Maritime-related technologies are advancing much more quickly than are the regulatory regimes, and regulatory certainty will be necessary before sufficient investor confidence is in place to justify the massive investments required to help maritime investor economy reach its potential.

Autonomous vessels are already a reality by there is long road before us to come the days which they will be common way to use in transportation. Before that there are so many unans­wered questions from regulatory pers­pective. For example, who will be the responsible from the possible harm of the Cargo or injury of the crew or pas­senger? What kind of differences will occur in insurance systems (collision and pollution liability, salvage, limitation of liability and allocation of risk betwe­en carrier and cargo interests)? And of course, the insurance clauses will be including the cyber-attack clause?

Autonomous ocean exploration is already a reality. Marine autonomous surface ships (“MASS”), and autono­mous underwater vehicles (“AUVs) are already in use. The development of large autonomous merchant vessels, also known as MASS, has progressed at a significant pace with new vessels entering operation every year. Almost every maritime nation is engaged in developing autonomous vessel technologies, and several countries have designated parts of their national waters as test sites for MASS.

In its work on the issue of autono­mous shipping, the International Mariti­me Organization (‘IMO’) divided the operation of autonomous ships into four degrees. Some seaworthiness-re­lated issues, such as survey, manning, crew competence, on-board system, and legal liabilities, will be analyzed along with the framework of these four degrees of autonomous ships.

Automated ships can be divided into two groups: MASS and unman­ned surface vehicle (USV). Moreover, if we differentiate MASS by control level and legal regulation, we can group them into four classes: Autonomy Assisted Bridge (AAB), Periodically Unmanned Bridge (PUB), Periodically Unmanned Ship (PUS) and Continuo­usly Unmanned Ships (CUS). Benefit of autonomous ships is elimination of human errors as a cause of accidents, and to obtain faster, safer, more pre­cise, productive and cheaper ship’s operation In the research conducted in 2018 within the framework of the MUNIN project, three issues were highlighted for the future design of autonomous ships:

• New hull design (no crew onbo­ard means no need for habitat, toilet, resting, etc.)

• Introduction of new fuel types (LNG as a thrust fuel)

• Alternative modes of operation (more ships in convoys)

MASS are unmanned ships capable of sailing the ocean either autonomously or controlled remotely. Similarly, AUVs are robotic vehicles that drift, drive, or glide through the marine landscape without real-time control by human operators. This disruptive technology is already in use by companies and researchers of co­ast delivering commercial and ocean science benefits.

Regulatory Developments Made by the International Maritime Organization

Cyber-attacks are a real threat to the maritime industry. More and more security breaches are reported. The sa­fety of vessel operations is constantly at risk. Crews, passengers and the environment are put in danger.

In one hand digitalization and connectivity open up new opportuni­ties. But on the other hand, they also introduced unknown risks. Cyber resi­lience indicates the robustness of our information technology or operational systems. It is needed to enable com­panies to safely reap the benefits of interconnected, automated and digital ship and offshore operations.

The International Maritime Organi­zation (the “IMO”), a specialized agency of the United Nations, is responsible improving the safety and security of international shipping and preventing pollution from ships. In June 2017 the International Maritime Organizati­on (IMO) published Resolution MSC 428/98 Cyber Risk Management in Safety Management Systems, which mandated that “cyber risks are approp­riately addressed in safety manage­ment systems no later than the first annual verification of the Document of Compliance after 1 January 2021”. Most owners will consequently soon face a legal obligation to include cyber risk preparedness in their ISM proce­dures and documentation¹.

In 2021, the Maritime Safety Committee of the IMO (the “Commit­tee”) completed a regulatory scoping exercise on MASS with the goal of assessing existing IMO instruments to see how they might apply to ships with varying degrees of automation. The scoping exercise identified a number of high-priority issues that will need to be addressed involving, among other things:

The development of MASS ter­minology and definitions, including the meaning of the term “master”, “crew”, and “responsible person”; and addressing the functional and opera­tional requirements of remote-control stations or centers and the possible designation of a remote operator as seafarer.

The Committee suggested that the best way forward would preferably be to develop a “goal-based MASS instrument” or “MASS Code”, outlining the goal(s), functional requirements, and corresponding regulations. The Committee invited IMO Member States to submit proposals to a future session of the MSC.

