United States: Overview Of California's Final Autonomous Vehicle Testing And Deployment Regulations – Fully Driverless Vehicles Permitted

Key Points

  • California's new regulations lay out the requirements for manufacturers to obtain permits to test and deploy autonomous-vehicles on public roads. The regulations enable manufacturers to test fully driverless vehicles and authorize the California DMV to issue driverless-testing and deployment permits as of April 2, 2018.
  • The Regulations eliminate provisions included in earlier drafts that limited manufacturer liability under certain circumstances (detailed in our  prior alert). To qualify for testing or deployment permits, however, manufacturers must provide proof of ability to meet $5 million in potential damages.
  • Included in the Regulations are some of the first rules in the Nation to address the collection of personal information by autonomous vehicles, as well as a requirement that vehicles meet applicable and appropriate industry standards for cybersecurity.

I. Introduction

On February 26, 2018, California's Office of Administrative Law (OAL) approved final regulations for the testing and deployment of autonomous vehicles. We reported on the regulations in a  prior alert. Already home to large autonomous vehicle testing facilities and key players in the industry, the new regulations may spur further development within California and could be a model for other states moving forward.

The regulations address (1) the testing of autonomous vehicles; and (2) the deployment of autonomous vehicles. The Regulations, among other things, permit fully driverless testing of autonomous vehicles on California roadways. The DMV has already issued testing permits for manufacturers using test drivers. On April 2, the Department of Motorvehicles (DMV) can begin issuing permits for driverless testing and for deployment of autonomous vehicles.

The new Regulations mark a dramatic change in California's stance toward autonomous vehicles when compared to the state's actions just a few years ago. In 2015, California regulators signaled that they might seek to supplant National Highway Traffic Safety Administration (NHTSA) leadership in this area by imposing strict controls on the testing of autonomous vehicles within the state. The California DMV initially proposed regulations that included restrictive requirements like mandating that all testing be carried out by independent third parties. This all began to change in 2016, after NHTSA issued its own guidelines. In September 2016, the California DMV issued revised draft deployment regulations, which were followed in March 2017 by proposed regulations to establish a path for both testing and deployment of autonomous vehicles. Those proposed rules shied away from many of the strict principles originally included just a couple years before. The March 2017 regulations set off a wave of public comments and revision that ultimately culminated in the final Regulations.     

The final Regulations recognize the preeminence of federal safety standards with regard to motor-vehicle safety on a broad scale. Under the Regulations, manufacturers must certify that their autonomous vehicles comply with all applicable Federal Motor Vehicle Safety Standards, or provide evidence of NHTSA exemption. In the deployment context, manufacturers also must certify that their autonomous technology meets standards for the vehicles' model year and does not make any federal safety standards inoperative, and that they have registered with NHTSA.

California's move to embrace driverless testing may be a signal of the state's desire to keep innovation in the field within its borders. States like Arizona have wooed companies with a more hands-off approach to regulation. Waymo, for example, began testing driverless autonomous vehicles on Arizona roads in October. There are also indications that some companies that began testing autonomous vehicles in California in 2016 moved their testing operations to other states in 2017 (e.g., Ford, Tesla).

II. Overview of Key Provisions in the Regulations

The restrictions in the Regulations apply to manufacturers of autonomous technology, which include both vehicle manufacturers that produce new autonomous vehicles and those who modify vehicles by installing autonomous technology. The Regulations apply to passenger vehicles and not to camp trailers, motorcycles, vehicles weighing more than 10,001 pounds, tour buses or vehicles transporting hazardous materials. CCR 227.28.

