So my name is Demetra Kaino. I'm a Greek qualified lawyer, and I'm also a legal researcher at the cloud legal project at queen Mary university of London. And also at the Microsoft cloud computing research center, which is a virtual center funded by charitable donations by Microsoft. And it's also a collaboration between our team at queen Mary university and the Cambridge computer lab at the university of Cambridge.
Now my presentation today will focus on issues of legal liability and industry 4.0, I will start by give a very, very brief introduction on what we mean by industry 4.0 and why it is an important topic to talk about. And then I'll focus on the legal responsibilities and liabilities that arise in a smart factory scenario, which is the most representative vision of industry 4.0, I will then go talk about why it is important to have these legal questions in mind, and also recommend some ways in which issues of liability can be clarified.
Now, as this is not a purely legal talk, I'll try not to bombard you with a lot of legal language, but provide you with some key issues and questions to have in mind when developing these technologies. So a very brief, brief background information. We've heard that industry, the term industry 4.0 was first coined in Germany in 2011.
However, there are many similar initiatives in the world. One of which is the Europe 2020, which is a 10 year strategy by the European commission to improve economic activity in the European union. And one of its flagship initiatives is to work on an integrated industrial policy for the globalization era. At the very end of this presentation, you can find a list of different similar initiatives and their respective links. So you can go look them up if you want.
Now industry 4.0, we just heard, said to refer to the fourth industrial revolution and it includes technologies like the cyber physical systems in terms of fixed and in terms of services, in terms of things, as we've heard, refers to objects, we've embedded sensors and actuators that have the capability of communicating with each other and with humans and the internal of services refers to the services being driven by big data and cloud computing.
Now, according to recent study for the European parliament industry, 4.0 describes the organization of production processes based on devices, autonomously communicating with each other along the value chain. As I said, one of the most representative scenarios is the smart factory where machines communicate with humans to manage the production processes in real time and lead to more flexible and customized products industry 4.0 seems to be one of the top priorities in the world.
Given the large investments by European us and Asian companies, Germany is said, have invested close to 500 million euros in the development of industry 4.0 and according to general electric, the whole industrial internet is estimated to be 225 billion market by 2020. Now, before moving on to see some of the legal responsibilities that arise for manufacturing companies, I thought it was important to realize that now much more than in the past, there will be a complex web of actors and stakeholders involved in the supply chain.
Of course, there'll be manufacturing companies themselves and the suppliers of the different components, but also we have software developers, cloud service providers, where for example, the cloud will be used for machines to communicate with each other and also for big data analytics to take place. Other actors will be, of course, the analytics companies themselves, the companies providing the artificial intelligence algorithms. We have energy partners, insurance companies, whole networks of resellers retailers, installers of devices.
And of course the consumers, which we shouldn't forget that in industry 4.0, they will be involved in the might be involved in the design and production process as well as of course being the end users of the products. So companies will have legal responsibilities, both internally, for example, towards their employees, but also externally. So against their supply partners, the consumers, the environment, the state, et cetera.
So data, sorry, our companies will have data protection responsibilities, especially when using smart machines and wearable technologies to track the movement and location of their employees on the factory level when they do so they'll have to comply by da data protection laws, and they'll have to make sure that personal data is collected for specified and explicit purposes.
And it's no longer, it's not retained for longer than necessary.
When companies use this technologies to monitor their behavior of their employees, they will have to make their employees aware that they're in fact doing that. And they might also face employment law issues if they're assessing the performance of their employees, simply by only using the personal data collected on the factory level. Now also because of the new general data protection regulation in AU.
And because that those processing operations of the personal data might result in high risk for the rights and freedoms of their employees, companies might have to think about carrying out data protection, impact assessments. And also they might have to think about implementing privacy by design when creating this technologies, large amounts of data will be shared and transferred between them.
Companies will have to ensure that they have appropriate technical and organizational measures in place to control what these machines are doing and how they're interacting with people and the environment.
