Abstract
This paper addresses the interplay between robots, cybersecurity, and safety from a European legal perspective, a topic under-explored by current technical and legal literature. The legal framework, together with technical standards, is a necessary parameter for the production and deployment of robots. However, European law does not regulate robots as such, and there exist multiple and overlapping legal requirements focusing on specific contexts, such as product safety and medical devices. Besides, the recently enacted European Cybersecurity Act establishes a cybersecurity certification framework, which could be used to define cybersecurity requirements for robots, although concrete cyber-physical implementation requirements are not yet prescribed. In this article, we illustrate cybersecurity challenges and their subsequent safety implications with the concrete example of care robots. These robots interact in close, direct contact with children, elderly, and persons with disabilities, and a malfunctioning or cybersecurity threat may affect the health and well-being of these people. Moreover, care robots may process vast amounts of data, including health and behavioral data, which are especially sensitive in the healthcare domain. Security vulnerabilities in robots thus raise significant concerns, not only for manufacturers and programmers, but also for those who interact with them, especially in sensitive applications such as healthcare. While the latest European policymaking efforts on robot regulation acknowledge the importance of cybersecurity, many details, and their impact on user safety have not yet been addressed in depth. Our contribution aims to answer the question whether the current European legal framework is prepared to address cyber and physical risks from care robots and ensure safe human–robot interactions in such a sensitive context. Cybersecurity and physical product safety legal requirements are governed separately in a dual regulatory framework, presenting a challenge in governing uniformly and adequately cyber-physical systems such as care robots. We conceptualize and discuss the challenges of regulating cyber-physical systems’ security with the current dual framework, particularly the lack of mandatory certifications. We conclude that policymakers need to consider cybersecurity as an indissociable aspect of safety to ensure robots are truly safe to use.
Highlights
Robots are cyber-physical systems that combine hardware and software components, network and communication processes, mechanical actuators, controllers, operating systems, and sensors to interact with the physical world (Quarta et al, 2017)
Acknowledging such a link is essential in the healthcare domain, as ‘vulnerabilities could allow unauthorised users to remotely access, control, and issue commands to compromised devices, potentially leading to patient harm’ (FDA, 2019)
We proposed different options for strengthening such a link between cybersecurity and safety: a horizontal approach to dealing with cyber-physical security in a single piece of legislation covering all connected devices; and a vertical approach to integrating cybersecurity requirements more explicitly and comprehensively in existing frameworks, including the RED or the Toy Directive, following and expanding on the example of the Medical Device Regulation (MDR)
Summary
Robots are cyber-physical systems that combine hardware and software components, network and communication processes, mechanical actuators, controllers, operating systems, and sensors to interact with the physical world (Quarta et al, 2017). Robots represent an interface to the physical world, making security concerns salient because, unlike traditional computers, they can have an immediate physical effect on their environment (Morante et al, 2015) Acknowledging such a link is essential in the healthcare domain, as ‘vulnerabilities could allow unauthorised users to remotely access, control, and issue commands to compromised devices, potentially leading to patient harm’ (FDA, 2019). Care robots are used as an illustrative example of a cyber-physical system that interacts with vulnerable parts of the population Vulnerabilities in such examples are salient because hackers could remotely access, control, and issue commands to compromise the robot, potentially leading to patient harm. Less invasive and remote interventions relying on the availability and assessment of vast amounts of data Allowing to meet the expanding demands for long-term care from an aging population affected by multi-morbidities Supporting the recovery of patients as well as their long-term treatment at home rather than at a healthcare facility Offering support for continuous training and life-long learning initiatives
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
