Newsletter (October 2020) │ Legal
Introduction
As part of a series of legislative revisions to address the practical introduction of “Level 3”[1] automated driving, the Road Transportation Vehicle Act (the “Act”) will introduce a regulation for “specific modification” of vehicle software through updates using telecommunication methods. It is anticipated that update by wireless telecommunications called Over-The-Air (OTA) will be actively utilized in the future, and the introduction of this regulation will have a considerable impact on related businesses. Since it is approximately one month until the enforcement date (see A14) of the amended Act, this newsletter provides a comprehensive discussion, in a Q&A format, regarding the regulations based on, among others, the relevant Ministerial Ordinance, Notification, and Administrative Rules for Examination.
Q1 What is the purpose of the new regulations?
A1 With the advancement of automotive technology in recent years, it has become possible to easily make changes and additions to the performance and functions of the software of large fleets of vehicles by updates of software installed in electronic control devices using telecommunication methods (both wireless and wired) after the vehicle has been purchased by its owner. In light of this, in harmony with global discussions especially in the United Nations European Economic Commission (UN/ECE) “World Forum on Automotive Standards Harmonization” (“WP29”), the Government of Japan planned to create a legal system to ensure that appropriate software updates and cyber security are being implemented during the use of a vehicle.
Q2 What were the previous rules for updating vehicle software?
A2 The previous rules did not focus on vehicle modifications due to the alteration of vehicle software including upgrades using telecommunication during the use phase. Instead, such modifications were regulated as a part of the rules regarding modifications in general and examining compliance with safety standards applicable to vehicles (i.e., technological standards for safety, pollution prevention and other environmental protection stipulated by the government).
Q3 What is the new approval requirement for the specific modifications?
A3 The new regulations will introduce an approval requirement (see A6) in which the Ministry of Land, Infrastructure, Transport and Tourism (MLIT) will examine whether the company’s organizational structure and processes related to its software updates and cyber security are compliant with prescribed standards. This approval will be required when a company’s software update falls under the category of a “specific modification” (see A5). Further, it imposes obligations, among others, to maintain such organizational structure and processes even after receiving approval (see A12).
In addition to the compliance with safety standards for vehicles that was formerly required, the new regulations also require compliance with standards related to the organizational structure and processes. The regulations introduce a process approval in addition to vehicle type approval.
Further, an approval to specific modifications should, in principle, be obtained for each alteration in software.[2] In addition, it is necessary to obtain an approval for each vehicle that is modified by alteration of the software pertaining to the application, while it is also possible to obtain the approval for each vehicle type that has already been designated and approved.[3]
Q4 Are “Level 2” automated vehicles also subject to the approval regulations?
A4 In a series of recent legislative revisions, Autonomous Driving Devices (ADD)[4] that enable Level 3 autonomous driving was added as a device which is subject to the safety standards. However, with the new regulations, the modification of a vehicle by alteration of the software installed to a device other than an ADD would also be considered as a specific modification. Thus, the application of these regulations is not limited to Level 3 or higher autonomous vehicles, and even making a modification to vehicles with Advanced Driver Assistance System (ADAS) by software alteration that enable Level 2 autonomous driving would be covered by under the regulations and prior approval would be required. Provided, however, that a vehicle without ADD is less regulated in application of these regulation (Q7(2), Q12).
Q5 What are the specific modifications that would require an approval?
A5 The amended Act defines the following activities as specific modifications that require an approval.[5]
(i) Modification of a vehicle due to alteration of software installed in an ADD or other device which is stipulated in the Ministerial Ordinance of MLIT where there is a risk that the vehicle will not comply with the security standards unless the software for the vehicle modification is appropriate in accordance with the method of using telecommunication lines and other methods stipulated by the Ministerial Ordinance of MLIT (“Direct Modification”).
(ii) The activity of providing software for vehicle modification to a vehicle user or other person by the method of using a telecommunication line or by any other method specified by the Ministerial Ordinance of MLIT for the purpose of having such user perform the modification prescribed in item 1 above (“Indirect Modification”).
The activity mentioned in (i) above means the alteration of the vehicle software by means of telecommunication that changes the function of each device (engine, handle, brake, etc.) of which device is regulated by the safety standards in the Ministerial Ordinance; unless it is obvious that such vehicle after modification complies with the safety standards. Therefore, software updates aimed at enhancing “infotainment” functions, such as browsing services, will not apply unless there is a change in the function of each such device.