So for example, to prevent them from harming employees or for potentially misusing environmentally has reduced substances, companies will also have to have appropriate data security in place to prevent their smart machines from being hacked and confidential information about their business processes, algorithms, and also personal data about their employees being disclosed in an authorized way when that happens. And when confidential information about their business is disclosed.
This could also have intellectual property implications because business processes and algorithms might be protected by trade secrets. And also software might be protected by copyright or patent rights. In addition, because of the more and more use of 3d printing technologies on the factory level in conjunction, the fact that the consumer might be involved in the design process, companies will have to think of their intellectual property ownership and rights and have appropriate contract in place to deal with these issues in advance.
Companies will also have civil and criminal, potentially criminal liabilities arising from property damage and physical injury or even death. And we'll see some of these liabilities in the second. So I thought it would be important for you to give you a brief introduction of what we mean by liability in law.
So liability can only be attributed to a person, whether that's a natural person and by natural people, we mean humans or legal person, which we mean, like for example, a company now in case where a legal person would be responsible like a company, the natural people behind a legal person could also be responsible. Like for example, the directors of the company liability has to do with a breach of duty. That duty might be created by a contract. In which case the parties have voluntarily agreed to it, or the duty might be created by law.
In which case we have to go see what the law says.
And in that case, the duty might not have to depend on a contract liability answers. The question of who is responsible for the action that gave rise to the damage. So essentially who caused the damage and ultimately who will pay for it. And there are different types and different regimes of liability. So liability could be based on intention or negligence and by negligence in law, we mean carelessness in which case liability could be fault based, but also there is a type of liability that could be based on neither in which case we have what we call a strict liability regime.
And a prime example, strict liability is product liability, which is very, you know, useful in industry 4.0 and liability will be committed simply by performing an act or a mission that the law says you have to do.
So in a smart factory, the manufacturer's responsibilities will not arise just from the fact that they're actually manufacturing a product, but also from the fact that they're part of a network of smart machines.
So what, what happens if something goes wrong in a smart factory, what happens if the factory catches fire and causes physical damage?
What happens if there is a miscommunication between the machines and a machine orders around component that results in a fault in the end product who will be responsible then in order to answer that question, we will have to look at existing contracts between the different supply partners or the law, or both now because of the complex supply chain and industry 4.0, it will be important to have contract between the different partners with clear attritions of liability.
You might ask why that that's helpful mainly for two reasons first, because it will be easier to prove that a specific action caused a specific damage or a specific actor was in fact responsible for a specific action. So it will help us to prove causation between the action and the damage, which is a very important element in establishing legal liability. And the other reason is because you would be potentially helpful for insurance companies to assess the risk in advance and, you know, decide whether to ensure or not.
And it might be in fact, that insurance companies require a minimum level of transparency to exist in the contract before deciding whether to provide insurance.
Also, we shouldn't forget that we shouldn't forget the consumer. We shouldn't forget that companies will not have only responsibilities and liabilities towards each other, but also towards the end users of their products.
Now, when these end users are consumers and by consumers in law, we mean natural people that are acting outside of any professional activity. Then the law might set certain legal, mandatory obligations to manufacturers why that is it's because the law considers consumers to be in a disadvantaged position, both in regards to their contractual bargaining power, but also in regards to the level of understanding.
So which this, this liabilities will be first, first of all, manufacturers will be liable for defective products that cause property damage or physical injury, irrespective of the fault or contract. So even if they were very careful during the production process and the consumer on the other hand will only have to prove the defect in the product, the damage and the caus relationship between the two.
So consumers won't have to prove that there was a fault. Now it will be very interesting and industry 4.0, to see how the product, how the concept of the product changes.
And as we've heard earlier, it's not just hardware, but it could be hardware plus software plus services. This will be interesting in law because the current product liability regime does not extend to liability about services. So it might be that we cannot impose product liability about, you know, the FA the part that refers to service.
Now, manufacturers, apart from being liable for defective products, they're also responsible for creating safe products. And what safe means will depend on each individual industry that the product belongs to manufacturer is also liable, sorry, responsible for providing information about the product and about the legal rights and responsibilities that consumers have.
