Skip to main content
European Commission logo
Shaping Europe’s digital future
Consultation results | Publication

Summary Report on the open public consultation on Connected and Automated Mobility (CAM)

The public consultation on Building Trust in Connected and Automated Mobility (CAM) ran from 24 October to 4 December 2018. This summary report takes stock of the contributions and presents preliminary trends that emerge from them, focusing on the quantitative aspects of the consultation input.

Objectives of the consultation

The objective of the consultation was to collect input and stakeholder views in order to prepare the work on the future policy agenda on connected and automated mobility. As part of a broader consultation process, this open public consultation was based on the actions proposed in the third Mobility package adopted in May 2017.
The consultation  aimed to identify the main challenges linked to the deployment of connected and automated cars today; namely cybersecurity threats and trust issues, data governance aspects (e.g. governance models; principles for car data sharing), privacy and data protection needs, as well as different aspects of technology needs such as the use of 5G commercial bands.
The consultation was open to the general public and relevant stakeholders including car manufacturers, connectivity providers, service providers, telecom providers, end-users, public authorities, health community and civil society organisations.
The consultation was divided into two sets of questions: a first set of questions addressed the general public, from citizens to specialised actors of the mobility ecosystem. The second set of questions addressed only specialised actors of the ecosystem, such as car manufacturers, connectivity providers, service providers, telecom providers, end-users, public authorities, civil society organisations and public authorities.
 

Who replied to the consultation?

A total of 630 responses received.
Figure 1 shows that the distribution of contributions among three main categories of respondents:
  • 469 citizens and end-users: e.g. taxi companies, consumer organisations, health organisations
  • 137 Businesses and association of businesses: e.g. automotive suppliers (Tier 1, Tier 2, …); automotive downstream market suppliers (aftersales, maintenance, Mobility as a Service); telecom providers, original equipment manufacturers (OEM), vendors (e.g. of vehicles or vehicle components), insurance companies, standardisation bodies, other (e.g. re-user of in-vehicle data outside of the automotive sector, such as data analytics)
  •  24 Public authorities: e.g. national or regional governments setting up the policies for the mobility sector, road authorities, MS certification body, municipalities

Figure 1: 74,4% of respondents were individuals, 21,7% were businesses, 3,8% were public authorities

Figure 1 - Categories of respondents

All three categories of respondents were represented by contributions of the main actors of the ecosystem:
  • Most relevant associations of consumers;
  • All relevant original equipment manufacturers (OEMs) and automotive suppliers;
  • Public authorities: ministries and road public authorities from 12 Member States (AT, BE, CZ, DE, EE, ES, FI, IT, LU, NL, PT, UK).
Figure 2 shows the distribution of responses along EU Member States.
The replies came from 22 EU Member States, and the largest number of responses came from Germany (50.01%), Italy (9.80%), Spain (8.50%) and France (7.7%).

50.01% of the replies came from Germany, 9.80% from Italy, 8.50% from Spain, 7,7% from France.
Figure 2 - Contribution EU Member States
 

Preliminary trends observed in the replies

Almost (92.2%) all the categories of respondents believe there should be regulatory measures in place to secure connected and automated vehicles against cyberattacks.
More than a third (33.7%) of all the categories of respondents believe that in order to increase cyber-security resilience of connected and automated cars, priority should be given to putting forward specific laws while 23.3% believe priority should be given to testing before deployment and/or to be given to certification (22.2%).
More than a third (38.1 %) of all the categories of respondents confirm they would share their car data with private companies in order to support the development of more digital car services despite privacy risks associated with data sharing e.g. information on parking slots, while 50.8% would not share their car data.
Consent to access in-vehicle data by public authorities to improve road safety would be given by 49.5% (312) of respondents but NOT by 42.2% (266) of respondents.
75% of all respondents confirm that it is important for them to be able to choose between different providers of value added in-vehicle services independent from the car manufacturer.
 
