Modern Law of Marine Insurance Volume Five, The

Professor D; Rhidian Thomas

Document

CHAPTER 2 Page 22

Insuring remote-controlled and autonomous shipping: A paradigm shift in law and insurance markets required?

Barış Soyer

Introduction

2.1 Various projects aiming to put surface vessels that have capability to be operated remotely or even autonomously into commercial use have been ongoing for some time.1 Developing appropriate technology is only one side of the equation. For such vessels to be able to legally operate in international waters, it is essential that maritime law rules, which are naturally drafted to reflect how ships are operated today by a crew on board, need to be amended. This is already in motion,2 though it is believed that this will be a lengthy process which will realistically not materialise at least until the next decade. Until that day, the use of such vessels will be restricted to territorial waters of states where they have jurisdiction to make appropriate regulation whilst waiting for the emergence of international rules in this field.3 2.2 A fair amount of ink has already been spilt deliberating the manner in which maritime rules could be reformed to facilitate this technological development.4 This chapter

Page 23

aims to focus on a different question: To what extent are remote-controlled and autonomous vessels insurable within the current parameters of law and market practice? This is an important question, as the cost of operating such vessels, including the cost of risk shifting through insurance, will be a critical factor for ship owners and operators in deciding whether they will employ such vessels as part of their fleet. More precisely, this chapter intends to deliberate three fundamental questions: (i) Is there any attribute of remote-controlled and autonomous vessels that make them uninsurable in the market? (ii) Is there any need to alter traditional principles and doctrines of insurance law so that insurance could be offered for such vessels? (iii) Is the insurance market, as it is structured today, suitable to offer the desired degree of cover for owners/operators against risks associated with such vessels? The author will argue that the answer to all of these questions is negative. In particular, it will be maintained that it is essential for the marine insurance market to reflect on the manner in which traditional hull insurance is offered and start a discussion as to how a new insurance product is developed for these kinds of vessels, taking into account new risks emerging and the interaction between hull and other types of insurances. Such a discussion has already started in the liability insurance market,5 and it is high time that a systematic discussion is carried out in the hull and cyber insurance markets with a view to preparing a standard set of insurance terms for insuring such crafts.

Insurability issue

2.3 There is no doubt that insurers will face a problem, especially in the early days, in rating the risks associated with remote-controlled or autonomous shipping, given the lack of historical data as to the frequency and severity of losses that such vessels are likely to suffer. This problem is not unique to this line of business and is a predicament facing insurers when engaging in the process of insuring new types of risks. For example, similar concerns have been raised in the context of providing insurance for driverless cars, yet it has always been possible to develop an actuarial risk assessment model based on various assumptions,6 and the insurance sector is ready to provide insurance cover for such cars.7 In particular, one should also not lose sight of the fact that insurers have at

Page 24

their disposal sophisticated algorithms that can be used to calculate risks by comparing the known vitality of similar classes of risks to the new one. Notably, historical loss data for light aircraft have provided the insurance industry very useful data about unmanned aerial vehicles, enabling insurers to be able to rate such risk to a degree that they were comfortable providing insurance coverage. The same is certainly true for remote-controlled and autonomous shipping. Given that there is ample data concerning the loss ratio of subsea autonomous crafts used for surveys, construction, recreational and scientific purposes, there is no reason why such data cannot be successfully utilised as part of an exercise to rate risks associated with remote-controlled or autonomous vessels. 2.4 Another insurability problem that is often pointed out is that given the heavy reliance on software technology for autonomous navigation, any problem in the software might have a cascading adverse impact on a large number of other vessels using the same software. For example, in a case where a software update contains a critical bug that can cause 20% of the vessels to take a wrong decision when navigating, it is very likely that more than one vessel will be affected by this mishap, potentially increasing the risk of loss for tens or hundreds of vessels relying on the same software and updates. As one author puts it, there is a risk of “high impact low frequency events occurring”.8 2.5 With respect, it is submitted that there is a genuine risk of overstating this possibility, for various reasons. Firstly, it is very likely that manufacturers will respond to a casualty report that alludes to any software-related issues by issuing a product recall or at least recommending owners/operators to get their software checked. This will in all probability reduce the risk of similar software-related issues leading to other major accidents. Secondly, although appropriate rules are not yet in place, it is very likely that prior to putting such vessels into commercial use internationally, relevant maritime conventions, such as SOLAS (Safety of Life at Sea), MARPOL (Prevention of Pollution from Ships) and STCW (Standards of Training, Certification and Watchkeeping for Seafarers), will be updated; and requirements that such vessels need to comply with, in terms of remote operations, manning and technology, will be specified in such regulations. These requirements will be endorsed by flag states and in all probability classification societies, which will issue compliance certificates for such vessels. This process will play a vital role in ensuring that the risk that such vessels pose to insurers will be kept at a bearable level. Lastly, one would expect an insurance product that offers cover against an emerging risk to incorporate various risk control mechanisms designed to ensure that the risk will not unnecessarily increase during the period of cover.9 For example, an insurance warranty imposing an obligation on the assured to “take all reasonable steps” to maintain and

