The Development of the Legal Framework for Autonomous Shipping: Lessons Learned from a Regulation for a Driverless Car

This article focuses on the regulation of maritime autonomous surface vessels from the perspective of international law of the sea. The article discusses on the possibility of developing a legal framework to regulate autonomous maritime navigation based on laws and regulation of autonomous driving of landed vehicles. The authors opine that existing legal framework does not conform to the goal of regulation of autonomous navigation. However, the regulation of autonomous car testing and exploitation could be imitated to design a new legal framework for autonomous shipping. Despite the divergent approaches, some principles remain in common particularly of cybersecurity and privacy. As computer systems are replacing the need of a master and crew for digitally managed ships, low level of cybersecurity implies an increase in risk of losing control over the vessel. The authors are of the opinion that that current legal acts, standards and their drafts do not pay necessary attention to the problem of cybersecurity of autonomous ships. Moreover, current legislations do not provide mechanisms of influence on behavior of shipowner and shipbuilder to make them apply the best measures. The similar situation is with privacy. Factually, an autonomous ship is a natural tool for surveillance, as to effectively navigate through the seas, it must collect and process information pertaining to navigational safety and other related matters. The question raises how this information has to be collected, kept, processed and deleted. Thus, the maritime community may consider adopting the approach on privacy from regulation for autonomous cars.


Introduction
One of the key features of a digital economy is that artificial intelligence (AI) is widely applied in all spheres of public and private life. Currently autonomous systems are used in healthcare, education and also in the military for the purpose of national security. The world is getting more and more dependent on AI that provides qualitatively new socio-cultural and industrial-technological development for the advancement of human civilization.
Based on expert opinions, one of the most promising areas of application of artificial intelligence in the future would be national and international systems of driverless automobile transport. The global self-driving cars and trucks market size is expected to be approximately 6700 units by the end of 2020. It is anticipated to expand at an annual growth rate of around 60% from 2021 to 2030. 1 The key challenge for such promising growth is an absence of adequate legal regulation (Kröger, 2020). States that claim leadership in this area have to enhance legal base to regulate testing and application of driverless cars. For instance, the legal framework for autonomous transport has already been developed in supporting the implementation of autonomous driving in the USA, China  all international cargo traffic and global oil shipment. 3 The use of autonomous vehicles in the area of marine transportation can bring enormous economic benefits by significantly reducing both the number of accidents at sea and the costs of paying for the ship's crew and other related costs (Meling, 2019). The advantages of autonomous ships are obvious, as they are often more accurate, more effective, and are not subjected to "the human factor". Such vessels could be cheaper to operate, and they can be consistently improved through software updates. Nevertheless, there have yet to be sufficient legal enhancements or developments in regulating autonomous navigation.

Maritime Autonomous Surface Ship
Maritime autonomous surface ships (MASS) are vehicles that are capable of some kind of self-propelled operation in the seas regardless of presence of ship crews onboard. It is a maritime vehicle that is equipped with the system of artificial intelligence and is effectively controlled by it. This "hype technology" is able to play different roles on board from a "digital navigator" to a cargo bot. Thus, artificial intelligence replaces the functions of a human crew in the operation of autonomous vessels.
MASS as a term is neither mentioned nor applied in any international conventions because most treaties on the law of the sea and maritime law were enacted when self-navigated vessels were far from reality. The global community has taken steps to develop legal definition of autonomous vessel. For instance, the International Maritime Organization (IMO) defines MASS as "a ship which, to a varying degree, can operate independently of human interaction". 4 This definition however may be subjected to modification depending on the development of autonomous shipping in maritime industry.
The IMO defines different types of automatization for vessels. The first type refers to ships with automated processes as well as decision support and is remotely controlled by seafarers on board. Secondly it refers to a remotely controlled ship without seafarers on board, or in other words, a fully autonomous ship. Some types of the provided classification could overlap with each other. For instance, a ship could be equipped with decision support as well as being remotely controlled at the same time. In this case the vessel simultaneously has two types of automatization.
