Digital business, autonomous systems and the legal challenges

By Dr. Markus Häuser, CMS Hasche Sigle, Munich

Download article as PDF

The buzzwords “Industry 4.0” and “digital business” represent the start of a complex transformational process that will deeply affect industry and society during the next decade. This transformation is based on the convergence of the real (analog) world and the virtual (digital) world by means of machineto- machine (M2M) communication, autonomous systems (for example, robotics) and the Internet of Things (IoT). The German government uses the term “Industry 4.0” as the title of a government project promoting the computerization of traditional industries and the creation of intelligent factories (smart factories) that will be supported by cyberphysical systems and the IoT. The digits “4.0” in Industry 4.0 stand for the fourth industrial revolution: the transition of production from digital processing to fully interconnected processes, products and services. It follows the evolution of production processes for tradable goods from manufacturing to industry production (the first revolution), the move from steam-driven machine production to electricity-driven production (the second revolution) and the shift from analog processing to digital processing and microelectronics (the third revolution). One of the major features of Industry 4.0 is the ability of machines and devices to communicate with each other without a human interface. M2M communication is the basis for intelligent production and logistics processes. The exchange of data between machines and devices creates a virtual network that is often called the IoT. The data exchanged between two or more machines or between machines and a centralized IT infrastructure derive from controls and sensors that measure various types of actions and conditions, including a vehicle’s GPS position, a car’s fuel level or the driver’s heart rate. All of these data are recorded and made part of the virtual network. Enormous amounts of data are generated, analyzed, processed and stored. This is why the terms “big data” and “smart data” can be heard everywhere today. M2M communication and smart data will make devices and machines more autonomous than ever before. The Google Car is one very popular example of this form of autonomy. The car without a steering wheel is the futuristic symbol for autonomous systems in everyday life and a good example of digital robotics. Sensors help the car recognize obstacles. GPS provides the position, and the Internet connection is a source of whatever information is needed. In addition, the car itself will be online and connected to other cars and infrastructure networks. At the same time, communication between humans and machines will be made much easier by advanced voice recognition and various forms of “wearables” (for example, Google Glass, interactive headphones and watches). Many IT specialists now predict that wearables will be the typical form of interface between humans and machines. Businesspeople are excited about the new possibilities of Industry 4.0, M2M and IoT, and talk about unbelievable growth potential. Business analysts like Gartner, Inc., believe that the economic impact of the IoT will exceed $14 trillion by 2022 with more than 20 billion globally connected devices (compared with 8 billion connected devices in 2014). While the number of desktop and mobile PCs is assumed to remain more or less stable, the number of interconnected IoT devices will markedly increase.

>> M2M communication, the Internet of Things and autonomous machines and devices pose many new and interesting legal challenges and questions <<

But the enormous amounts of data (big data) generated by M2M communication and analyzed by the latest software and the newest generations of Industry 4.0 computers and the challenging capabilities of autonomous systems and machines are something more than the stuff of business executives’ dreams. They also form the basis of many new and interesting legal challenges and questions. German and European lawmakers, judges and legal advisors will have to find answers to these questions in order to provide business and industry with a clearly defined legal framework for their investments in the research and development of Industry 4.0 products and services. The legal debate surrounding these new questions is just beginning. Major issues being discussed include data ownership (and, of course, data privacy and protection), regulatory issues concerning new Industry 4.0 products and liability questions regarding the actions of autonomous machines and devices.

Data ownership

One common characteristic of Industry 4.0 and digital business is their generation and use of an enormous amount of data. Many companies make substantial investments in the development of new storage and processing capacities for such data and the creation of new intelligent analysis tools and software. Analyzing data and turning it from “big data” into “smart data” involve transforming information into knowledge that is filled with business value. For this reason, these companies want to ensure that such data (even if they are not personal data or personalized data) can be legally protected and that the companies that create and analyze such data can claim property rights to them. Typically, European and national laws distinguish between tangible property and intellectual property rights. Examples of intellectual property rights (that is property rights in non-tangible goods) are patent rights, trademark rights and copyrights. Data, or information, are neither tangible objects nor are the subject of protection under statutory intellectual property rights. Therefore, data are currently not protected by a dedicated property right, and there is no such thing as legal “ownership” of data. In Germany and in many other jurisdictions, data are only protected to the extent that such data represent a business or trade secret, consist of personal or personalized data or constitute a database. Furthermore, some jurisdictions, including Germany, provide protection against criminal offenses like data espionage, phishing or alteration of data. The fact that European and national laws, however, do not treat data as an object that, regardless of its content or storage medium, can be owned or traded is often seen as a hindrance to investments in Industry 4.0 technologies. For this reason, some authors of recent legal literature try to establish an ownership-like protection of data, for instance, through the analogous application of statutory provisions that grant ownership rights in tangible objects. In Germany, other legal experts claim that data can be protected in accordance with the rights granted by the German statutory law regarding the possession (Besitz) of goods. It is doubtful whether the advocates of ownership rights in data will gain much support from lawmakers and judges. For the sake of economic prosperity, the German legal system—and those of many other European countries—is not designed to protect ideas or information in general. Information is and will remain a free good. Protecting data by establishing an ownership right in data might cause more harm than good. Such an ownership right would be designed to protect investments made in the digital business and Industry 4.0 sector but might negatively affect the free use and exchange of data. The opportunity of using and exchanging data without being impaired by ownership rights can be the basis for further innovations and inventions in the digital arena. With regard to the protection of investments made by Industry 4.0 and digital business companies, these companies will have to work with their legal advisors to protect their innovations and inventions by means of intellectual property rights, for example, copyrights for software or patent rights for inventions.