Page 25

update software and hardware required for autonomous navigation should not come as a surprise to anyone. Likewise, such policies might contain clauses excluding from insurance coverage any loss or damage caused by any alteration made by the assured to the computer programmes or algorithms that are not sanctioned by the licenced operator or manufacturer. These measures will go a long way in ensuring that remote-controlled and autonomous vessels remain as insurable risks in the insurance market.

Autonomous shipping and fundamental insurance law principles

Issues concerning good faith

2.6 The law, which has recently been reformed, requires the assured to present the proposed risk to insurers in a fair manner.10 This effectively means that the assured is required to disclose every material circumstance11 which (s)he knows, or failing that to provide disclosure which gives the insurer sufficient information to put a prudent insurer on notice that (s)he needs to make additional further enquiries for the purpose of revealing those material circumstances. At first sight, one might naturally assume that when seeking insurance cover for a remotely controlled or autonomously operated vessel, the amount of disclosure expected from a potential assured will increase significantly and probably unbearably from the perspective of the assured. 2.7 It is certainly the case that new risk factors, such as remote control centres (RCC) and further reliance on computer/software systems, alter the nature of insurance cover sought fundamentally. Thus, it will be a relevant consideration in risk assessment terms for insurers to determine how such RCCs are manned, equipped, and operated as well as where they are based. Equally, insurers would like to know more about computer and software systems that the operation of autonomous vessels depend on, and also how they are designed, maintained, and perhaps hosted or operated by service providers. 2.8 That said, there is no reason to assume that the current legal principles concerning fair representation of the risk will create an unsustainable pressure on potential assured seeking cover for their remotely controlled or autonomous vessels. The current legal regime provides adequate safeguards for potential assureds in this instance. First, when it comes to inherent vulnerabilities of the computer systems or software packages (including algorithms which autonomous navigation is dependent on) or problems that the IT system is prone to, the assured cannot be expected to disclose them unless (s)he knows them or ought to know them. The assured is deemed to know facts or circumstances which a reasonable search would have revealed.12 Even though the wording of the relevant provision seems to be far reaching and the search is not limited to the information that is held by the assured and includes information held by “other person(s)”, which may include commercial partners, contractors and service providers, as long as such defects are undetected, no blame can be attributed to the assured for failing to find out such matters by not

Page 26

making a reasonable search. Effectively, there can be no duty to disclose such matters on the part of the assured. 2.9 Second, it is important to note that the law restricts the disclosure obligation of the assured to a certain extent by stipulating that the assured is not expected to disclose “matters which an insurer offering insurance of the class in question to insureds in the field of activity in question would reasonably be expected to know in the ordinary course of business”.13 It is inevitable that insurers will become more knowledgeable of the risks concerning such vessels including those associated with the use of RCCs and cyber vulnerabilities. One would also expect more information to be in public domain with manufacturers of such systems, flag states, and classification societies releasing more information on how such systems work and details of the technology used. Therefore, any potential assured will only be expected to disclose special attributes of the systems their vessels are using or any particular cyber vulnerability that such systems could create, rather than disclosing every generic issue concerning the operational aspects of such systems and IT network.14 2.10 Finally, it is very likely that insurers will employ sophisticated underwriting strategies to ensure that potential assureds provide them with key information required to be able to rate the risks presented in a fair and appropriate manner. For example, one would expect underwriters as part of the risk assessment process to insist that potential assureds complete very detailed underwriting questionnaires on technical aspects of their vessels (including matters concerning RCCs) and other IT-related matters.15 Similarly, as part of the risk assessment process, insurers might require a review conducted by an independent surveyor of the applicant's vessel's systems, IT security, surveyor and classification society reports. These measures will inevitably reduce the scope of disclosure required of the potential assured. 2.11 To sum up, there is no reason to believe that statutory and common law rules on the duty of good faith on the part of the assured would create any significant burden for the assured to justify any change in legal rules. The law, as it stands, is flexible enough to facilitate acquiring of insurance policies for remote-controlled or autonomous vessels without creating any particular difficulty for the assured, and there is no reason to suspect that insurance for such vessels could not be easily and appropriately procured within the parameters of existing law concerning good faith.