Without prejudice to the in-depth analysis of the replies to the open public consultation, we can observe the following trends per topic investigated:

Cybersecurity
  • Most of the industry actors (87.7%) agree on cybersecurity being essential to the safety of the vehicle ecosystem and that adequate, sector specific cybersecurity safeguards would increase trust and end-users’ acceptance in relation to connected and automated mobility.
  • The main security issues experienced by the industry actors are (respondents could choose several replies listed in this question) :
    • “Security issues introduced by 3rd party actors (e.g. actors having access to the data infrastructure)” - 50%
    • “Insufficient protection of the communication interfaces (including Internet and Radio) leading to unauthorized access to the car systems” - 45.28%
    • “Issues in relation to non-embedded software (e.g. of smart devices connected to the connected and automated vehicle)”- 38.68%
    • “Issues in contractual arrangements e.g. responsibilities are not clearly allocated among the various actors of the ecosystem” – 37.74%.
  • The majority of the industry actors (71.7%) agree on the need for cybersecurity pre-market tests to be further enhanced at EU level and that Cybersecurity should be included (65.1%) in the scope of the EU framework establishing (product) liability rules. OEMs are against both of these propositions.
  • The vast majority of industry also agrees (86.7%) that other actors of the mobility ecosystem  should be invited to take part of the cooperation mechanisms to discuss cyber matters established under the Network and Information Systems (NIS) Directive. From the various groups of industry respondents, Automotive downstream market suppliers, “other” and telecom providers are aligned with the overall findings of the question by strongly agreeing with the specific argument in the question (e.g. OEMs agree by 83.3%).
  • Almost unanimously, 90% of the end-users agree with the involvement of authorities in protecting the data infrastructure from cyber-attacks, and only 3.5% disagreed. This trend (76%) is also confirmed in relation to cyber-attacks aiming at manipulating vehicle apps data (e.g. GPS data).
  • End-users agree that EU, (national) public authorities and standardisation bodies have the most important role in setting cybersecurity rules (69%, 69%, 60% respectively).
  • Two third of end-users want to be involved in the implementation of the cybersecurity measures (43% strongly agrees and 23% agrees), such as software updates, password changes, firewall protections installations. One fourth, however, disagrees or strongly disagrees with this idea. Those who agree with the need of their involvement argue shortly that they can have confidence only if having control – others state the opposite: “Giving users freedom over the control and use of security measures could pose a threat to users”. It is worth mentioning a third type of answer, where respondents simply seek for transparency.
  • 90.6 % of end-users see the need for setting up specific mandatory cybersecurity rules/standards/certification schemes for connected and automated mobility.
  • Almost 75% percent of the public authorities filling in the questionnaire for this section agree that relevant authorities should cooperate in the field of cybersecurity for connected and automated mobility. More precisely, they point out that the relevant authorities should work on aligning their established approaches in the implementation of criteria used for identifying the operators of essential services for the road critical infrastructure across EU. Services not covered by the Intelligent Transport Systems (ITS) Directive (i.e. value-added, entertainment) may need additional cyber-security protection.
Data protection issues and Data governance
  • Almost all industry actors (98%) see business potential for the re-use of non-personal data in vehicle data. It appears that anonymous data related to the vehicle and its environment can be used to build new services related to prevention and maintenance, security and road safety, as well as any other services linked to the mobility ecosystem.
  • Most frequently used data sets when developing car digital services are: data concerning the functioning of the vehicle (39.6%) and other sets of data (41.5%), such as real-time in-vehicle data essential for enhancing Mobility-as-a-Service (MaaS).
  • A vast majority (69.9 %) of industry actors claim they process the data collected in accordance with data protection rules while 20.8% claim they anonymise some data sets. When asked, respondents do not clarify which data sets they use for each type of processing (personal/anonymised data), but when personal data are involved they claim to process them in relation to existent data protection rules.
  • 64.2% of the industry actors do not have experience with implementing Article 20 (“Right to portability”) of the General Data Protection Regulation (GDPR), while 35.8% (mainly OEMs) have.
  • More than half of industry actors (69.8%) believe that specific guidance on how to implement existing data protection rules (e.g. General Data Protection Regulation, ePrivacy Directive) in the context of connected and automated mobility guidance would be helpful, while only 15% do not agree. Out of the 18 OEMs replying to this question, 55.6% do not agree with this proposition.
  • Among the most preferred solutions for accessing in-vehicle data and resources at short/medium term, the following were the most listed by the industry respondents:  extended vehicle model via OEM back-end servers, neutral server model. Other solutions listed were: Secured Vehicle Interface+ “Open OBAP”, OBD2 port, Secure Vehicle Interface (SVI) concept.
  • 43.4% of the industry actors stated that they have encountered restrictions or disadvantageous situations in accessing or re-using in-vehicle data. This reply was most common among automotive downstream market suppliers (83%). No restrictions were encountered by 35.8 % of industry actors (among those 89% are original equipment manufacturers).
  • Those who were encountering restrictions expressed that under current conditions only car manufacturers have full access to in-vehicle data, which in their view creates a monopoly situation on the market.
  • 61% of the end-users would be willing to share with third-party service providers data concerning the state of the roads and 55% of them data concerning the functioning of the vehicle components regardless of the risks associated with the sharing of in vehicle data containing private information. 24%, instead, do not wish to share any in vehicle data with third-party service providers. For this question, respondents could choose among several reply options.
  • As for the sharing of in-vehicle data with public authorities for public interest purposes, the distribution of responses was almost equal, with slight preference for not sharing (34%), followed by conditional sharing depending on the public interest purpose (33%) and willingness to share (30%).
  • End-users would be willing to share data regarding traffic management (34% within the category concerned), followed by road maintenance (19%), and safety and security purposes (18%).
  • As for the preferred means to organise the sharing of personal data with a car manufacturer and other service providers, the majority of end-users (62.5 %) chose a control function. This could come in the form of a web-based dashboard or app allowing the user to define access to and usage of the data in terms of which data (or sub-sets of data) can be accessed.  Only 37.5% of end-users preferred sharing data using a physical device (e.g. smart phone-37.5%).