The activity mentioned in (ii) above means the activity of providing software by using telecommunications or distributing electronic recording media (CD-ROM, etc.) to users, Maintenance Repair and Overhaul (MRO) service providers, etc., for the purpose of causing them to perform the activity mentioned in (i) above.
Q6 What are the requirements to obtain an approval for a specific modification?
A6 The amended Act requires the applicant to comply with the following criteria to obtain approval (Article 99-3, para. 3).
(i) The applicant must conform to the standards specified by MLIT with having sufficient “capability” and a “system” to properly implement the specific modification.
(ii) The vehicle modified by the alteration of the software pertaining to the application must conform to the safety standards.
Specifically, (i) requires the applicant to have the operational management capability necessary to ensure appropriate software updates and cyber security (“Capability Requirements”)[6] and also to have the organizational structure and processes necessary to properly implement the repair of any defects caused by software updates (“System Requirements”).[7] Also, the above (ii) requires that the software-updated vehicles comply with the safety standards conformity requirements (“SSCR”).[8] Further, MLIT may apply conditions and deadlines when granting an approval.[9]
Q7 What are the Capability Requirements? How will they be assessed?
A7 (1) Capability Requirements
The applicant must prepare a management system that complies with the technical standards of the Operation Management System for the Modification of Program (“SUMS Technical Standards”) and the technical standards for the Operation Management System for Cyber Security (“CSMS Technical Standards”) to establish an operation management system to ensure the appropriate management and reliability of modifications to the software and cyber security (Article 1, para.1 and Attachments 1 and 2 of the Notification which sets forth the details of the technical standards related to the approval for specific modification of vehicles (“Notification”)). However, the applicant who intends to engage in the activities stipulated in A5(ii) above does not need to satisfy the CSMS Technical Standards.
The content of these SUM Technical Standards, CSMS Technical Standards, and the preliminary certification system for Capability Requirements were taken from the respective UN Regulation adopted by WP29 on June 24 of this year.[10] Similar to the safety standards, these standards were introduced with the intention to harmonize with international standards.[11]
(2) Assessment
The applicant for the approval of a specific modification needs to be certified by MLIT in advance to satisfy their Capability Requirements.[12] MLIT grants certification of compliance to the standards to applicants who are deemed to satisfy their Capability Requirements, and such certificate is valid for three years.[13] When applying for an approval for a specific modification, the applicant needs to submit a copy of such certificate that is valid at that time to MLIT.[14]
MLIT has entrusted the role of assessing the certification of the Capability Requirements to the National Agency for Automobile and Land Transport Technology (“NALTEC”).[15] NALTEC determines whether the applicant’s operational management system complies with the SUM Technical Standards and CSMS Technical Standards based on the materials submitted by the applicant.[16] Assessment is conducted not only through the materials, but also by on-site inspections, and the period for the assessment is generally completed within eight weeks after the commencement of the review.[17]
Note that the Capability Requirements will not currently be assessed for vehicles that are not equipped with ADD.[18] Also, the CSMS Technical Standards will be partially exempt for vehicles equipped with ADD which are manufactured or type approved by 30 June, 2022.[19]
Q8 What are the System Requirements? How will they be examined?
A8 (1) System Requirements
The System Requirements are different from the Capability Requirements under which a company’s general organizational structure and processes are subject to review. Instead, the System Requirements of the applicant’s organizational structure and processes are reviewed for each individual software alteration and vehicle modification. Specifically, it is necessary to develop an organizational structure and processes in which the applicant oversees the management and improvement of the design and production of the software for vehicle modification, management and alteration of the vehicle software, cyber security of the vehicle that is modified by such alteration of the software (only for Direct Modifications), and process of rectifying any defects that occurred in the vehicle related to the modification in connection with the specific modification.[20]
(2) Examination
When applying for an approval, the applicant must attach to the application form a document certifying that the above structure and processes which satisfies the System Requirements are in place, including providing a quality assurance system chart.[21] Unlike the Capability Requirements and SSCR, MLIT will conduct the examination of the System Requirements.
Q9 What are the SSCR? How will they be examined?