Issues concerning seaworthiness

2.12 “Seaworthiness” occupies a rather important position in the marine insurance context. A warranty of seaworthiness has been imposed in all voyage policies,16 and unseaworthiness could afford a defence to insurers in time policies when the vessel is sent to

Page 27

sea in an unseaworthy state with the privity of the assured17 and when there is a causal link between this unseaworthiness and the loss emerging.18 Under the MIA 1906 “a ship is deemed to be seaworthy when she is reasonably fit in all respects to encounter the ordinary perils of the seas of the adventure insured”.19 An interesting question that arises here is whether the traditional definition of “seaworthiness” is appropriate in the context of remote-controlled and autonomous shipping. In particular, two matters deserve more thorough deliberation: (i) Does the definition of “seaworthiness” extend to cyberworthiness? Put differently, if the cyber protection mechanisms employed by the ship prove to be inadequate and as a result a cyber attack is perpetrated, would it be possible for insurers to say that the vessel is unseaworthy? (ii) What is the legal relationship between an RCC and the vessel's seaworthiness? Would, for example, incompetence of an Remote Control Operator (RCO) or structural problems in the RCC render the vessel unseaworthy? 2.13 On (i) adopting a very literal approach to statutory construction, one might be tempted to suggest that a cyber breach/attack is not an ordinary peril of the seas.20 The author is firmly of the view that such a conclusion would be at odds with the realities of contemporary shipping, especially in an era of increased levels of interconnectivity and at a time when the ship owners and managers are required to assess cyber risks and implement measures across all functions of their safety management system and report any cyber risk in their ISM Code.21 Also, there can be no doubt that traditional definitions of maritime law should evolve in parallel to the development and enhancement of shipping. Traditionally, vessels were assisted by maps, compasses, astrolabes and calipers in navigation but today no vessel would even consider sailing without a radar, gyro compass or automatic radar plotting aid; such navigational aids are, in fact, required by international conventions for a vessel to be deemed seaworthy. Likewise, in contemporary shipping, where systems dealing with cyber security are treated as a vital part of safe navigation, it will not be an overstatement to say that seaworthiness should be extended to the ability of the vessel to be cyber risk resilient.22 2.14 On the second issue, the fundamental question is whether the RCC could be treated as an extension of a remote-controlled vessel. If so, manning, design and maintenance of

Page 28

such centres could inevitably play a significant role in determining the vessel's seaworthiness. Of course, it is too early to predict how such centres will operate in practice, but one can envisage two business models. Either a shipowner/operator will own and run a centre for the purpose of controlling several vessels forming part of his/her fleet, or an independent RCC will offer services to various shipowners as an independent contractor. Whichever model of business is adopted,23 judged from the perspective of “functionality”, it is hard to find any justification not to regard a unit that plays a key role in a vessel's navigation as being a part of that unit in terms of determining its suitability to navigate at sea. Furthermore, it is very likely that as part of creating a suitable legal framework to ensure safe navigation of such vessels, international conventions dealing with ship design, manning and operation will be extended to deal with RCCs. This would be a clear signal from lawmakers pointing to the existence of an organic relationship between the vessel and the RCC that such a ship is heavily reliant on. Lastly, support could be drawn from legal authorities which consistently ruled that temporary outfits taken on board to adapt the vessel for a particular trade fell under the term “ship” and were instrumental in making that vessel seaworthy.24 In particular, in Hogarth v Walker 25 it was held that dunnage mats used for the proper carriage of cargo in the Black Sea grain trade, even if not affixed to the ship or used at the time when the loss occurred, were nevertheless “fittings of the insured vessel”.26 By analogy, it can certainly be argued that a control centre vital for the operations of a vessel is part of that vessel for the purposes of determining its seaworthiness. 2.15 In conclusion, it is fair to say that differences in the design and operation of remote-controlled and autonomous vessels would not create any significant difficulty in terms of the operation of “seaworthiness” doctrine in this context.

