Addressing cybersecurity, data governance, and ethical concerns in automotive digital transformation

The automotive industry is undergoing a profound transformation due to advancing digitalisation and new mobility models alongside the changing expectations of vehicle users. Automotive OEMs are increasingly adopting new digital technologies, including over-the-air software updates, embedded electronics, connected vehicles, and mobility services to implement the above digitalisation technologies. This transformation is expected to create significant new opportunities and threats. It is projected that by 2030, the vehicle park in Europe and the USA will slightly decline from 2020 levels, but the global automotive industry profit pool will significantly grow. The total profit pool is expected to rise from 307 billion US Dollars in 2020 to 650 billion US Dollars in 2030. The main driver behind this profit growth is the transition from individual car ownership to car sharing, ride pooling, and similar services. By 2025, around 20 million new cars shipped globally every year will be based on a completely different vehicle architecture allowing to build a broad variety of car types on it, in order to improve efficiency and lower costs. Furthermore, by 2025, all new cars worldwide will be shipped connected. Cars will no longer be isolated electronic devices but will be vehicles in a new mobility ecosystem. In this scenario, the V2X (Vehicle-to-X) paradigm will be a crucial enabler. Vehicles will be able to communicate among each other, with the infrastructure, and with pedestrians, allowing a more efficient and safer travel experience. This will allow the smart city application: optimising traffic management, in order to improve traffic flow and avoid critical congestion. Recently, there is a growing expectation that the automotive industry would have a breakthrough in autonomous driving applications with Level 5 automation. Current Advanced Driver Assistance Systems (ADASs) are being expanded by adding more sensors and more complex algorithms to achieve fully autonomous (driverless) cars. Unfortunately, they remain largely unreliable and dangerously flawed for wider income. In the last decade, the electronic complexity of current top-end vehicles has dramatically increased to about 200 million lines of code and up to 200 Electronic Control Units (ECUs) used to control them, allowing for a seamless experience to users, bringing more comfort items, helping customer mobility experience, and improving energy efficiency. As a consequence, vehicles are becoming complex software-based IT systems. The increasing software complexity, as on other critical infrastructures, raises concerns on the safety and security associated with its development and deployment. Major automotive OEMs converging with IT companies are racing to develop new advancing vehicle applications relying on ever changing and potentially unreliable components and platforms. These new applications tend to open the automotive delivery chain to third parties, including component vendors and service providers with unprecedented concerns about maintaining the appropriate quality assurance and protection. In this context, as safety is paramount to automotive production, the 2019 decision by the United Nations Economic Commission for Europe (UN/ECE) to provide for the creation of a cyber security regulation has raised a world-wide debate on how to guarantee the cyber security assurance of new vehicles and the safety of advanced vehicle applications still necessarily relying on the exchange and sharing of third-party data.