In addition, from technical point of view, the terms "autonomous" and "remote" express different features of ship or other transport system. Being autonomous implies a capability to make a decision independently from human beings. The term "remote" is applied to describe a distant human control. Thus, among the types of autonomy are things that are related with human control. These classifications were the first attempt by the international maritime community to provide official definitions of different levels of ship automatization.
The absence of special legal acts addressing the issue of autonomous shipping does not imply that regulations do not exist. Professor Aldo Chircop of Dalhousie University suggests that one has to examine an issue of applicability of Law of the Sea Convention 1982 (LOSC) and other legal sources to regulate autonomous navigation (Chircop, 2017). Any international treaty, in particular the LOSC, could be interpreted in a progressive way (Arato, 2010). As such, the regimes of LOSC could be extended to include MASS.
There are opinions that a simple application of the LOSC rules to autonomous navigation is not possible (Chircop, 2017;Ringbom, 2019). The Convention does not consider a vehicle without a crew and a captain as ship. For instance, Article 29 of the LOSC defines "warship" as "a ship belonging to the armed forces of a State bearing the external marks distinguishing such ships of its nationality, under the command of an officer duly commissioned by the government of the State and whose name appears in the appropriate service list or its equivalent, and manned by a crew which is under regular armed forces discipline". 5 Thus, the provision directly includes the captain and the crew as necessary attributes of warship. Moreover, this rule implies that ship could not be fully autonomous without human control.
Autonomous shipping also raises a compatibility issue with Article 94 of the LOSC. The provision binds over every flag state to effectively exercise its jurisdiction. This includes taking measures necessary to ensure "that each ship is in the charge of a master and officers who possess appropriate qualifications, in particular in seamanship, navigation, communications and marine engineering, and that the crew is appropriate in qualification and numbers for the type, size, machinery and equipment of the ship." Thus, flag states obliged to exercise control over their ships via inspection of qualification of captain and crew. The provision again reflects human dependence on the provisions of the LOSC and its legal regimes.
Challenges to the application of the LOSC on autonomous navigation are not only formal. Conceptually all current law is strongly anthropocentric (Chesterman, 2020). Humans or their forms of organization as states or corporations are subject and object of norms. These norms factually are created, interpreted, and enforced by humans. For instance, if a sovereign state is regarded as a subject of international law and is bound by the LOSC, factually a captain or any other authorized persons who makes decisions should also comply with rules of the Convention.
Autonomous navigation implies a new intelligent subject and object of norms that could make decisions by itself. The question arises on how those decisions would comply with legal and moral rules. As Patrick Lin fairly commented on systems under control of AI "One natural way to think about minimizing risk of harm from robots is to program them to obey our laws or follow a code of ethics. Of course, this is much easier said than done, since laws can be vague and context-sensitive, which robots may not be sophisticated enough to understand, at least in the foreseeable future." (Lin, 2012, P.9). Thus, in contrast with human beings, smart machines are far from being moral and law-abiding.
Demonstrative example of the fact that law is conceptually developed for human beings and not to take into considerations for AI is as stipulated in Article 98 of LOSC. This Article claims that a captain is obliged to rescue people found at sea or distressed persons. This obligation has an exception when "a serious danger to the ship, the crew or the passengers" exists. The captain will assess this danger on the basis of an overall assessment of the situation, personal experience and intuition. How exactly one could program the AI to fit into this special case, particularly in interpreting the term "serious danger". As law is developed through human minds and experiences, it is therefore created by taking into considerations of human abilities, qualities, weaknesses, desires and other characteristics in regulating certain matters. The legal system pertaining to the law of the sea was developed during the centuries and was based on human distinctions such as feelings, intentions and consciousness. A human captain may know what is good and what is bad for his ship and his crew. Nevertheless, could a digital captain do the same?
Thus, the current law of the sea and maritime law do not work for autonomous navigation. The next subsection of the article discusses the development of a legal framework for an autonomous car on whether or not it could be extended to autonomous vessels.

A Legal Framework for Autonomous Driving
Autonomous driving is a technology that is much closer to an everyday application than an autonomous navigation.