Issues concerning legality

2.16 Attributing to RCCs a key role in ship navigation could possibly introduce additional risks from the perspective of all parties who have an interest in the operations of the vessel. It will certainly be possible that ship managers or operators will have more opportunity to make interventions by dictating to RCOs the manner in which the maritime adventure should be performed. For instance, a ship manager, who monitors the location and movements of the vessel closely, could potentially instruct the operators to direct the vessel to a location in breach of sanctions imposed by international organisations. The law, as it currently stands, not only requires an insured marine adventure to be a lawful one but also that it be performed in a lawful manner as far as the assured can control the matter.27 In case of breach of this warranty, the cover is suspended and it is very likely

Page 29

that cover will not be reinstated even if the breach is remedied.28 Needless to say, the prospect of such intervention on ship operations by people other than RCC staff could be minimised by tightly regulating the manner in which such centres operate. However, even under the assumption that the increased connectivity and the control this gives to ship managers and operators increases the risk of unlawful acts being performed by them, this does not mean that the current legal rules prove inadequate. Put differently, even if the new mode of operation for a remote-controlled vessel could potentially increase the risk of an illegality being committed by those in control of the vessel's commercial operations, the law is still well equipped to deal with this eventuality. Perhaps a better solution to this problem would be to ensure that the legal framework to be developed with regard to the operation of RCCs and RCOs puts in safeguards to restrict the prospect of intervention from ship managers or operators.29

The need to realign insurance cover

The current state of play

2.17 In the current insurance market, cyber risks facing a vessel are prescribed to be very different from marine risk, and accordingly, cover is often provided separately for such risks. Most hull policies offer cover against traditional marine risks (such as perils of the seas, fire, explosion, jettison) and risks known as “Inchmaree risks”,30 which extend hull coverage to include losses caused by latent defects in the machinery and hull; bursting of boilers and shafts; negligence of master, officers, crew and pilots, repairers and charterers; and barratry of masters, officers or crew. And, almost invariably contemporary hull policies would exclude losses caused by cyber attacks with a very broadly worded exclusion clause known in the market as CL380 (The Institute Cyber Attack Exclusion Clause).31 Often, such policies would also exclude from cover any loss directly or indirectly caused by or contributed to or resulting from specified cyber incidents – namely, loss of data, human error affecting the assured's computer systems, a system failure occurring on the

Page 30

assured's computer systems, or a defect in the assured's computer systems.32 Cover against such risks needs to be obtained separately, usually by purchasing write-backs from cyber insurance market.33 2.18 It is argued here that the insurance market should urgently start discussion on designing a new product (ideally in the shape of standard insuring clauses) that will be the basis of cover for remotely controlled and autonomous vessels. This is because: (i) this new mode of ship operations will inevitably introduce additional risks that are currently not insured against under standard hull policies; and (ii) due to excessive reliance on interconnectivity and computer technology, such vessels are more likely to be adversely affected by cyber risks, making it essential for cyber risks facing such vessels to be considered in conjunction with hull risks. The legal and practical issues emerging that need to be considered when designing attributes of this new cover will be discussed next.

Emergence of new risks

Design and programming errors

2.19 Technical studies34 demonstrate that autonomous vessels will operate by means of a system that combines data obtained from external sources (i.e., data obtained from the surroundings of the vessel through sensors and information obtained from external sources, such as weather reports or hazard warnings) with decision-making software. Although RCOs could periodically monitor the vessel, given the fact that they are not physically on board to observe the prevailing weather and navigational conditions, naturally hardware components (such as sensors) and software (such as a navigation programme) will be relied on for navigation purposes. 2.20 Starting with hardware components, any breakdown of such equipment that is not attributable to wear and tear35 is likely to be covered under standard hull clauses; as such components are likely to be viewed as part of the vessel,36 and latent defect in hull

Page 31

and machinery is often an insured peril in hull policies.37 However, the legal analysis gets more complicated if a loss arises as a result of a shortfall in design of hardware components, such as a “blind spot” between sensors. It is debateable, to say the least, whether such loss will be recoverable under traditional insurance wordings. There is authority to the effect that the clause providing cover for “latent defect” in hull policies does not cover an error in design. In Jackson v Mumford,38 Kennedy, J, restricted the scope of cover provided under this heading to “a defect of material, in respect of either its original composition or in respect of its original or its after acquired condition”. He continued by saying

[latent defect] does not, in my view, cover the erroneous judgement of the designer as to the effect of the strain which his machinery will have to resist, the machinery itself being faultless, the workmanship faultless, and the construction precisely that which the designer intended it to be.39

The rest of this document is only available to i-law.com online subscribers.

If you are already a subscriber, click Log In button.