The Bureau of Infrastructure and Transport Research Economics forecasts that 2.6% of all new passenger vehicles in Australia will be highly or fully automated by 2030, with that number reaching 50% by 2046. Integrating autonomous vehicles (AVs) into Australia’s transportation network and the advancement of AV technology will require significant changes and reform to Australian regulatory frameworks and liability standards.  We examine the critical areas where change is needed including regulation, safety, liability, insurance, data privacy, cybersecurity, and telecommunications.

In broad terms, the existing regulatory framework in Australia does not permit the in-service operation of fully autonomous vehicles on public roads, and, unsurprisingly, current road rules and vehicle standards were not designed with AVs in mind. To address these regulatory gaps, the Department of Infrastructure, Transport, Regional Development, Communications and the Arts (the Department), along with the National Transport Commission, are working with state and territory governments to develop a new national framework, including the enactment of the Automated Vehicle Safety Law (AVSL) and complementary changes to state and territory and Commonwealth legislation. The AVSL is expected to be implemented in 2026 and will cover various forms of remote operations, including remote driving, remote automated driving system (ADS) assistance, vehicle monitoring, and passenger support.

The AVSL will seek to place responsibility for the safety of an ADS on Automated Driving System Entities (ADSEs) and not the human drivers. ADSEs that develop AVs will need to ensure AVs comply with national road standards and follow safety obligations. It is also likely that AV will be subject to registration, roadworthiness and licensing requirements similar to conventional vehicles, although the rules around secondary activities (such as mobile phone use) while driving remains unclear. It is expected that ADSEs that operate commercial and public passenger transport businesses that provide AVs for hire will be subject to existing passenger transport laws, and crash investigations will likely involve engagement from AV regulators. Operators will also be responsible for compliance with safety standards and ongoing updates to safety procedures. The new regulatory framework is also expected to address liabilities for those repairing, maintaining or modifying AVs.

Existing motor accident injury insurance schemes, which are based on the principle that there is a human driver, will need significant revisions to ensure that victims of AV-related accidents can access compensation. Key adaptations to existing schemes may include expanding no-fault schemes, shifting towards first-party insurance models, and focusing on product liability to address potential defects in AV systems (including ADSs). Policies may also redefine "driver" to include AV systems, require mandatory insurance for AVs, and establish dedicated compensation funds. As mentioned above, the introduction of AVs will likely cause a shift in liability from individual drivers to manufacturers, software developers, and operators, which will require new fleet insurance models and increased cyber liability coverage. Insurance companies will need to develop enhanced risk assessments and collaborative insurance products, while AV operators will need to navigate different insurance and lability regimes across multiple jurisdictions.

To operate effectively, AVs gather extensive data, including location information, sensor readings, and passenger personal data, raising critical privacy law concerns. Data captured on ADSs is likely to constitute personal information, bringing it under the purview of privacy and data protections at the state, territory and Commonwealth levels. Companies operating AVs:

  • with an annual turnover exceeding $3 million;
  • that are health service providers that collect and hold health information;
  • that trade in personal information;
  • that are contractors providing services under Commonwealth government contracts;
  • that are related entities to companies that meet the $3 million threshold; or
  • that have otherwise volunteered to comply,

must comply with Australian Privacy Principles, which mandate that only personal information relevant to their functions and activities is collected, individuals are informed about usage of their personal information, and personal data is securely maintained.

ADSEs will need to enhance data collection notices, establish robust consent mechanisms, and implement data minimisation and retention practices, and may additionally owe data-sharing obligations to regulatory bodies, law enforcement, and local authorities to ensure compliance and public safety while protecting user privacy.

AVs can be vulnerable to a wide variety of cybersecurity attacks, which can pose serious safety risks to passengers and the public. Hacking of vehicle control systems, manipulation of sensor data, denial of service attached on communication systems and theft of personal data can severely compromise safety. The forthcoming AVSL is expected to include provisions against unauthorised interference and impose data management obligations for recording and storing operational data related to AV systems.

It follows that ADSEs will need to implement enhanced security measures, including robust protocols and incident response plans designed for AV systems. Regular security audits and effective supply chain security will be important, along with obtaining specialised liability insurance for cyber incidents and educating users on cybersecurity best practices.

AVs use mobile networks to share data and communicate to and between drivers, as well as roadside infrastructure and other wireless services, bringing AVs within the purview telecommunications regulations in Australia. As considered by the Department in its 2023 consultation on ‘Telecommunications Legislation and Connected Vehicles’, amendments may be needed to telecommunications regulations to ensure that existing key definitions and obligations for Carriage Service Providers (CSPs) apply appropriately to AVs. This includes considering which ADSEs may be considered a CSP, and if so, whether existing compliance standards for CSPs are appropriate for managing those ADSEs.

Conclusion

In summary, the integration of AVs into Australia’s transport landscape will necessitate comprehensive reforms across regulation, safety, liability, insurance, data privacy, cybersecurity, and telecommunications. Operators in any part of the AV ecosystem will need to stay apprised of developments ahead of time to ensure that decisions around investment in AV projects are based on the expected legislative state of play in Australia.


Key contacts

Nicholas Carney photo

Nicholas Carney

Partner, Head of Infrastructure Sector, Sydney

Kwok Tang photo

Kwok Tang

Partner, Head of Technology, Media and Telecommunications Sector, Sydney

Clare Hubert photo

Clare Hubert

Senior Associate (Australia), Singapore

Aaron White photo

Aaron White

Partner, Head of Technology, Media and Telecommunications, Asia and Australia, Brisbane

Stay in the know

Receive timely insights and briefings from HSF Kramer, tailored to keep you informed and ahead

Subscribe now
Sydney Australia Perth Brisbane Melbourne Connected and autonomous vehicles Automotive Roads Infrastructure Autonomous Vehicles Infrastructure Nicholas Carney Katherine Gregor Kwok Tang Clare Hubert Aaron White Christopher Cross