Cybersecurity regulatory challenges for connected and automated vehicles – State-of-the-art and future directions.

The technological advancements of Connected and Automated Vehicles (CAVs) are outpacing the current regulatory regime, potentially resulting in a disconnect between legislators, technology, and CAV stakeholders. Although many studies explore the regulatory requirements of operations of CAVs, studies on regulatory challenges specific to the cybersecurity of CAVs are also emerging and receiving lots of attention among researchers and practitioners. However, studies providing an up-to-date synthesis and analysis on CAVs regulatory requirements specific to cyber-risk reduction or mitigation are almost non-existent in the literature. This study aims to overcome this limitation by presenting a comprehensive overview of the role of key Intelligent Transportation Systems (ITS) stakeholders in CAV's cybersecurity. These stakeholders include road operators, service providers, automakers, consumers, repairers, and the general public. The outcome of this review is an in-depth synthesis of CAV-based ITS stakeholders by visualising their scope in developing a Cybersecurity Regulatory Framework (CRF). The study demonstrated the compliance requirements for ITS communication service providers, regulatory standards for CAVs automakers, policy readiness for CAVs customers and the general public who interact with CAVs, and the role of the CAVs Network Operator Centre in regulating CAVs data flow. Moreover, the study illuminates several critical pathways necessary in future for synthesizing and forecasting the legal landscape of CAV-based transportation systems to integrate the regulatory framework for CAV stakeholders. The paper's findings and conclusions would assist policymakers in developing a comprehensive CRF. CAV Cybersecurity Regulation, Stakeholder Roles, and Conceptualization of CAVs (traffic laws) breaches. [Display omitted] • The study offers a comprehensive overview of CAV Cybersecurity's Regulatory Framework. • Considers road operators, service providers, automakers, consumers, repairers and the public. • Emphasizes automaker regulatory requisites for cyber-safe CAV operation. • Proposes CAVs Network Operation Centre to regulate data flow. • Advocates eSafety Traffic Unit for regulating CAV operations. [ABSTRACT FROM AUTHOR]