The DMV changed or deleted various sections between earlier drafts and the final version of the Regulations. Former Section 228.28, present in the October 2017 draft, but deleted from the final Regulations, would have relieved manufacturers of liability if their autonomous technology was modified in a manner not authorized by the manufacturer or if the vehicle was not properly maintained. Liability is addressed to some extent through requirements that manufacturers provide proof of their ability to pay damages up to $5 million resulting from the operation of autonomous vehicles on public roads, through either evidence of insurance, a surety bond or a certificate of self-insurance. CCR 227.04(c); 228.04. Elimination of the former Section 228.28, however, means that courts will address liability on a case-by-case basis, unless the legislature steps in and provides clarity.

Autonomous vehicles, particularly driverless vehicles, pose a special challenge to law enforcement and first responders. The Regulations recognize this challenge by requiring manufacturers to prepare a law enforcement interaction plan that details, among other things, how law enforcement and first responders should interact with the vehicle and how the vehicle will report who it belongs to and who is operating the vehicle. The plans must be updated on at least an annual basis. CCR 227.38(e); 228.06(c)(3). This aspect of the Regulations seeks to drive practical solutions for what exactly will occur when first responders find a crashed autonomous vehicle and need to know, for example, how to move the vehicle.

The Regulations include some of the first explicit restrictions on the collection and use of personal information in the autonomous-vehicle context. "Personal information" is defined as the "information that the autonomous vehicle collects, generates, records, or stores in an electronic form that is retrieved from the vehicles, that is not necessary for the safe operation of the vehicle, and that is linked or reasonably capable of being linked to the vehicle's registered owner or lessee or passengers using the vehicle for transportation services." CCR 227.02(l). In the testing context, a manufacturer must disclose to passengers what personal information may be collected and how it will be used. CCR 227.38(h). In the deployment context, a manufacturer has the option to either provide a written disclosure to the driver or passengers, or anonymize the personal information. CCR 228.24(a).1  It remains to be seen exactly what kind of information will be classified as "personal information."

III. Permit Application Requirements

A. Requirements for Testing Permits

There are four major prerequisites to testing autonomous vehicles on California roads: (1) the manufacturer must conduct the testing; (2) the vehicle must be operated by a competent and licensed test driver or remote controller who is an employee, contractor or designee of the manufacturer; (3) the manufacturer must provide the DMV with proof of its ability to satisfy judgments for potential damages in the amount of $5 million; and (4) the manufacturer must have a general or driverless testing permit. CCR 227.04. We include an overview of some of the driverless permit requirements here, given the importance of the issue:

  • Conducted Pre-Permit Testing – The vehicles have been tested under controlled conditions that simulate each operational design domain in which the vehicles will be operated and have been reasonably determined to be safe.
  • Notify Local Authorities – Manufacturers must notify authorities where the vehicles will be tested of the operational design domains of the vehicles, the public roads where the vehicles will be tested, the date that testing will begin and when it will be conducted, the number and type of vehicles that will be tested, and the contact information for the testers.
  • Two-Way Communication Link with Remote Operator – Driverless vehicles must be equipped with two-way communication links that provide the remote operator with general information on the vehicle and enables communication between the passengers and the remote operator in the event that there are any issues with the autonomous technology.
  • Process to Communicate Vehicle Information to Observer – There must be a way to display information on the vehicle in the event that there is a collision or it is needed by law enforcement.
  • Comply with Federal Standards or Exemption – The vehicle must comply with relevant federal motor vehicle standards, or it must have an NHTSA exemption.
  • SAE Level 4 or 5 and No Driver Needed – The vehicle must have capabilities that meet the description of an SAE level 4 or 5 automated driving system, with no driver present.
  • Remote-Operator Training – All remote operators must be licensed to operate the type of vehicle at issue and must complete specialized training provided by the manufacturer.  
  • Notification of Personal Information Collection and Use – Passengers must be notified of what personal information is collected from them and how it will be used.
  • Collect Autonomous System Disengagement Data – Manufacturers must collect data on the disengagement of autonomous technology (i.e., the failure of autonomous technology or a need for the remote operator to take control) and submit that data in an annual report.
  • Notify DMV Within 10 Days of Collision – Manufacturers must notify the DMV within 10 days of any collision caused by their vehicles if the collision causes damage, injury or death.
  • Cannot Charge Passengers a Fee – Manufacturers may not charge passengers a fee, nor receive any type of compensation, in exchange for rides in test vehicles.

