EU AI ACT 2024 NOTICE: Autonomous vehicle systems are classified as HIGH-RISK AI SYSTEMS under
EU AI Act Annex III. This Agreement incorporates mandatory compliance requirements.
1. PARTIES
1.1 Manufacturer/Developer: [Company Name], a [corporation/GmbH] organized under the laws of [Jurisdiction], with principal offices at [Address] (the "Developer").
1.2 Operator/Customer: [Company Name], a [corporation/GmbH] organized under the laws of [Jurisdiction], with principal offices at [Address] (the "Operator").
1.3 Effective Date: [Date]
2. DEFINITIONS
"AI System" has the meaning given in EU AI Act Article 3(1): a machine-based system designed to operate with varying levels of autonomy and that generates outputs such as predictions, recommendations, or decisions.
"Autonomous Vehicle" or "AV" means a vehicle equipped with automated driving systems capable of performing the dynamic driving task on a sustained basis, classified as SAE Level 3-5 per SAE J3016.
"Dynamic Driving Task (DDT)" means all real-time operational and tactical functions required to operate a vehicle in on-road traffic.
"Fallback-Ready User" means a user who is receptive to automated driving system-issued requests to intervene and is prepared to resume the DDT.
"High-Risk AI System" means an AI system classified as high-risk under EU AI Act Annex III, including AV systems.
"Minimum Risk Condition" means a condition to which an automated driving system brings the vehicle to reduce risk of crash when a malfunction occurs or when a fallback-ready user fails to respond.
"Operational Design Domain (ODD)" means the operating conditions under which the AV is specifically designed to function.
3. EU AI ACT COMPLIANCE REQUIREMENTS
MANDATORY: HIGH-RISK AI SYSTEM COMPLIANCE
3.1 Risk Management System (Article 9). Developer shall establish and maintain a risk management system comprising:
(a) Identification and analysis of known and foreseeable risks;
(b) Estimation and evaluation of risks that may emerge when the AV is used;
(c) Adoption of suitable risk management measures;
(d) Testing to identify appropriate risk management measures; and
(e) Continuous iterative process throughout the AV lifecycle.
Reference:
EU AI Act Article 9
3.2 Data Governance (Article 10). Training, validation, and testing data sets shall:
(a) Be subject to appropriate data governance practices;
(b) Be relevant, representative, and free of errors;
(c) Have appropriate statistical properties for intended purpose;
(d) Address biases that may affect health, safety, or fundamental rights; and
(e) Be documented in technical documentation.
3.3 Technical Documentation (Article 11). Developer shall prepare and maintain:
(a) General description of the AI system;
(b) Detailed description of elements and development process;
(c) Information about monitoring, functioning, and control;
(d) Description of risk management system;
(e) Changes made throughout the system lifecycle; and
(f) Harmonized standards applied or other means of compliance.
3.4 Transparency Requirements (Article 13). The AV system shall:
(a) Be designed to enable Operators to interpret outputs;
(b) Include appropriate human-machine interface tools;
(c) Provide clear instructions for use;
(d) Inform Operators of capabilities and limitations; and
(e) Display CE marking per
Article 48.
3.5 Human Oversight (Article 14). The AV system shall:
(a) Allow effective oversight by natural persons during use;
(b) Enable human intervention to stop the system;
(c) Enable override of system decisions; and
(d) Prevent operator over-reliance ("automation complacency").
3.6 Accuracy, Robustness, and Cybersecurity (Article 15).
(a) Achieve appropriate level of accuracy for intended purpose;
(b) Be resilient against errors and inconsistencies;
(c) Be resilient against unauthorized third-party manipulation; and
(d) Implement cybersecurity measures proportionate to risks.