Arizona is the only state in the United States of America (USA) that has simultaneously tested near to 600 cars equipped with digital brains. 6 Autonomous cars are still far from perfect as collisions and technical problems still persists. Despite the expansion of the industry of autonomous cars, the technological advancement of this machine has been delayed a number of times. This fact testifies that the technology is still not perfect and needs to be perfected.
Although the technology of autonomous car is still being developed,,there are a number of examples of specially designed legal Acts to regulate this matter at both domestic and international level.The leader of this area is the USA where more than 70 percent of states possess their own legislation on autonomous cars. The European Union as a whole has some legal initiatives in the sphere of autonomous driving regulation. Of course, there are similar enacted laws in Asian technological leaders (Taeihagh, 2019). Thus, in comparison with legal framework for autonomous navigation, driverless cars have specific legal rules designed for its application.
The USA has a very complicated system of legislation that is applicable to autonomous vehicle. It has non-binding federal legal framework. The US Department of Transportation with the National Highway Traffic Safety Administration (NHTSA) have developed the Federal Automated Vehicles Policy 7 to establish a normative base at a federal level. The Policy contains not only recommendations for car manufacturers and software companies but also acts as a guide for state legislator (Part "Model State Policy"). It covers a lot of different aspects of autonomous driving from safety to cybersecurity. Although the rules set out in the manual are not legally binding, manufacturers and software companies follow them to avoid being liable for negligence in case of a test crash (Vellinga, 2017).
The existence of Model State Policy in the Federal Automated Vehicles Policy does not mean that all states follow it. Moreover, at the time of publication of the Federal policy, some states already had their own legal framework in the field of regulation of testing of autonomous vehicles, often fundamentally different from the recommended standard. One of the most progressive states in the field of development of rules regulating testing of autonomous vehicles is California, where the famous Silicon Valley is located. The first law governing the testing of unmanned vehicles in the state was enacted in 2012, long before federal standards were developed. California Senate Bill 1298 authorizes the use of an autonomous vehicle on public roads by amending the Vehicle Code Division 16.6. Such kind of operations is permitted for the purpose of testing. It has to be carried out by a driver who has a driver's license for a definite vehicle type. Certain requirements must be met, including the fact that the driver must be in the driver's seat to monitor the safe operation of the vehicle and the driver must be able to intervene in the event of a technological error of the autonomous driving and other urgent cases.
The said law establishes requirements for companies in testing autonomous vehicles. It states that prior to testing in California on public roads, a company performing the testing must obtain an insurance instrument, proof of selfinsurance of five million dollars ($5,000,000) and provide proof of insurance. To test autonomous vehicle on public roads, a company has to get a permit from California Department of Motor Vehicle (DMV) and comply with all Federal Safety standards. A certificate indicating that the autonomous car is bound by California's traffic laws is also required. Moreover, the vehicle has to comply with international cybersecurity standards. 8 Thus, Californian legislators literally define any characteristics of autonomous transport pertaining to public safety, and security of passengers and their data.
Nonetheless, not all states follow the Californian way. Many large companies are testing their autonomous vehicles in Arizona (for example, companies like Google, Tesla, General Motors), which has a completely different approach to regulate the testing of this innovative mode of transport. Arizona has yet to amend the legislation. The basis of the autonomous transport testing regime is defined in Executive Order No. 2015-09 of the Governor of Arizona, 9 which imposes obligations on the state bodies to promote the development of this area. No special license is required for testing in the state, and the 2015-09 Executive Order has only three requirements that must be followed during testing. The first requirement mandates that the relation between the driver and the manufacturer of the vehicle has to be formalized (through employment contract, contract and the like). Secondly, the driver must have a real opportunity to intervene in a case of an emergency, and thirdly the driver must possess license and be permitted to drive the vehicle of this category.