A9 (1) Safety Standard Conformity Requirements
The SSCR are the requirements for vehicles to be modified upon each software alteration. Specifically, the structure, device and function of the part of the vehicle modified by the alteration of the software pertaining to the application must comply with the safety standards for each item of Article 40 of the Act and each of the devices listed in each item of Article 41, para.1 of the Act.[22]
For example, in the case of a vehicle equipped with an ADD of which software installed is to be updated to have the function of keeping the vehicle in a highway lane where the maximum speed during operation of the ADD is 60km/h or less, it is necessary to comply with Appendix 122 “Technical Standards for Automobiles Equipped with Low-Speed ADD on Expressways”.[23] Further, if such alteration modifies, among others, the function of the approved vehicle type and the applicant applies for an approval of the specific modification for each vehicle type (see A3), the applicant is also required to submit a document which certifies that it has received approval of the modified vehicle type.
(2) Examination
When applying for an approval, the applicant must submit a document certifying that the part of the vehicle that has been modified by the applied alteration of the software complies with the safety standards.[24] NALTEC will determine the conformity to the safety standards based on the materials submitted by the applicant and the vehicles presented. Generally, the period for examination is completed within six weeks after the commencement of the review.[25]
Q10 Who should apply for an approval for a specific modification?
A10 The party who intends to make the specific modification (see A5) (i.e., the party who alters the vehicle software directly by telecommunication), or the party who provides the software to a third party to make such alteration, will be the applicant for the approval for a specific modification. If there are multiple parties involved with the software update, there may be issues as to who should be the applicant as illustrated below.
(i) Various activities could be considered a specific modification, such as (a) where a vehicle manufacturer makes an alteration using software provided by an external vendor (such as a software vendor or a component manufacturer which component includes software) (“Vendor”), or (b) where a vehicle manufacturer provides software to an MRO service provider and such MRO service provider makes an alteration in accordance with the manufacturer’s instructions. For these activities, either the vehicle manufacturer, the Vendor or the MRO service provider could be considered as a party who made a specific modification and could be an applicant for approval.
However, as the applicant will modify the software in cooperation with contracted suppliers, service providers and/or suborganizations of the applicant, MLIT will be satisfied if the applicant takes its own responsibility to alter the software by fulfilling the above licensing requirements and also securing the compliance of the obligations of all the relevant parties to be involved with the alteration. Therefore, for example, it would not be necessary for Vendors or MRO service providers to obtain a further approval for software alterations if the vehicle manufacturers could obtain approvals by establishing their internal or external system organizations including entering into any required agreements with such Vendors or MRO service providers.
Whether the vehicle manufacturer who makes the MRO service provider alter the software will apply for a Direct Modification or an Indirect Modification may differ depending on the relationship between them, the responsibilities of each other, etc., but generally, the vehicle manufacturer would be considered applying for a Direct Modification as there would be less reason for not applying under the CSMS Technical Standards (see A7(1)).
(ii) Similar issues arise when an importer alters software provided by a foreign vehicle manufacturer. Similar to (i) above, the foreign manufacturer may become the applicant, but it may be difficult for it to communicate in a timely and proper manner with MLIT and/or NALTEC.[26] Also, as the applicant must comply with certain obligations after obtaining an approval (see A12), there is an issue with enforceability of such regulations to foreign manufacturers. Therefore, in fact, it would often be the case where the importer, not the foreign manufacturer, would be required to become the applicant. Note that to obtain the approval, the importer will be obliged to record and retain certain information of the software at its own facilities.[27] This means that, the importer will need to take the necessary measures to manage the information that it previously did not record and retain on its own (see A13(i)).
(iii) In addition, for Vendors who are applying for an approval, if they alter the software directly and not through the manufacturers or importers, they are required to submit a document certifying that consent has been obtained from the manufacturer or the importer and a document describing the details of such consent (including the scope of the vehicles to be modified by the alteration of the software and the implementation conditions of the specific modification pertaining to the application) together with the documents to be submitted for examination of the System Requirements (see A8(2)). The amendment to the Act also allows Vendors to apply for type designation (Article 2 of Vehicle Type Designation Rules) in order for them to apply for an approval for each vehicle type after obtaining the modified type approval.
Q11 Is it required to obtain an approval for specific modifications for alterations to software that have been handled through the recall process?
