Nearly a year since its last workshop on autonomous-vehicle regulation, the California Department of Motor Vehicles has released draft regulations  for consumer-oriented self-driving cars. While patient deliberation is sometimes the best course of action to ensure one gets the details right, unfortunately, the draft regs fall disappointingly short of that goal.
The DMV’s summary  highlights four developments, all of them problematic.
Third-party vehicle testing and certification: The DMV will require that autonomous vehicles are certified by independent testing organizations. This level of review is far more extensive and potentially far more onerous than the process to which other vehicles in California are subject, even though there’s no evidence that autonomous vehicles pose any greater risk than traditionally operated vehicles. What’s more, unless subject to liberal interpretation, the standards proposed to certify these third-party testing bodies likely will be difficult to fulfill. No such organizations currently exist.
Licensed driver required in the vehicle: The rules create a new “operating certificate” for autonomous vehicles that AV operators will be required to maintain. But in addition to that, AV operators also will still be required to hold traditional driver’s licenses. More specifically, the rule states that an operator “must be capable of taking over immediate control in the event of an autonomous technology failure or other emergency.”
Essentially, this means California will demand that autonomous vehicles continue to possess manual driving controls. Not only will this complicate insurance considerations, but it also could compromise the very safety benefits the vehicles have been developed to achieve.
A prohibition on autonomous vehicle sales: The regulations flat-out ban the sale of self-driving cars to the public. While it’s unknown how manufacturers intend to distribute the vehicles, limiting them to only allow vehicles to be leased would effectively preclude many potential innovations that third parties could bring to these platforms.
Cyber-security warnings: Autonomous-vehicle manufacturers will have to notify operators of any “cyberattacks” on their vehicles. It’s not at all clear what would constitute a cyberattack, since the regulations offer no definition. Must the “attack” succeed? Or will manufacturers be required to notify operators of every failed attempt? This cyberattack map by Norse  provides a helpful illustration of how onerous such a standard could become.
There are, no doubt, other issues with the regulations, but thankfully, the DMV will host two public forums to hear these and other concerns. Precise times and locations for these workshops have not yet been posted, but they will be scheduled for Jan. 28, 2016 in Northern California and Feb. 2, 2016 in Southern California. We plan to submit comments and encourage others to do the same.
UPDATE (Dec. 17, 1:04 pm. ET): Edited to add  that the Jan. 28 forum will be 10 a.m. PT at the Harper Alumni Center at Cal State-Sacramento, 6000 J St. in Sacramento. The Feb. 2 forum will be 10 a.m. PT in the Junipero Serra Building, 320 West 4th St. in Los Angeles.
- “draft regulations”: https://www.dmv.ca.gov/portal/wcm/connect/ed6f78fe-fe38-4100-b5c2-1656f555e841/AVExpressTerms.pdf?MOD=AJPERES
- “DMV’s summary”: http://core0.staticworld.net/assets/2015/12/16/av-regulations-summary-12.16.15.pdf
- “cyberattack map by Norse”: http://map.norsecorp.com/
- “Edited to add”: https://www.dmv.ca.gov/portal/dmv/detail/pubs/newsrel/newsrel15/2015_63