Notably, in June of 2019 the Committee approved certain Interim Guidelines for Maritime Autonomous Surface Ships Trials. Among other things, the guidelines suggest that trials be conducted in a manner that provides at least the same degree of safety, security and protection of the environment as provided by the rele­vant instruments governing traditional vessels. BIMCO has co-sponsored a submission to MSC 101 in June 2019 on Interim guidelines on Marine Automated Surface Ships (MASS) trials together with Finland, Norway, Japan, Republic of Korea, Singapore and United Arab Emirates.

The owner/ operator/ industry of the vessel is responsible for conducting a thorough risk assessment, and for addressing any of the risks associated with their particular trial. The owner/ operator of the vessel is best placed to assess the risk and put in place relevant risk controls. Risk assess­ments should be comprehensive and address all risk associated with the trial, including any risk that the vessels present to the presence of other ves­sels, people, and the protection of the environment. And competent persons should carry out the risk assessment. Owner/Operator should be respon­sible for implementation of agreed risk controls²:

Risk analysis: What can go wrong and how to fix it. HazId, HazOp etc. See risk analysis checklist.

- Probability of consequence – need for mitigation.

- Alternatives are needed to comply with prescriptive mandated regulations.

- Assist in determining equivalent means of compliance through mitigati­on techniques.

and Mitigation with these steps:

- Avoidance

- Additional physical barriers (re­dundancy, additional systems)

- Human barriers

- Operational barriers

- Minimum risk condition

- Recovery

International and national regulations are entering into the force. As well as the IMO regulations on cyber security, there are a range of regulations on national and regional level. In addition to this further requirement that relate cyber security and data privacy, such as the EU GDPR. This means you should en­sure up to date on specific national and regional requirements relevant for you.

Furthermore, there are commercial requirements which are important to follow to reduce financial risk and en­sure you stay attractive for charterers.

Cyber Security Clause in Contracts

The inherent risk with increased automation is the increased exposure for vessels to cyber risk and hijackers. Incidents such as CMA CGM’s 2nd cyber-attack in September 2021, which saw the leak of a host of cus­tomer data and the threat of releasing a whole database, has highlighted the increased targeting of the shipping in­dustry by cyber attackers³. This is the fourth of the world’s major shipping liners to fall victim to a cyber-attack:

• In 2017 APM-Maersk was hit by NotPetya cyber-attack causing losses of c.£300 million

• In 2018 COSCO was targeted by a ransomware attack shutting down many of its communication systems

• In 2020 Mediterranean Shipping Company was hit by malware causing an outage at its Geneva HQ

• In 2020 CMA CGM was hit by a ransomware attack⁴.

BIMCO published a Cyber Security Clause 2019 in June 2019 for inclusion in a variety of marine contracts. The sec­tion divides the parties’ individual cyber security obligations under the contract, as well as the actions each must take in the event of a breach. It is written in broad terms to make it easier to incor­porate into charterparties and chains of charterparties on a back-to-back basis, ensuring that all parties to a voyage are bound by the same cyber duties.

Poor cyber security is often due to a lack of awareness of the risks. The BIMCO Cyber Security Clause fulfils three important functions: The first is to raise awareness of the risk; the second is to provide a mechanism for ensuring that the parties have in place proce­dures and systems to help minimize the risk of a cyber incident happening in the first place; and the third is to ensure that the parties mitigate and resolve the effects of an incident when it occurs, while also cooperating to assist each other.

Cyber insurance is becoming increasingly specialized, and underw­riters are expecting greater (and clear) evidence that shipowners are investing in and deploying cyber security proces­ses and technology before agreeing to give any cyber risk coverage.

Responding to these problems and defending marine assets from rising threats would necessitate investments in secure architectures and protective technologies, as well as the knowledge needed to integrate new systems and teach management and employees who are unfamiliar with cyber risk defense. Elevating cyber to a higher priority alongside safety is thus a critical step for the shipping industry, and the challenge now will be to strike the correct cost-benefit balance.

The first cyber-specific task allocati­on clause is the BIMCO clause. It’s unclear whether the industry will adopt it, but it’s an important step toward ensuring that shipowners understand their operating obligations in the case of a cyber-attack.

Insurance

The maritime insurance market prone to exclude the H&M underwri­ters generally exclude both war and cyber risks; Cyber underwriters and P&I Clubs exclude war risks; and War underwriters exclude cyber risks (with a few limited exceptions) when providing products to vessels. However, some companies have begun plugging the gap for malicious cyber-attacks thro­ugh risk management-based solutions and loss prevention. Recognizing that the existing insurance market does not meet the needs of maritime businesses subject to cyber threats.

It is important to verify the insu­rance of your ships because there is a high probability that cyber security consequences will not be covered by your current insurance deals. There are basically two types of cyber threats: intentional and unintentional. Intenti­onal: hacking or malicious software, known as malware. These may be performed by malicious hackers or disgruntled employees. Unintentional cyber incidents can be the result of operator misuse or design flaws. These include poor software maintenance, software bugs due to lack of testing, or inappropriate user permissions. There are also risks related to unintentional human mistakes. Effective cyber risk management should consider all the relevant threats.

First, a threshold question arises regarding a shipowner’s potential legal liability in situations where, for example, an autonomous vessel is navigated from ashore and a collision or groun­ding occurs as a result of a software problem caused by a third party – such as the automation system’s manu­facturer or installer, or the internet provider. In reality, this isn’t all that dissimilar from the legal issues that can develop in a traditional setting. In such a circumstance, the general question is whether the shipowner can avoid liability due to the negligence of the software system’s installer or installati­on, or a third-party supplier⁵.

In the context of the Hague Rules, this in turn will focus on the scope of the obligation of due diligence to make the ship seaworthy before and at the beginning of the voyage under Art III.1; and the various defenses which may be available under Art IV.2 including, of co­urse, sub-paragraph (p) – “latent defect not discoverable by due diligence”⁶.

However, as automation systems become more complex, one may assume that the question of rights of recourse will also become increasingly significant and complex.

P&I Cover for Autonomous Vessels

Around 47 per cent of the claims the Club deals with involve some degree of human error. Elimination of many of the key factors that contribute to human error (shift work, difficult sea conditions, fatigue and so on) should therefore lead to a reduction in claims for both remotely operated and autono­mous vessels. This has the potential to cause a significant decrease in naviga­tional and other operational claims. The Club presently handles over 850 claims per year relating to crew for matters such as injury, death and repatriation, such claims represent 34 per cent of the Club’s claims expenditure. The elimination of such risks would be of obvious benefit to those working in the maritime industry, as well as to vessel owners and operators⁷.

The operation of unmanned vessels is not without some risks. Owners of unmanned vessels may be more susceptible to piracy, as computer hackers can take control of vessels with no-one on board to manually override the hacker’s control. The maritime IT sector has a very important role to play in mitigating this risk, but as recent high-profile incidents involving IT security breaches have shown, the risk cannot be eliminated completely.

Autonomous Vessels

Yara Birkeland, Norway: Yara Birkeland will be the world’s first fully electric and autonomous container vessel with zero emissions. On 18 November 2021, the Yara Birkeland completed its long-awaited maiden vo­yage from Horten to Oslo. The vessel is expected to commence commer­cial operations in 2022, transporting mineral fertilizer between Porsgrunn and Brevik. According to Yara, it will cut 1,000 tons of CO2 emissions and will replace the need for 40,000 trips by diesel-powered trucks that were previously used to transport fertilizer.

Madfox, UK: The UK’s Royal Navy, which was delivered in March 2021, launched a missile from its auto­nomous boat MADFOX during NATO’s biggest autonomous war games.

China celebrated the opening of its Hong Kong-Zhuhai-Macao Bridge by holding the largest cooperative unman­ned boat manoeuvre in history using 81 boats. The video clip released by Chinese state media shows A Chinese manufacturer conducted a collaborati­ve test with 56 unmanned vessels near the Wanshan islands south of Hong Kong, showing the potential of unman­ned vehicles for naval operations, in February 2021.

In April 2021, Turkey’s ARES Ship­yard and Meteksan Defense launched its first Armed Unmanned Surface Vehicle (AUSV) prototype vessel “ULAQ AUSV”. The AUSV has an encrypted communication infrastructure, which may be operated from mobile vehicles or sea platforms. Along with missile capability, the AUSV will be equip­ped with various intelligence systems (e.g. jamming and electronic warfare systems) and will be used for operati­ons such as mine counter measures and search and rescue missions

Although the pioneer work has been primarily in the military field, there is no doubt that the technology will soon be introduced for use in ordinary cargo ships.

Controversial Points:

Nowadays, with the acceleration of technological developments in the IT sector, artificial intelligence, as it does every sector, now occupies an important place in the maritime sector.

Artificial Intelligence, will be more advanced since it will be able to learn new information through machine learning and execute jobs in the same way that people do. There is currently no definitive answer as to how Artificial Intelligence can be appraised under any legal theory, but its sophisticated nature would surely raise new con­cerns when the seaworthiness doctrine is applied to degree four autonomous ships.

If an AI program is a black box, it will make predictions and judgments in the same way that people do, but without being able to explain why. Knowing the AI’s mind process may be similar to understanding another highly intelligent species because the AI’s thought process may be based on patterns that we as humans are unable to discern⁸.

Because there is no way to judge whether the algorithms are suited for the voyage, this black box dilemma may represent a new challenge in de­termining whether a degree four auto­nomous ship is seaworthy. In addition, the Insurance Act 2015 (UK) made a revision to the breach of insurance guarantee, suspending the insurer’s liability until the assured corrects the breach. Because the algorithms are not readable, it will be difficult for judges to establish when the breach is being addressed because of the black-box feature⁹.

Since the eighteenth century, the classical principle of seaworthiness has proven to be effective. However, as technology advances and autono­mous ships become more common, new legal challenges arise, and the current seaworthiness doctrine does not appear to be adequate to meet the issues. In this regard, the authors believe that the doctrine of seaworthi­ness for the operation of autonomous ships needs to be reformulated. The old concept of seaworthiness still app­lies to human-crewed ships, both con­ventional and semi-automated ships, to assess the competency of the crew members and the vessel. Despite the lack of a definitive solution as to how Artificial Intelligence should be consi­dered under the law, it is claimed that the doctrine of seaworthiness should still apply to fully automated ships. He straightforward approach will be to require judges to examine the algo­rithms behind Artificial Intelligence to determine whether Artificial Intelligen­ce is fit for the voyage. Shipowners may be held accountable for failing to use proper algorithms owing to a lack of due diligence. However, the black box characteristics, which will inevitably make it difficult for judges to scrutinize the algorithm, will be a significant impediment. As a result, for fully automated ships, it is vital to ensure that the law mandates Artificial Intelligence to be developed by trans­parent and explainable algorithms. Due to these features, the fourth stage will add a new breath to the discus­sion of Responsibility and judgment processes.

The issue is that the current regu­lation on seaworthiness is intended to hold humans, not computers, accoun­table. There is no definitive answer as to who will be held accountable if the ‘Fully autonomous ship’ causes a loss. First, a threshold question arises regar­ding a shipowner’s potential legal liabi­lity in situations where, for example, an autonomous vessel is navigated from ashore and a collision or grounding occurs as a result of a software prob­lem caused by a third party – such as the automation system’s manufacturer or installer, or the internet provider. In reality, this isn’t all that dissimilar from the legal issues that can develop in a traditional setting. In this scenario, a broad question emerges. In such case, the broad question arises whether the shipowner can avoid liability because of the fault of the manufacturer or installer of the software system or the third-party provider¹⁰.

To sum up,

It seems that there is a long and uncertain road ahead of us, especially in terms of regulations. First, it will be necessary to identify possible problems and make framework arrangements in this direction. As lawyers, we will con­tinue to follow the developments with great curiosity and interest and contri­bute to the sector and its stakeholders as important actors of the sector.

1- https://www.westpandi.com/publications/news/archive/cyber-security-bimco-cyber-clause/

2- MSC 101-INF17 Draft Interim guidelines for MASS trials.pdf

3- https://lloydslist.maritimeintelligence.informa.com/LL1138249/CMA-CGM-confirms-data-leak-after-cyber-attack

4- https://www.hfw.com/Autonomous-Ships-Known-Knowns-and-Known-Unknowns-Jan-2022

5- Sir Bernard Eder, ‘Unmanned vessel: challenges ahead’ (2018) Lloyd’s Maritime and Commercial Law Quarterly 47, 51-52.

6- P.11

7- https://www.shipownersclub.com/pi-cover-autonomous-vessels/

8- Yavar Bathace, ‘The Artificial Intelligence: black box and the failure of causation and intent’ (2018) 31 Harvard Journal of Law and Technology 889, 893.

9- SEAWORTHINESS AND AUTONOMOUS SHIPS: LEGAL IMPLICATIONS IN THE 21ST CENTURY Dr Lok Kan So and Dr Poomintr Sooksripaisarnkit p.28-29.

10- Sir Bernard Eder, ‘Unmanned vessel: challenges ahead’ (2018) Lloyd’s Maritime and Commercial Law Quarterly 47, 51-52.

Not: Bu yazı Deniz Endüstri dergimizin Posidonia 2022 özel sayısında yayımlanmıştır.