4. GERMAN ROAD TRAFFIC LAW COMPLIANCE
4.1 StVG Section 1a-1j Compliance. Per StVG Section 1a-1j (German Road Traffic Act - Automated Driving):
(a) The AV must be capable of complying with traffic regulations;
(b) Driver must remain receptive and able to take control (Level 3);
(c) Technical Supervisory Authority must be able to intervene (Level 4); and
(d) Approved ODD must be adhered to at all times.
4.2 Liability under StVG Section 7. Per StVG Section 7 (Keeper Liability):
(a) Vehicle keeper (Halter) remains strictly liable for accidents;
(b) Liability limit: EUR 10 million for personal injury, EUR 2 million for property damage;
(c) Liability exists even without fault (strict liability/Gefaehrdungshaftung).
4.3 Data Recording Requirements. Per StVG Section 63a:
(a) AV must record: geographic position, time, activation/deactivation of automated mode, takeover requests, system failures;
(b) Data retention: 6 months minimum, 3 years in case of accidents;
(c) Data must be provided to authorities upon request.
5. LIABILITY ALLOCATION
5.1 Developer Liability. Developer shall be liable for:
(a) Defects in the AI system design, software, or algorithms;
(b) Failures to meet EU AI Act compliance requirements;
(c) Inadequate testing within the specified ODD;
(d) Cybersecurity vulnerabilities not addressed; and
(e) Product liability under
ProdHaftG and
EU Product Liability Directive.
5.2 Operator Liability. Operator shall be liable for:
(a) Operation outside the approved ODD;
(b) Failure to maintain the vehicle as specified;
(c) Failure to install required software updates within [30] days;
(d) Interference with or modification of the AI system; and
(e) Failure of Fallback-Ready User to respond to takeover requests.
5.3 Third-Party Liability.
(a) To third parties injured by the AV, Operator (as keeper) bears strict liability per StVG Section 7;
(b) Developer indemnifies Operator for damages caused by system defects;
(c) Operator indemnifies Developer for damages caused by improper use.
5.4 Liability Framework and Mandatory Minimums.
Statutory Minimums (Non-Waivable): Liability shall at minimum comply with:
(a) StVG Section 12: EUR 7.5 million for personal injury, EUR 1.22 million for property damage (current statutory limits);
(b) ProdHaftG: EUR 85 million aggregate for product defects causing death/injury;
(c) Compulsory Insurance (PflVG): As specified in Section 6.1.
MANDATORY LIABILITY - NON-WAIVABLE CARVE-OUTS:
The following liability CANNOT be limited or excluded under German/EU law:
- Death, bodily injury, or damage to health (Verletzung von Leben, Koerper oder Gesundheit)
- Gross negligence or intentional misconduct (grobe Fahrlaessigkeit, Vorsatz)
- Claims under Product Liability Act (ProdHaftG)
- Third-party victim rights under StVG (direct claims against keeper/insurer)
- Fraud or fraudulent misrepresentation
Any contractual cap below statutory minimums is void and unenforceable.
Contractual Liability Allocation (Subject to Above):
(a) Consequential/Economic Damages: May be limited by agreement between Developer and Operator to EUR [Amount negotiable] per incident;
(b) Indemnification: Parties may allocate responsibility between themselves via indemnity, but such allocation does not affect third-party rights;
(c) Insurance: All liability allocations are subject to adequate insurance coverage per Section 6.
Legal counsel review required: Liability clauses must be reviewed by German/EU product liability specialists before execution.
5.5 ODD Boundaries & Out-of-Scope Operations
Operational Design Domain (ODD) Restrictions: AV system permitted to operate ONLY within approved ODD per StVG Section 1a:
| ODD Parameter | Approved Range | Out-of-Scope = Operator Liable |
|---|
| Geographic area | [e.g., urban streets in Munich, Germany] | Operation outside approved area |
| Road types | [Highways, urban streets, NOT off-road] | Off-road, unpaved surfaces |
| Speed range | [0-130 km/h] | Exceeding speed limits |
| Weather conditions | [Dry/wet, NOT snow/ice/heavy rain] | Operation in snow/ice/visibility <50m |
| Time of day | [06:00-22:00 daylight] | Night driving without adequate lighting |
Consequence of ODD Violation: Operator (vehicle keeper) assumes 100% liability for accidents occurring outside ODD. Developer liability excused. Operator's insurance claims may be denied.