B. Requirements for Deployment Permits

The requirements to obtain a deployment permit are more onerous than a driverless permit. We provide an overview of some of the key deployment-permit requirements below:

  • Autonomous Operation Parameters – The vehicles must not be able to operate in autonomous mode outside of the specific operational design domains disclosed in the application. Manufacturers must identify any conditions (e.g., fog, wet roads) under which their vehicles are either designed to be incapable of operating or unable to operate reliably.
  • Equipped with Autonomous-Technology Data Recorder – Vehicles must be equipped with a data recorder that captures and stores sensor data for all vehicle functions that are controlled by autonomous technology at least 30 seconds before a collision that occurs in autonomous mode. The data must be in read-only format and be retrievable through commercial means.
  • Compliance with Federal Standards or Exemption – Vehicles must comply with relevant federal safety standards (or have an NHTSA exemption) and with any standards for their respective model year. Manufacturers must register with NHTSA.
  • Designed to Comply with California Vehicle Code and Local Regulations – Autonomous technology must be designed to detect and respond to roadway situations in a manner compliant with the California Vehicle Code and applicable local regulations.  
  • Must Update Autonomous Technology – Manufacturers must update autonomous technology as needed, and at least annually, to ensure compliance with California and local vehicle regulations. They must also make available on a continual basis consistent with changes updates regarding location and mapping information utilized by a vehicle's autonomous technology. Registered owners must be told how to update their systems.
  • Must Meet Industry Cybersecurity Best Practices – Vehicles must meet appropriate and applicable current industry standards to help defend against, detect and respond to cyber-attacks, unauthorized intrusions or false vehicle control commands.
  • Must Conduct Testing and Be Satisfied Safe – Manufacturers must conduct tests and be satisfied from the results that their vehicles are safe for deployment. A summary of such testing must be attached to the permit application and describe testing locations, among other things.
  • Two-Way Communication Link with Remote Operator for Driverless Vehicles – Driverless vehicles must be equipped with two-way communication links, as required of test vehicles.
  • Must Comply with California Vehicle Code Section 38750(c)(1) – Manufacturers must comply with California Vehicle Code Section 38750(c)(1), which requires them to certify that their autonomous technology, among other things, includes a series of safeguards (e.g., an alert when a failure is detected), is easily accessible and has a separate data recorder.
  • Safety-Related Defects Must Be Disclosed – Manufacturers must disclose to the DMV any identified safety-related defects in their autonomous technology that creates an unreasonable risk of safety in compliance with related federal timelines and requirements.
  • Provide Consumer or End-User Education Plan – Manufacturers must provide a consumer or end-user education plan for all vehicles sold or leased by someone other than themselves.
  • Describe How to Meet SAE Level 3-5 Requirements – Manufacturers must describe how a SAE Level 3-5 vehicle will safely come to a complete stop when there is a technology failure.

IV.  Potential Import of New Regulations

California's passage of the final Regulations is likely to usher in an exciting period of innovation within the state and may spur the movement of autonomous vehicles into the everyday. It remains to be seen how courts will interpret these regulations once lawsuits are filed after these vehicles are inevitably involved in accidents. We will continue to monitor these issues and provide periodic updates.


1 If the vehicle is sold or leased, and data is not anonymized, a manufacturer must obtain the written approval of the registered owner or lessee of the vehicle.  CCR 228.24(b).  This may enable fleet operators to authorize the collection of personal information in their fleets after providing only a disclaimer to passengers.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Sign Up
Gain free access to lawyers expertise from more than 250 countries.
Email Address
Company Name
Confirm Password
Mondaq Newsalert
Select Topics
Select Regions
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions