Dissecting liabilities in adversarial surgical robot failures : a national (Danish) and EU law perspective

Rosager Ludvigsen, Kaspar and Nagaraja, Shishir (2022) Dissecting liabilities in adversarial surgical robot failures : a national (Danish) and EU law perspective. Computer Law and Security Review, 44. 105656. ISSN 0267-3649 (https://doi.org/10.1016/j.clsr.2022.105656)

[thumbnail of Ludvigsen-Nagaraja-A2020-Dissecting-liabilities-adversarial-surgical-robot-failures-national-Danish-European-law-perspective]
Preview
Text. Filename: Ludvigsen_Nagaraja_A2020_Dissecting_liabilities_adversarial_surgical_robot_failures_national_Danish_European_law_perspective.pdf
Final Published Version
License: Creative Commons Attribution 4.0 logo

Download (1MB)| Preview

Abstract

Over the last decade, surgical robots have risen in prominence and usage. They are not merely tools, but have also become advanced instruments with network connectivity. Connectivity is necessary to accept software updates, accept instructions, and transfer sensory data, but it also exposes the robot to cyberattacks, which can damage the patient or the surgeon. These injuries are normally caused by safety failures, as seen in accidents with industrial robots, but cyberattacks are caused by security failures instead. We create a taxonomy for both types of failures in this paper specifically for surgical robots. These robots are increasingly sold and used in the European Union (EU), hence it is natural to consider how surgical robots are viewed and treated by EU law. Specifically, which rights regulators and manufacturers have under it, and which legal remedies and actions a patient or manufacturer would have in a single national legal system in the union, if injuries were to occur from a security failure caused by an adversary that cannot be unambiguously identified (attribution of cyberattacks is often hard). Given that the Medical Device Regulation (MDR) has only recently entered into force, we also offer some general considerations of the regulation. We find that the selected (Danish) national legal system can adequately deal with attacks on surgical robots, because it can on one hand efficiently compensate the patient, and at the same time protect the patient by not shying away from dealing with the problem concretely. This is because of its flexibility; secondly, a remarkable absence of distinction between safety vs security causes of failure and focusing instead on the detrimental effects, thus benefiting the patient; and third, liability can be removed from the manufacturer by withdrawing its status as party, if the patient chooses a separate public law measure to recover damages. Furthermore, we find that current EU law does consider both security and safety aspects of surgical robots, without it mentioning it through literal wording, but it also adds substantial liabilities and responsibilities to the manufacturers of surgical robots, gives the patient special rights and confers immense powers on the regulators, which can end up affecting any future lawsuits.