5.6 Accident Reporting & Investigation
6.1 Incident Disclosure Requirements: Within 24 hours of accident/incident involving AV system:
- Operator MUST report to: (a) local police (formal accident report), (b) Developer (incident form), (c) AV regulatory authority in jurisdiction
- Report must include: date/time/location, parties involved, injuries/damages, circumstantial details (weather, traffic, ODD status)
- Operator must preserve: vehicle data recordings (per StVG §63a), witness statements, photos/video of scene
6.2 Developer Investigation Right: Developer has [5 business days] to access vehicle data, download system logs, conduct root-cause analysis. Operator must cooperate + provide access to data + vehicle.
6.3 Data Preservation: Vehicle data (system logs, sensor data, decision records) retained for [3 years] for litigation/regulatory review per StVG §63a
6. INSURANCE REQUIREMENTS
6.1 Mandatory Motor Insurance. Per PflVG (German Compulsory Insurance Act):
(a) Minimum coverage: EUR 7.5 million for personal injury, EUR 1.22 million for property damage;
(b) Operator must maintain valid motor vehicle liability insurance;
(c) Insurance must cover autonomous driving operations within approved ODD.
6.2 Product Liability Insurance. Developer shall maintain:
(a) Product liability insurance with minimum coverage of EUR
[20,000,000] per occurrence, EUR
[50,000,000] aggregate per year per
ProdHaftG;
(b) Cyber liability insurance (hacking, unauthorized access) minimum EUR
[5,000,000]
(c) Recall insurance if system must be remotely disabled/updated
(d) All policies include waiver of subrogation (insurers cannot sue other parties)
(b) Coverage for AI system defects and failures;
(c) Coverage for cybersecurity incidents causing harm.
6.3 Cyber Insurance. Developer shall maintain:
(a) Cyber liability insurance with minimum coverage of EUR [10,000,000];
(b) Coverage for data breaches, ransomware, and malicious attacks;
(c) Coverage for third-party claims arising from cyber incidents.
7. INCIDENT REPORTING AND INVESTIGATION
7.1 Immediate Notification. Operator shall notify Developer within [24] hours of:
(a) Any accident involving the AV, regardless of severity;
(b) Any near-miss events;
(c) System malfunctions or unexpected behaviors;
(d) Cybersecurity incidents or suspected breaches; and
(e) Third-party claims or regulatory inquiries.
7.2 Serious Incident Reporting (EU AI Act Article 73). Developer shall report to the national market surveillance authority within:
(a)
72 hours: Serious incidents causing death, serious damage to health, property, or environment;
(b)
15 days: Initial analysis and corrective measures; and
(c)
Ongoing: Updates as investigation progresses.
German authority:
Bundesamt fuer Wirtschaft und Ausfuhrkontrolle (BAFA)
7.3 NHTSA Reporting (US Operations). For US operations, per NHTSA Standing General Order 2021-01:
(a) Report crashes involving ADS-equipped vehicles within 1 day of awareness;
(b) Monthly submissions for less severe incidents;
(c) Include information per specified data elements.
7.4 Data Preservation. Upon any incident:
(a) Operator shall preserve all recorded data from the AV;
(b) Developer shall preserve all relevant logs, telemetry, and software versions;
(c) Neither party shall alter, delete, or destroy evidence; and
(d) Data shall be retained for minimum [10] years or as required by law.
7.5 Joint Investigation. Following a serious incident:
(a) Parties shall jointly investigate the root cause;
(b) Developer shall provide technical expertise and data analysis;
(c) Investigation report shall be completed within [30] days; and
(d) Corrective measures shall be implemented without undue delay.