A11 Recall is conducted under Article 63-3 of the Act that requires notice to MLIT in advance to take the necessary improvement measures if the structure, device, or function of a vehicle under an approved type is or may be in compliance with safety standards, and whether the cause of such non-compliance is in the design or production process. Under this recall process, measures should be taken to reinstate the vehicle to the specifications of the designated type. If the scope of the planned software alterations remains within such scope, it would be sufficient to conduct such alteration under the recall process, and it would not be necessary to obtain a separate approval for the specific modification. On the other hand, when a software alteration is made during the recall process in a way that changes the specification of the vehicle for its designated type, an application for an approval for the specific modification may be required together with the prior notification for recall to MLIT.
Q12 What are the obligations to be imposed on the applicant?
A12 The applicant of the specific modification must be obliged to maintain compliance with standards related to the Capability Requirements and System Requirements and must comply with, among others, the following requirements:[28]
(i) Notify MLIT of any change in the items described in the application form and its attachments for approval.
(ii) Record the prescribed information concerning the applied alteration, such as the implementation status of the alteration of the software and retain said information at the facility of the applicant.
(iii) Take measures to ensure the cyber security of vehicles subject to the alteration of the software pertaining to the approval including monitoring, detecting and responding to cyber security threats and vulnerabilities (applicable only to the Direct Modification).
(iv) Providing the vehicle users with information on the purpose, contents, time required for the alteration and how to use the new function for the alteration of the software pertaining to the approval.
In addition, MLIT may collect reports or conduct on-site inspections of the applicant when MLIT finds it necessary in order to ensure the appropriate implementation of the specified modification by the applicant, and may issue an order to suspend the specified modification or revoke the approval when the applicant is found to have violated the above obligations.[29]
By imposing these obligations on applicants even after they are approved, it is aimed to ensure appropriate software updates and cyber security throughout the vehicle’s lifetime.
Currently, an applicant for a specified modification of a vehicle that does not equip the ADD will not be liable for the obligations described in (ii) to (iv) above.[30]
Q13 What is the applicant’s liability for any damages caused by updating the vehicle’s software?
A13 The amended Act does not provide for liability for any damages incurred by users or third parties arising from the implementation of a specific modification. Therefore, the liability of the applicant is determined in accordance with existing laws such as criminal law and civil law (including the Product Liability Law, etc.). However, this amendment may affect the applicant’s liability as follows:
(i) As noted above (see A12(ii)), the applicant will be obliged to record and maintain at its own facility certain information about the software to be altered. Also, the applicant must provide the process where the applicant is able to make such information available to MLIT and NALTEC.[31] For this reason, it will be required to provide certain information concerning the software for an audit by the authorities such as MLIT and such information can become the basis for criminal or administrative liability. Also, in some cases, it will be used as evidence by another party to a lawsuit to claim for product liability based on defects in the design of the software.
(ii) In addition, as described above (see A12(iv)), applicant is obligated to provide users with information about software alterations. If such obligation is not performed correctly, product liability, in addition to criminal or administrative liability, based on defects in the instructions and warnings of the software could also be claimed.
Q14 When is the effective date of the amended Act?
A14 The amended Act will be implemented from November 23, 2020. However, prior acceptance of applications for an approval began on August 23 of the same year.
Concluding remarks
This amendment attempts to resolve a practical issue for the handling of vehicle software updates after a vehicle is purchased by a customer by introducing a prior approval requirement for each update which in harmony with global discussions regarding this issue. Companies which are involved with such software updates need to have an accurate understanding of the framework of this regulation, consider the division of roles with other companies if working together for such update, and prepare the internal and external organizational structure and processes necessary for obtaining an approval. Since the amended Act has not yet been implemented, there are many uncertainties in the handling of relevant practical issues. Also, it is anticipated that the Notification will be updated from time to time based on global discussions. Therefore, it is necessary to continue to closely monitor the situation of both the legal framework and regulatory practices going forward.
(Published October 27, 2020)
******************
Sonderhoff & Einsell Law and Patent Office routinely provides legal advice related to AI, automated driving, IoT, CASE and MaaS, including advice on automobile-related regulations such as the Road Transportation Vehicle Act, contract drafting and amendment, negotiations, litigation and arbitration, employee training, and response to authorities.
The information provided in this document is only general information and does not provide specific professional advice. The views expressed in this newsletter are a personal one of the author and do not constitute a legal opinion of the firm. For inquiries, please contact Kengo Sakai, the author of this newsletter at: sakai@se1910.com
******************
| Sonderhoff & Einsell Law Patent Office
100-0005 1-6-2 Marunouchi, Chiyoda-ku, Tokyo Shin-Marunouchi Center Building 18th Floor |
Telephone +81-3-5220-6500
Fax +81-3-5220-6556 |
| https://se1910.com/ |
[1] As defined by the SAE International’s J3016 (September 2016) and its Japanese reference translation, JASO TP 18004 (February 2018).
