Europe AI & Data Rules Hub
< All Topics
Print

Autonomous Robots in Public Spaces: What’s Allowed Where (EU/US/UK/China/UAE/Singapore)

Posted
ByIuliia Gorshkova

Deploying autonomous robots in public spaces presents a complex intersection of engineering ambition, public policy, and legal liability. For professionals navigating this landscape, the regulatory environment is not a single monolith but a fragmented mosaic of EU-level frameworks, national transpositions, and local municipal governance. The operational reality for a delivery droid in Paris differs significantly from one in Singapore or Phoenix. This analysis dissects the current regulatory posture for autonomous service, delivery, and security robots across the European Union, the United States, the United Kingdom, China, the United Arab Emirates, and Singapore. It focuses on the practicalities of permits, safety validation, liability attribution, data privacy, and the critical role of local authorities in enabling or restricting deployment.

The European Union: A Framework of Risk and Fundamental Rights

The European Union approaches autonomous robotics through a dual lens: product safety and fundamental rights protection. While the EU AI Act establishes a horizontal regulatory framework for artificial intelligence, the deployment of physical robots in public spaces involves overlapping regulations concerning machinery, cybersecurity, and data protection.

The EU AI Act and the Definition of High-Risk Systems

Under the EU AI Act, autonomous robots operating in dynamic public environments are almost invariably classified as High-Risk AI Systems (Annex III). This classification triggers a cascade of obligations: risk management systems, data governance, technical documentation, record-keeping, transparency, human oversight, and accuracy, robustness, and cybersecurity.

Crucially, the AI Act does not replace the Machinery Regulation (EU) 2023/1230. A robot must satisfy both. The Machinery Regulation requires that the machine be designed to be safe, incorporating safety features that do not depend on control systems. However, when the machine’s safety relies on AI-based perception (e.g., obstacle avoidance), the AI Act’s requirements for robustness and training data quality become relevant to the CE marking process.

Under the AI Act, an autonomous mobile robot used for security or surveillance is considered high-risk if it is used for critical infrastructure, safety components, or employment purposes. A delivery robot, while potentially high-risk due to its interaction with people, might fall under a lower risk category if its decision-making capabilities are limited, though this remains a subject of regulatory interpretation.

Liability: The Product Liability Directive and AI Liability

Liability for damages caused by autonomous robots in the EU is shifting. The revised Product Liability Directive (PLD) (Directive (EU) 2024/… ) expands the definition of “product” to include software and AI systems. It introduces a presumption of defectiveness if the defendant fails to disclose relevant evidence or if the lack of explainability (the “black box” nature) makes it impossible to prove the defect.

Furthermore, the AI Liability Directive (proposed) aims to harmonize rules for non-contractual damage caused by AI. It introduces a rebuttable presumption of causality and fault if a claimant can show that an output of the AI system caused the damage and that the defendant failed to meet specific obligations (e.g., risk management).

Data Protection and GDPR

Robots equipped with cameras, LIDAR, or microphones process personal data. In public spaces, this is highly sensitive. The General Data Protection Regulation (GDPR) applies extraterritorially. Operators must identify a lawful basis for processing (often legitimate interest, but this is difficult to sustain for indiscriminate scanning). Data Protection by Design is mandatory; this implies anonymization or pseudonymization of data at the source. In Germany, the Federal Data Protection Act (BDSG) imposes strict conditions on video surveillance, often requiring a specific legal basis beyond GDPR for public deployments.

Local Governance: The “Sandbox” Approach

Despite EU frameworks, deployment is often decided at the municipal level. Cities like Helsinki and Tallinn have established “living labs” where robots can be tested on sidewalks with negotiated agreements rather than strict permits. Conversely, Paris has historically been restrictive regarding sidewalk robots, citing pedestrian safety and clutter, though specific zones for experimentation exist.

The United States: A Patchwork of State and Local Laws

The US lacks a federal horizontal AI law. Regulation is driven by state traffic codes and local municipal ordinances, creating a highly fragmented market.

State-Level Legislation and Safety Standards

Several states have enacted specific legislation for autonomous devices. Virginia (HB 2125) established safety standards for delivery robots, requiring them to travel at pedestrian speeds (max 10 mph) and have a human operator available for remote monitoring. Florida and Texas have laws explicitly allowing autonomous delivery devices on sidewalks and crosswalks, preempting local bans to some extent.

However, the “California Approach” is distinct. The California Department of Motor Vehicles (DMV) regulates autonomous vehicles, but sidewalk robots fall under the jurisdiction of the Department of Transportation or local police. San Francisco has been a battleground, initially restricting sidewalk delivery robots to specific zones before expanding permissions.

Liability and Tort Law

Liability in the US is primarily governed by state tort law (negligence). There is no strict liability regime for AI or robotics specifically, though product liability laws apply. The “foreseeability” of harm is a key legal test. If a robot deviates from its programmed path due to a sensor failure, the manufacturer and operator face scrutiny under negligence and product defect theories.