Technology

  • Among the industry respondents, only OEMs or telecommunication companies plan to develop equipment that would require specific radio spectrum (32.2%). Among them, 3.8% specified they would use 3.4-3.8 GHz radio spectrum, while those who claim they use other spectrum bands to develop connected and automated driving services refer to various frequencies like 700 MHz, 30 GHz or 5.9 GHz.
  • The 14 public authorities replying to this section are from Austria, Belgium, Czech Republic, Estonia, Italy, Finland, France, Luxembourg, Germany, Netherlands, Portugal, Spain, Sweden, and the United Kingdom.
  • The majority of respondents (58.33%) are in favour of promoting national cooperation and interoperability for testing and trialling connected vehicles. Half of them support the intra-national and/or cross-border pilot testing of connected and automated mobility. One third considers it important to regulate the automated and connected vehicle testing and deployment by paying attention to certain key elements like data (7 out of 8 replies), connectivity and licencing (6 out of 8 replies), as well as liability and safety (4 out of 8 replies). In addition, one third foresees to reserve and allocate spectrum band for testing network-connected transport systems and 5G-enabled connected and automated systems. 12.5% of the active respondents in the section selected not to reply.
  • The majority (60%) of national and regional governments responsible for setting up policies for the mobility sector highlight the importance of the intra-national and/or cross-border pilot testing.
  • In relation to Member States plans linked to the allocation of spectrum bands for connected and automated mobility services, one Member State (Estonia) claimed that potentially both 700 MHz and 3.4-3.8 GHz may be used, and that 700 MHz one is potentially associated with measures that are more restrictive. Another Member State (Austria) highlighted that the most important is that at least a frequency band shall be available. One government (Flemish) finances and participates in research on the spectrum band, but it remains in principle technologically neutral. It is pursuing a study to gain a better understanding of the performance, costs and potential constraints. According to another Member State (the Netherlands) the reservation and allocation of spectrum band for testing network-connected transport systems and 5G-enabled connected and automated systems must be taken at national or European level. Another Member State (the United Kingdom) states that it is up to an individual Member State to decide whereas another (Germany) thinks that it should be close to the regular frequencies.

Contributions

Contributions to the consultation are available (.xls).

Next steps

The Commission is carrying out an in-depth analysis of the replies received to the public consultation and still in a process of consulting stakeholders in a broader dialogue process, including through workshops. The results of these consultations will all feed into the Commission's proposals and discussions.
 
 

Download the report as a PDF

 

Last update

8 March 2021

Print as PDF