And they're supposed to do that in a plain and clear language so that consumers understand, and it might be that under industry 4.0, this obligation to provide information extends to information about the services included in the product like how long they'll last for, or how long they, you know, when they have to update them.
For example, however, even if companies are transparent about the information they provide to consumers, it might be that certain clauses or terms in their contracts are considered in law to be unfair to consumers.
And that's, there won't be unfor there won't be enforceable against them. An example of what an unfair term would be is for example, if, if manufacturers were trying to exclude limit or exclude all liability for damages in countries where such exclusions of liability are not allowed.
So when it is pure rises, it's important to know obviously who is liable and under which liability regime, but also it will be important to know which law will apply to interpret a contract and therefore dispute, and which country's courts will have the authority to hear the case
Because of the complex supply chain in industry 4.0, there are probably multiple countries involved. And so the answer won't be simple. And also the answer might differ between business to business or business to consumer disputes.
And again, here, it's important to remember that because when dealing with consumers, because companies will have to abide by legal, mandatory provisions, if a consumer wants to Sue a manufacturer for a defective product, for example, it might be that regardless of what the contract says, the, the law that will apply to the dispute is going to be the, the law of the country where the consumer has his or her habitual residence.
An additional level of complexity will arise when machines are enhanced with machine learning algorithms that allow them to improve their performance through experience without necessarily having to follow human instructions.
So what will happen then when these self-learning industrial robots become autonomous or semi-autonomous and act in a way that's not controlled by humans and maybe act in such an unpredictable way that humans are prevented from taking precautionary measures against them
Who will be responsible, then could it be, for example, the creator or the owner or the user of the underlying algorithm, or could it be the creator or the owner, the user of the smart machine, or could it be a combination of these people in, in a joint liability?
For example, now the answer is of course not simple, particularly because sometimes the, the process that the algorithm follows to reach a particular decision will not be transparent. And we won't be able to go back and track the decision trail.
Now, if we can't do that, then it'll be very difficult to attribute liability. If we don't know who was liable for what, at which point in time,
Because of this difficulty and because of, you know, the non clarification between the risks and benefits of having autonomous machines, there have been a couple of legal theories of how we could go about that. One theory is to say that if autonomous machines carry far less risk than human operators, and maybe we should exclude all liability, but that, that would be very radical under the law.
Another approach would be to say that there is an inherent danger in having autonomous machines, in which case we should attribute strict liability on the user or whoever we deem is responsible for the actions. However, this is problematic as well, because it might lead to excessive liability on one person or a few companies that will be developing these technologies. And also it might, it might lead to slowing down innovation because of that.
Now it might be that insurance provides a good alternative, but the reaction by insurance companies will be more clarified when the risks and benefits of having autonomous machines is further clarified. Also finally, it could be that a no fault compensation scheme or a central compensation scheme funded by manufacturers, technology companies and or the state to compensate victims of damage, but without attributing fault could be a better alternative.
Now, as we're reaching the end of this presentation, it's important to remember that legal certainty as to the allocation of liability will be important, not only for the rollout of the intern of things as the European commission said in 2015, but also for all the technologies involved in industry 4.0, why that is it's for two main reasons, because legal certainty will be helpful for manufacturing companies to, you know, be able to organize themselves comply with the law in advance and for innovation itself.
Because on the other hand, legal uncertainty might slow down the development of new technologies. So you might ask what is next? What is the next step? Well that as we lawyers like to say will depend on each specific case and each specific contractual relationship, because it might be that with your business partners, some contracts are negotiable negotiated, sorry, you know, so it will depend.
However, there are some ways there are that we can clarify issues of attribution of liability. One is that companies would have to think about drafting, transparent contracts about the roles and responsibilities of the different partners in the supply chain, also in, in their business to business, as well as business to consumer relationships, especially when the consumer, if you remember, is involved in the design process, keeping documentary evidence is not always a legal requirement. It could be a legal requirement as for example, under the new general data protection regulation.