The National Highway Traffic Safety Administration (NHTSA) has issued Standing General Orders for autonomous vehicles, requiring crash reporting. While not directly applicable to sidewalk robots, this signals a federal trend toward strict incident reporting that may eventually extend to other autonomous systems.

Local Governance: The Permitting Quagmire

Local governance is the primary bottleneck. In cities like San Francisco or San Jose, operators must obtain permits from the Public Works Department and the Police Department. These permits often require proof of insurance, safety plans, and community impact assessments. Enforcement is often complaint-driven.

The United Kingdom: Common Law Adaptation

The UK has taken a pragmatic, common-law approach post-Brexit, diverging slightly from the EU by focusing on “pro-innovation” regulation.

The Automated Vehicles Bill and Product Safety

The Automated Vehicles Bill (currently progressing) aims to establish a safety assurance framework for self-driving vehicles. While focused on cars, the principles of “self-driving” (where the system is responsible for the driving task) may inform the regulation of autonomous service robots. The UK Product Safety and Metrology Bill will update regulations to cover new technologies like AI.

The UK government has signaled that it will not implement a horizontal AI Act similar to the EU’s, preferring sector-specific regulation. This means liability for robots will be determined by existing consumer protection and product safety laws, supplemented by new codes of practice.

Data and Surveillance

The UK’s Information Commissioner’s Office (ICO) is strict regarding surveillance and data collection. The use of robots for security or monitoring in public spaces falls under the Surveillance Camera Code of Practice. Operators must demonstrate that data collection is proportionate and necessary.

Local Governance: Public Spaces Act

Deployment on public highways requires permission from the Highways Agency. On pavements (sidewalks), the Highways Act 1980 prohibits obstructions. Operators must negotiate with local councils. Trials in cities like Milton Keynes have been facilitated by the local council’s desire to position the city as a tech hub, often utilizing “Living Labs” frameworks.

China: State-Led Standardization

China approaches robotics through a top-down, state-led standardization strategy, prioritizing industrial integration and national security.

Standards and Safety Assessment

China has issued the “Robot Application Standardization Guidelines” and specific standards for service robots (e.g., GB/T standards). Deployment in public spaces requires passing rigorous safety assessments by accredited third-party agencies. These assessments cover functional safety, electromagnetic compatibility, and cybersecurity.

For security robots, the Ministry of Public Security imposes strict controls to ensure data sovereignty and prevent unauthorized surveillance capabilities.

Data Security and Localization

The Data Security Law (DSL) and Personal Information Protection Law (PIPL) mandate that data generated in China must be stored locally. Cross-border data transfer is heavily restricted. For robots mapping public spaces or collecting biometric data, this requires on-premise data processing or specific government approvals for data export.

Local Governance: Pilot Zones

Deployment is often restricted to designated “Pilot Zones” or “New Infrastructure” areas. Cities like Shenzhen and Shanghai have specific regulations allowing autonomous delivery robots in certain districts, often integrated with smart city infrastructure (V2X communication). Outside these zones, deployment is effectively banned or requires special military/police approval.

The United Arab Emirates: Regulatory Sandboxes and AI Leadership

The UAE positions itself as a global leader in AI, adopting a flexible, sandbox-based regulatory approach.

Dubai AI Ethics Guidelines and Safety

Dubai’s AI Ethics Guidelines provide a framework for responsible AI use. While not legally binding in the strictest sense, they are mandatory for government entities and strongly encouraged for the private sector. The Dubai Digital Authority oversees data protection and cybersecurity for autonomous systems.

Safety requirements are enforced through the Emirates Authority for Standardization and Metrology (ESMA). Robots must meet specific safety standards to be registered.

Liability and Insurance

The UAE Civil Code governs liability. There is a trend toward requiring comprehensive insurance coverage for autonomous operations. The Dubai Financial Services Authority (DFSA) is developing frameworks for insuring autonomous risks.

Local Governance: The Dubai Sandbox

Dubai has established specific zones, such as the Dubai Design District (d3) and Dubai Silicon Oasis, where autonomous robots can operate with relative freedom. The Roads and Transport Authority (RTA) issues permits for testing and commercial operation. The approach is highly collaborative; operators work directly with regulators to define safety parameters.

Singapore: The Pro-Business Regulator

Singapore is arguably the most permissive and structured environment for autonomous robot deployment, driven by a government-led push for automation.

Regulatory Sandbox and Safety Codes

The Infocomm Media Development Authority (IMDA) and the Land Transport Authority (LTA) manage a Regulatory Sandbox where companies can test autonomous robots with relaxed regulations. The Code of Practice for Service Robots (published by IMDA) provides detailed guidelines on safety, data privacy, and public interaction.

Unlike the EU’s heavy focus on fundamental rights, Singapore’s focus is on public safety and operational efficiency. Data protection is governed by the Personal Data Protection Act (PDPA), which is generally viewed as more business-friendly than GDPR.

Liability and Insurance

Liability is governed by Singaporean tort law. The government encourages the use of indemnity funds and insurance schemes to cover potential damages, reducing the barrier to entry for startups.