[2] Statement of Mr. Okuda as a governmental expert in No. 9 of the Committee on Land, Infrastructure, Transport and Tourism (8 May, 2019) in No. 118 of the House of Representatives of the Government, “The details of modifications by alteration of software are different depending on the purpose of the modifications, and, in principle, it is necessary to confirm the appropriateness for each software. However, in the case of implementing multiple specific modifications under the same organizational structure and processes, it is not necessarily required to confirm the applicant’s organizational structure and processes individually for each software modification. Therefore, while we will strive to reduce the burden on the applicant by simplifying a portion of the related approvals, we would like to make every effort to maintain the organizational structure and processes of the individual who makes specific modifications to the automobile by conducting an appropriate post-audit of the individual who received the approval.
[3] Article 3, para. 1 of the Ministerial Ordinance.
[4] It is defined as follows: “A device which consists of a sensor to detect the conditions and surroundings at the time of operation of the vehicle and a computer and software which processes information transmitted from the sensor that is necessary to automatically operate a car based upon such software, has a function to substitute all of the abilities related to cognition, prediction, determination and operation of the person who operates the vehicle when it is used under the conditions determined by MLIT, and which is equipped with a device that records information necessary to confirm the operational state of the function” (Article 41, paragraph 2 of the Act)
[5] Article 99-3, para.1, items of the Act.
[6] Article 4, para. 1 of the Ministerial Ordinance.
[7] Article 4, para. 2 of the Ministerial Ordinance.
[8] Article 4, para.3 of the Ministerial Ordinance.
[9] Article 99-3, para. 2 of the Act.
[10] UN Regulation on SUMS Technical Standards:
https://undocs.org/ECE/TRANS/WP.29/2020/80
UN Regulation on CSMS Technical Standards:
http://www.unece.org/fileadmin/DAM/trans/doc/2020/wp29grva/ECE-TRANS-WP29-2020-079-Revised.pdf
[11] For SUMS technical standard, Section 7.1 of the relevant Regulation is directly translated, and for CSMS technical standard, Section 7.2 of the relevant Regulation and Table are directly translated, with a few adjustments to localize in Japan. For the prior certification system for capability requirement, Section 6 of the respective Regulation is introduced as Article 2 of the Ministerial Ordinance.
[12] Article 2, para.1 and 6 of the Ministerial Ordinance.
[13] Article 2, para. 5 of the Ministerial Ordinance.
[14] Article 3, para.3, of the Ministerial Ordinance.
[15] Article 99-3, para.8 of the Act.
[16] Article 2, para.3 of the Ministerial Ordinance.
[17] Administrative Rules for Examination Rules 2-5.
[18] Article 5 of the Notification, para.2 of the supplementary provisions of the Ministerial Ordinance.
[19] Article 2 of the supplementary provisions of Notification.
[20] Article 4, para.2 of the Ministerial Ordinance.
[21] Article 3, para.3, item 2 of the Ministerial Ordinance.
[22] Article 4, para.3 of the Ministerial Ordinance.
[23] Article 48 of the safety standards, Article 72-2, No.14 of the Notification for Details of Safety Standards for Road Vehicles, etc.
[24] Ministerial Ordinance, Article 3, para.3, item 4.
[25] Administrative Rules for Examination 2-4.
[26] For example, the foreign vehicle manufacturer would be required to be capable of proper communications with MLIT and NALTEC under 3.1.1 and 3.1.12 of the SUMS technical standards. Also, it would need to be capable of responsive and proper communications with MLIT regarding remedying any defects that occurred in the automobile which must be managed by the applicant under the System Requirements.
[27] Article 5, item 2 of the Ministerial Ordinance, Article 2 of the Notification, and A12.
[28] Article 99-3, para.4 of the Act; para.5 of the Act, Article 5 of the Ministerial Ordinance.
[29] Article 100, para.1, item 17, para.2, and Article 101 of the Act; Article 99-3, para 7 of the Act.
[30] Ministerial Ordinance, Article 5, para.2 of the supplementary provisions.
[31] SUMS Technical Standards 3.1.12.