Regulatory issues

As stated earlier, M2M communication and advanced computing systems will facilitate the development of complex autonomous systems. The use of such autonomous systems will make it necessary for European legislators to amend existing regulatory laws and possibly to create new ones. One good example of current regulatory hurdles is the heavily regulated approval process for road vehicles. It will have to be substantially modified to reflect future developments and the use of autonomous vehicles such as the Google Car. Current EU directives and regulations issued by the United Nations Economic Commission for Europe regarding road vehicles do not allow fully automated processes like autonomous steering systems. A small step in this direction was made in May 2014 by an amendment to the Vienna Convention on Road Traffic (VCRT), an agreement covering standard traffic rules. The basic principle implemented in this convention states that “drivers shall at all times be able to control their vehicles.” The May 2014 amendment allows the use of autonomous systems under the condition that they can be overridden or switched off by the driver. The impact this step will have on EU and national law is not yet clear. While the latest amendment to the VCRT is a first step in the direction of allowing autonomous driving systems, many additional steps will be necessary before the use of autonomous driving technologies will be permitted on public roads.


If devices and machines (vehicles and robots for instance) communicate and interact with each other and if they are increasingly capable of acting on their own, legal questions regarding the responsibility for damage and injuries caused by such autonomous devices and machines will arise. The German legal system, like many others, distinguishes between different concepts of liability.

>> While Industry 4.0 may have a large impact on many fields of law, it remains to be seen when and to what extent national or EU legislators will spring into action <<

The most fundamental distinction is the one among reliance-based, fault-based and strict (non-fault-based) liability. While fault-based and reliance-based liability concepts both focus on human behavior, the concept of strict liability is typically based on the realization of a special risk. This risk may arise from the operation of a machine. The German Road Traffic Law establishes the strict liability of a car owner (registered car owner) for damage caused while the car is in use. This is a good example of strict liability (similar liability is established in Air Traffic Laws for the use of airplanes). While the use of a car is legally permitted, such use comes with the inherent operational risk that people might be injured or killed in an accident or that other cars might be damaged. This example demonstrates that the concept of strict liability seems to be a suitable concept regarding the responsibility for the actions (or omissions) of autonomous systems. While the use of such systems might be legally permitted, their use comes with the inherent risk of malfunction. Consequently, the user or owner of such autonomous systems should be responsible and liable for any damage caused by the system. The financial risk arising from such liability could be covered by a respective insurance policy. It can therefore be expected that, as a greater number of autonomous systems are developed and used, more laws and regulations will be written to establish a strict liability of the users or owners of such systems. While the current operational risk arising from the operation of a machine encompasses human error as well as machine failure, an increasing degree of automation will gradually lower the risk of human error and the operational risk will progressively be limited to machine malfunctions. The elimination of the risk of human error is one aim behind the development of autonomous systems such as self-driving cars. Nevertheless, when using autonomous machines and devices, fault-based liability of the user might still be necessary when it comes to typical failures of the user, for example if damage is caused because the user did not heed the device’s security information.


M2M communication, the IoT and autonomous machines and devices as part of Industry 4.0 hold amazing business opportunities. At the same time, these advances create new legal challenges that will have to be addressed by legislators, judges and legal advisors. The legal discussions regarding these challenges are just beginning, and jurisdiction is still rare, if existent at all. While Industry 4.0 may have a large impact on many fields of law, it remains to be seen when and to what extent national or EU legislators will spring into action, especially with regard to liability and regulatory issues as well as questions of data ownership.

Aktuelle Beiträge