The situation is similar in some European countries as well. In 2015 the Department for Transport of the United Kingdom developed a "The Pathway to Driverless Cars: A Code of Practice for Testing" 10 that contains guidance for companies intending to test automated and autonomous automobiles on public roads. This Code was updated in 2019 by another document "Code of Practice: Automated vehicle trialing" 11 . The old and the new Codes of Practice are not obligatory like the Federal Automated Vehicles Policy in the USA. The new Code of Practice covers different aspects of autonomous driving. Among the embraced issues are legal requirements, insurance, data access and protection, cybersecurity and other related matters.
The European Union has a common strategic framework for the introduction of autonomous transport on public roads that is defined in the communication from the European commission "On the road to automated mobility: an EU strategy for mobility of the future" 12 . In comparison with the EU Policy, the Federal level of the USA Policy focuses more on the key idea of strategy to achieve public safety (Taeihagh, 2019). The EU strategy, however, has almost disregarded privacy and cybersecurity issues because they are covered by GDPR (General Data Protection Regulations) that is applicable to all data in the region. 13 The European autonomous car testing is usually "confined to private streets" and "pre-defined routes" avoiding public roads (Nicola, 2018). European governments try to anticipate most of the risks before initiating wide trials of autonomous vehicle. For instance, the German government has started experimenting with safety standards before undergoing field-testing. 14 Thus, despite the different approaches in regulating the trials of autonomous cars, there are two conceptual ways regarding this. The first is when authorities defines all the requirements that autonomous car has to comply with. These requirements are mostly the mix of legal specifications of transport units with driver and demands on standard characteristics of IT systems (privacy, cybersecurity, reliability, accountability, among others). Both requirements imply that autonomous vehicle will not pose a threat to the people at large: their life and health as well property and social status. This approach is preferred by most of European countries, EU, many states in the USA (California as example), Singapore 15 and other states.
Contrary to the first approach, the second approach leaves the regulation with a lot of space for experiments. It is not strictly binding and is designed in a way so as not to impose regulations that are too stringent, or to have an excessively lenient stance on autonomous car safety. It is more focused in providing sufficient room for innovation. This approach is applied at the Federal level in the USA including some states (Arizona as an example) and China. It helps to support competitiveness and catalyzes introduction of autonomous cars on public roads.
A lot of attention in regulation of autonomous driving is focused on new challenges that are specific for an autonomous vehicle. Among them are issues that concern cybersecurity and of privacy. It is not a surprise that autonomous cars create more risks in these areas if compared to its conventional counterparts. Autonomous vehicles are controlled by AI. Therefore, passengers have to entirely depend on stability of the application of the system. Thus, regulations have to be developed aiming at defending passengers from cyber encroachments that may affect the safety of those on board.

Lessons Learned
First of all, a line has to be drawn between both technologies to ensure compatibility in formulating regulations for both spheres of autonomous vehicles. Legal regulation of driverless cars are mostly enforced domestically. However, autonomous shipping demands international legal framework as global maritime traffic moves all over the world. Therefore, this is not as simple as it seems as this involves international negotiations and treaties. For instance, the LOSC was negotiated from 1973 to 1982. It seems that a new Convention on autonomous shipping or amendments to LOSC to accommodate autonomous shipping may take similar period of time to materialize.
Autonomous driving is crucial in improving security of human life as autonomous land transport may potentially decrease the number of deaths on roads (Ramsey, 2015;Rex, 2017). Death counts caused by car accidents in recent years have approximately achieved 1.35 million worldwide (WHO, 2018). This has resulted in many countries enacting legislations to regulate road safety all across the world. In contrast, autonomous navigation is not subjected to deadly accidents 16 . Moreover, people on board vessels have some time to save their lives after an accident, for instance, after collision of ships. This is why maritime law and the law of the sea pay a lot of attention to availability of rescue equipment and rescuing in case of "a serious danger to the ship, the crew or the passengers" 17 . Thus, the differences in regulation in these two spheres of autonomous vehicles are clear -they are not entirely adaptable and compatible to each other.