Local Governance: National Coordination

Because Singapore is a city-state, governance is centralized. The LTA and Urban Redevelopment Authority (URA) coordinate to designate pathways and zones for robots. This eliminates the friction seen in federal systems. For example, the deployment of delivery robots in Punggol and Tengah (smart towns) is part of a national plan.

Comparative Analysis: Key Divergences

Comparing these jurisdictions reveals distinct philosophies:

  • EU: Rights-centric. High compliance burden (GDPR + AI Act), strict liability presumption, fragmented local implementation.
  • US: Innovation-centric (at state level). Low federal burden, high local friction, liability based on negligence.
  • UK: Pragmatic. Common law adaptation, sector-specific rules, strong regulator guidance (ICO).
  • China: State-centric. Strict data localization, standardization, limited to pilot zones.
  • UAE/Singapore: Sandbox-centric. Government-led facilitation, streamlined permitting, focus on economic growth.

Pilot-to-Commercial Roadmap by Region

Transitioning from a prototype to a commercial fleet requires navigating specific regional pathways.

European Union Roadmap

  1. Phase 1: Conformity Assessment. Engage a Notified Body to assess compliance with the Machinery Regulation and AI Act (if high-risk). Prepare Technical Documentation.
  2. Phase 2: Data Protection Impact Assessment (DPIA). Conduct a DPIA under GDPR. If processing special category data (e.g., biometrics), explicit consent or specific legal authorization is required.
  3. Phase 3: Municipal Negotiation. Approach the local municipality (e.g., the Mayor’s office or Department of Mobility). Propose a “Living Lab” pilot in a low-risk area (e.g., a specific business park or university campus).
  4. Phase 4: Insurance. Secure product liability insurance covering AI failures. The EU is moving toward mandatory insurance for high-risk AI systems.
  5. Phase 5: Commercial Rollout. Expand to adjacent zones based on safety data. Maintain a “Human-in-the-Loop” (HITL) remote monitoring center.

US Roadmap

  1. Phase 1: State Compliance. Verify state laws (e.g., Virginia HB 2125). Register as a business.
  2. Phase 2: Local Permitting. Apply for permits from Public Works and Police in target cities. This is the most time-consuming step.
  3. Phase 3: Liability Shielding. Form an LLC/Corp and secure high-limit general liability and product liability insurance.
  4. Phase 4: Pilot. Operate in a limited capacity (e.g., one university campus or a specific neighborhood) to gather data for the city.
  5. Phase 5: Expansion. Use safety data to lobby for pre-emption of local bans or to secure wider permits.

China Roadmap

  1. Phase 1: Standard Compliance. Test against GB/T standards at a state-accredited lab.
  2. Phase 2: Cybersecurity Review. Under the Cybersecurity Law, ensure data is stored locally and the system is secure.
  3. Phase 3: Pilot Zone Application. Apply to operate within a designated “New Infrastructure” pilot zone (e.g., Shenzhen High-Tech Zone).
  4. Phase 4: Government Partnership. Partner with a state-owned enterprise (SOE) or local government platform to facilitate deployment.

UAE/Singapore Roadmap

  1. Phase 1: Sandbox Application. Apply to the IMDA (Singapore) or Dubai Future Foundation (UAE) sandbox.
  2. Phase 2: Safety Trials. Conduct trials under regulator supervision. Report incidents immediately.
  3. Phase 3: Licensing. Obtain the relevant operating license (e.g., LTA license in Singapore).
  4. Phase 4: Commercial Deployment. Scale operations within the approved zones.

Risk Checklist for Operators

Before deploying any autonomous robot in public spaces, operators must evaluate the following risks. This checklist is designed to be jurisdiction-agnostic but highlights specific regional nuances.

1. Regulatory & Compliance Risk

  • Permitting Gap: Do we have a clear permit from the local municipality, or are we relying on a legal gray area? (High risk in US/UK).
  • Standardization: Have we met the specific technical standards (e.g., EN ISO 13482 for safety requirements)? (Critical in EU/China).
  • AI Act Classification: Have we correctly classified the system as High-Risk? Misclassification can lead to fines up to 7% of global turnover. (EU).

2. Liability & Insurance Risk

  • Defect Definition: Under the new EU PLD, is our software update process rigorous enough to avoid a “defect” finding?
  • Tort Exposure: In the US, does our negligence standard meet the “reasonable care” threshold for the specific city?
  • Coverage Limits: Does our insurance cover “autonomous decision-making errors” or only mechanical failure?

3. Data Privacy & Cybersecurity Risk

  • GDPR/PIPL Compliance: Is data minimized, anonymized, and stored in the correct jurisdiction?
  • Biometric Scanning: Are cameras capable of facial recognition? If so, this triggers the highest level of scrutiny in the EU and China.
  • Hacking Vulnerability: Can the robot be hijacked? This is a safety and national security risk (China/UAE).

4. Public Acceptance & Local Governance Risk

  • <
Table of Contents
Go to Top