to the motor vehicle or its systems could, in some circumstances” be considered motor vehicle equipment.”
In addition, the NHTSA indicates that both manufacturers of motor vehicles and suppliers of these “new and emerging vehicle technologies” have an obligation to notify NHTSA of safety-related defects, and are potentially subject to civil penalties for failure to make such notifications. The release also suggests that software in portable electronic devices “used to affect and control a motor vehicle’s safety systems” is also motor vehicle equipment. And where such software “has manifested a safety-related performance failure, or otherwise presents an unreasonable risk to safety” it is subject to the agency’s recall authority.
The release also includes a discussion of the NHTSA’s view of automotive cybersecurity vulnerabilities. NHTSA indicates that cybersecurity vulnerabilities could be considered a “safety-related defect” where, for example, a “vulnerability in any of a motor vehicle’s entry points (e.g., Wi-Fi, infotainment systems, the OBD-II port) allows remote access to a motor vehicle’s critical safety systems.” The item notes that in such circumstances, the NHTSA may consider such vulnerability to be safety-related, compelling a recall.