8. SOFTWARE UPDATES AND MAINTENANCE
8.1 Developer Obligations. Developer shall:
(a) Provide security patches within [72] hours of critical vulnerability discovery;
(b) Provide functional updates at least [quarterly];
(c) Provide ODD expansions as validated and approved; and
(d) Maintain support for the AV system for minimum [10] years from deployment.
8.2 Operator Obligations. Operator shall:
(a) Install critical security updates within [48] hours;
(b) Install other updates within [30] days;
(c) Not operate the AV with outdated critical software; and
(d) Maintain connectivity for over-the-air updates.
8.3 Update Notification. Developer shall provide:
(a) [7] days advance notice for planned updates;
(b) Clear documentation of changes and impacts;
(c) Rollback capability for non-critical updates; and
(d) 24/7 support during critical update deployments.
9. OPERATIONAL DESIGN DOMAIN
9.1 ODD Specification. The AV is approved for operation within the following ODD:
| Parameter | Specification |
|---|
| Road Types | [Highways, urban streets, etc.] |
| Geographic Area | [Specific regions/countries] |
| Speed Limits | Max [X] km/h |
| Weather Conditions | [Clear, light rain, etc. - NOT heavy rain, snow, ice] |
| Lighting Conditions | [Daylight, night with street lighting] |
| Traffic Conditions | [Normal traffic density] |
| SAE Automation Level | Level [3/4/5] |
9.2 ODD Monitoring. The AV system shall:
(a) Continuously monitor ODD compliance;
(b) Alert the operator when approaching ODD boundaries;
(c) Request takeover when ODD conditions are no longer met; and
(d) Achieve Minimum Risk Condition if takeover is not performed.
9.3 ODD Violations. Operation outside the ODD:
(a) Voids all Developer warranties and liability protections;
(b) Transfers full liability to Operator;
(c) May void insurance coverage; and
(d) May violate regulatory approvals and result in penalties.
10. TERM AND TERMINATION
10.1 Term. This Agreement commences on the Effective Date and continues for [5] years, automatically renewing for successive [1]-year terms unless terminated.
10.2 Termination for Cause. Either party may terminate upon [30] days' written notice if:
(a) Material breach not cured within the notice period;
(b) Regulatory action prohibits continued operation; or
(c) The other party becomes insolvent.
10.3 Effect of Termination. Upon termination:
(a) Operator shall cease AV operations in autonomous mode;
(b) Developer shall provide transition support for [90] days;
(c) Data retention obligations continue as specified; and
(d) Liability provisions survive for claims arising during the term.
11. GOVERNING LAW AND DISPUTE RESOLUTION
11.1 Governing Law. This Agreement shall be governed by the laws of [Germany]. EU AI Act requirements apply to all EU operations.
11.2 Dispute Resolution.
[ ] Arbitration under
DIS Rules in
[Munich/Berlin]
[ ] Exclusive jurisdiction of courts in
[City]
SIGNATURES
DEVELOPER:
[Developer Name]
By: [Name]
Title: [Title]
Date: [Date]
OPERATOR:
[Operator Name]
By: [Name]
Title: [Title]
Date: [Date]
LEGAL DISCLAIMER / RECHTLICHER HINWEIS
TEMPLATE - NOT LEGAL ADVICE: This Autonomous Vehicle Agreement is a template for educational purposes. AV regulations are rapidly evolving. Consult specialized automotive and AI law counsel.
VORLAGE - KEINE RECHTSBERATUNG: Diese Vereinbarung fuer autonome Fahrzeuge ist eine Vorlage zu Bildungszwecken. AV-Vorschriften entwickeln sich schnell. Konsultieren Sie spezialisierte Automobil- und KI-Rechtsanwaelte.
References: EU AI Act 2024 | StVG | NHTSA | ProdHaftG