But even if it's not, it might be good practice for companies to maintain records or data logs in order to, to be able to run internal audits and identify issues and problems, not only on the manufacturing level, but also on their network and collaboration level. Also because these new technologies include an industry 4.0 are new. It might be good to educate and train employees to raise awareness of the risks and responsibilities rising out of operating a smart factory, not only for the company, but for themselves as well.
And finally, adhering to industry specific standards and code of conduct might be a good practice. For example, there's a new general data protection code of conduct that we shouldn't forget that adhering to such standards is now defense to liability. Thank you very much for listening. If you'd like some more information about the legal discussion, all the security considerations, you can have a look at, oops. These two papers for the legal discussion in this paper for the security consideration, from our combined team at queen Mary and university of Cambridge.
Thank you you very much.
So, so thank
Thank you everyone for being patient. So now we will take any questions for both of the speakers.
So if, if you have any questions for the speakers, my colleague Graham will be coming round with a, a microphone.
Come on guys. I've got one. All of the things you showed there, are they any different if I'm buying can buying car?
Like if,
If, if I'm buying jam, it could be that makes me ill. It could be the can, it could be the apricots. It could be the process is the, not exactly the same issues there as there is with this no industry 4.0.
Yes.
I mean, there are in the sense that it's not a new law because it's industry 4.0, it's the same, same laws that apply as you said in the jam, but because of the, you know, network collaboration and because of the different technologies, it becomes much more complex. Also, you know, whether who, whose fault it is, as I said, will depend on the contracts will also depend on the specific case.
And, and something I didn't say was that, you know, if you have a jam and by the jam, you can can tell who, who are all the producers of the jam by their trademarks, for example, their brands or information about them. In theory, you can Sue all of them. You know? So I mean that, that exists now as well is not new, but I, I guess because of the complex supply chain, it'll become much more complex
Other questions, oh, sorry. I should come.
So yesterday the colleague from IBM, he said that IBM was training now, Watson, to be able to act as a cyber threat detection system.
So assuming my company is somehow buying this technology, embedding that and assuming for whatever reason, there's some malicious attack not detected by the self-learning system who would be liable.
Well, I don't know. It's the answer it's about. Yes. Yes.
Well, it will depend, I guess, you know, if IBM said, you know, like the cloud provider say when 99% available, if, if IBM said we're 99% sure that Watson is sure, then IBM might be responsible. You know, if, if they wrote, as I said, it will be very difficult because will it be the person who created the algorithm or would it be the way you use the algorithm? That was the problem.
I mean, in theory, if you made a significant contribution or if your developers made a significant contribution to the algorithm that IBM provided, then maybe you'll be partly responsible as well.
But
I honestly would pay to see water in a court to defend himself. That would be fun.
Yeah. He was winning close. Also win the, not sure about that. Okay.
More questions.
Okay. Yes. I have one yes. Question from,
I tried, I tried to be very short and it would be great if your answer would be as clear and short as it could be.
Is, is it a contradiction standardization and innovation, especially when it comes to industry for,
To me? Yeah.
Does this
Okay?
No, I don't believe so. I believe that innovation and the standardization do not necessarily be some opposite terms or in contradiction. I would say that in the next or already today, but in the, in the near future, it'll be interesting innovating the standard decision.
I mean, we will it's, I mean, it's kind of joke, but it's, it's not a joke at all. I mean, we will need, if we want that all these technologies that we have available, we will really transform. And I believe there's no choice. They will transport our businesses, our life, as they are doing so quickly, we will need to find a different way to define standards. In the past. Basically we define standards and then we use the technology today.
We use the, the technology, we create solutions, and then we will need to define standards and standards will be less regulated and probably more self determining the landscape in the software industry is changing a lot and so fast.
If you look back five years in the manufacturing industry. So in the industrial environment, which is at lower than in the consumer, one, basically there was just one technology. And that was the standard today. If you go in a plant, you find at least 10 different technologies in terms of software, everyone is using a mobile devices.
And just in the mobile devices, you have a different operating system, at least four today, Blackberry iOS for apple and windows phone. So four different platforms, four different standards that need to communicate together in some way. So we need really to find a different way to define standards, but it's mandatory.
