Cybersecurity Issues of Autonomous Mobility on Demand: A Legal Perspective

The legal landscape surrounding cybersecurity challenges in Autonomous Mobility on Demand (AMOD) systems is complex. As autonomous vehicles increasingly connect to external networks and incorporate sophisticated sensors and control systems, they become vulnerable to novel cybersecurity threats that traditional automotive regulatory frameworks were not designed to address. The analysis begins by categorizing the unique cybersecurity risks in the AMOD ecosystem, including vehicle control system intrusions, data privacy breaches, communication network disruptions, and infrastructure-based attacks. The chapter distinguishes between safety-critical vulnerabilities that can directly endanger human lives and those that primarily threaten data privacy or system performance. A comprehensive review of existing and emerging legal frameworks addressing AMOD cybersecurity follows. A key contribution of this chapter is its analysis of liability regimes for cybersecurity incidents involving AMOD systems. Traditional legal principles of negligence, product liability, and strict liability need adaptation to address scenarios where software vulnerabilities, over-the-air (OTA) updates, or third-party interventions lead to accidents or data breaches. The chapter also explores emerging compensation models, including mandatory cybersecurity insurance requirements and no-fault compensation schemes. The discussion addresses the critical tension between transparency and security, noting how requirements for explainable AI and algorithm transparency must be balanced against the risk that disclosing security measures could create new vulnerabilities. Privacy considerations receive particular attention, examining how regulations apply to the vast amounts of personal data collected and processed by AMOD systems. The chapter concludes with recommendations for a harmonized legal framework that can effectively address cybersecurity risks while enabling innovation in the AMOD sector. These include adaptive regulatory approaches, industry standards development, international coordination mechanisms, and the integration of security-by-design principles into legal compliance requirements. An ongoing dialogue between technology developers, policymakers and legal practitioners must be encouraged to ensure that AMOD systems can realize their potential benefits while managing cybersecurity risks appropriately.