At the same time there are obvious achievements in terms of development of legal norms for autonomous driving. First of all, there is understanding of nature of autonomous technology. As an artificial intelligence is the only driver, cybersecurity measures have to be standardized. In contrast, autonomous navigation has no legal framework in this sphere. The IMO has developed first an interim 18 and then a permanent standard for assessing cybersecurity risks 19 , but it can be said that these documents are outdated at the time of adoption, since autonomous ships are not mentioned in them (Rødseth, 2015). Most of the questions in cybersecurity sphere in case of autonomous navigation are not covered by the guideline (Katsikas, 2017 Vol. 13, No. 3; The document discussed above has a very general character. The guideline fairly supports this thesis claiming that "rapidly changing technologies and threats make it difficult to address these risks only through technical standards". 20 It implies that IMO Guidelines does not provide any real normative framework. Any reader can find a lot of basic phrases that could be applied in any sphere. It is rather a vision than a real guideline. Thus, the development of legal framework for cybersecurity of autonomous ships remains at an initial stage.
Probably the main disadvantage of IMO's method of cybersecurity regulation is an absence of any real mechanism to place influence on shipowners or shipbuilders. Shipbuilders and shipowners do not possess wide experience to fix cyber bugs and recalling of their vessels. Conversely, it is usual for car manufacturers to recall productions should cybersecurity problems persist. Sometimes more than millions of cars are recalled due to cybersecurity reasons. 21 Laws applicable to conventional and autonomous cars are strict in terms of cybersecurity as any damage caused by defective cars may lead to multimillion lawsuits and fines. Thus, the legal framework for the production of autonomous cars have strict rules and mechanism to be adhered to in their enforcement.
The situation is even worse with privacy. There are no documents at the international level that address the privacy issue in sphere of marine transport. Factually, an autonomous ship is a natural tool of surveillance, as to effectively navigate, it has to collect and process information about outward things. The question is how this information could be collected, kept, processed and deleted. In accordance to the European GDPR (General Data Protection Regulations) any operation with data that contains any personal information has to comply with strict rules. However, maritime transport has no legal act which is compatible with the GDPR to begin with.
One of the first merchant ships that navigate autonomously was a ferry designed to transport passengers and cars. 22 Press release of the test claims that "The Falco is equipped with a range of advanced sensors which allows it to build a detailed picture of its surroundings, in real time and with a level of accuracy beyond that of the human eye". 23 Most of the developed autonomous systems apply a computer vision that is able to recognize objects of real world (Trslic, 2020;Kim, 2019). It is obvious that such kind of vessel is able to collect gigabytes of information about passengers, about personal boats and yacht in the surrounding areas. Some states have rules concerning privacy but "the criminal jurisdiction of the coastal State should not be exercised on board a foreign ship passing through the territorial sea to arrest any person or to conduct any investigation in connection with any crime committed on board the ship during its passage". 24 As such, in case of infringements of privacy rights by a foreign ship, coastal states may not be able to intervene in any maritime zones of jurisdiction -neither in the territorial sea nor in the exclusive economic zone due to lack of jurisdiction.

Conclusion
In conclusion, it would be incorrect to say that autonomous shipping sphere has to apply the same legal framework developed for autonomous cars. This article displays the weaknesses of current and future legal regulation concerning autonomous vessels. There is a need to further examine the applicability of the LOSC and other legal sources to regulate autonomous navigation. However, this article demonstrates that a simple application of the rules of the LOSC to autonomous navigation is not possible. There are formal and conceptual barriers to applicability of current law of the sea in regulating autonomous navigation. The LOSC literally considers a crew and a captain as bearers of rights and obligation. Factually a captain or other authorized person on board the ship are bound by the rules of the Convention. Who will then be the bearers of rights and obligation for autonomous vessels?
The article concludes that in the sphere of autonomous maritime transport, it is important to replicate legislation used for autonomous vehicle. The main difference is a strong emphasis on cybersecurity and privacy for autonomous cars. A brief review of legal sources of law of the sea indicate that these issues have yet to be entirely addressed. There is a need to pay more attention to data safety and prevention of cyber encroachments. The artificial intelligence that controls the vessel should be regarded as a master of the ship and therefore has to be defended from attacks and system failures by strict standards of protection.