At the informal opening of its 25th session — held 18–22 May 2026 at the ICAO headquarters in Montréal — the UNECE Working Party on Automated/Autonomous and Connected Vehicles (GRVA) worked to lock down the data-recording provisions of the first global rulebook for self-driving cars. The centerpiece is mundane in name and consequential in effect: a Data Storage System for Automated Driving (DSSAD), a standardized "black box" that timestamps a single, much-litigated question — was the human or the machine in control? The draft UN Regulation and its companion Global Technical Regulation (GTR) go to a formal adoption vote at the 199th session of the World Forum for Harmonization of Vehicle Regulations (WP.29) on 23–26 June 2026.
What DSSAD actually does
The DSSAD is not a novelty invented for this regulation. UNECE first required it for Level 3 traffic-jam systems under UN Regulation No. 157 on Automated Lane Keeping Systems. Its job, in UNECE's own framing, is to give "a clear picture of the significant interactions between the driver and the ADS" — recording who was requested to drive, who was actually driving, and whether the system issued a transition demand asking the human to retake the wheel. The new draft extends that logic from narrow lane-keeping to the full sweep of Level 3-to-Level 5 automation that GRVA adopted in draft form at its 19–23 January 2026 meeting and recommended onward to WP.29.
The case for it is strong — state it plainly
Before arguing about how to regulate, it is worth conceding why this mandate is justified. After every serious autonomous-vehicle incident of the past decade, the first forensic question has been the same: who was driving? Without a tamper-resistant, standardized record, that question collapses into a he-said/she-said among manufacturer, owner, and investigator — with the party holding the data setting the terms. A harmonized black box resolves liability disputes, enables independent crash investigation, and, critically for an industry that lives or dies on public trust, lets regulators verify safety claims rather than accept them on faith. GRVA's leadership has framed the project as proof that "safety, innovation and public trust can advance together." On the evidence, that is not spin.
Why this is proportionate, not precautionary
What distinguishes this regulation from heavier-handed alternatives is its architecture. It is outcome-based rather than design-prescriptive: instead of dictating sensors or lines of code, it requires manufacturers to demonstrate, through a documented "safety case" of claims, arguments, and evidence, that their system is "free from unreasonable safety risk" and performs "at least at the level of a competent and careful human driver." A certified safety-management system and in-service monitoring backstop that demonstration across the vehicle's lifecycle.
DSSAD fits the same philosophy because it is event-scoped. It logs safety-relevant transitions, activations, and takeover requests — not a continuous GPS-and-camera record of everywhere the car has been. That distinction is the whole ballgame. A device that records control state is an accountability tool; one that records everything is a surveillance tool. The drafters, so far, have chosen the former, and that choice is what makes the mandate defensible on pro-innovation, pro-privacy grounds rather than in spite of them. Harmonization compounds the benefit: a single global format spares developers from re-engineering their data systems for fifty national regimes — the economies-of-scale argument UNECE has used to justify the World Forum's work for decades.
The unfinished business: access and fragmentation
Two risks deserve scrutiny before June. The first is data governance — the thinnest part of the package. A standardized record is only proportionate if access to it is proportionate too. Who may pull DSSAD data: police without a warrant? insurers as a condition of coverage? the manufacturer, silently, over the air? How long is it retained, and can the owner ever see it? Much of this sits in the accompanying Guidance and Interpretation Document still being negotiated; open items including DSSAD were flagged at GRVA's February 2026 workshop in Shanghai. An event-scoped recorder can still become a privacy problem if its outputs flow freely to anyone who asks. The recording rules are nearly done; the access rules cannot be an afterthought.
The second risk is structural. The UN Regulation rides on the 1958 Agreement — binding, with mutual recognition among parties such as the EU, Japan, and South Korea, which are expected to fold it into type approval. The GTR rides on the 1998 Agreement — a non-binding template that the United States, China, and others may adopt at their discretion. The US still leans on manufacturer self-certification and has no federal ADS rule; legislation such as the SELF DRIVE Act (H.R. 7390) remains unsettled, as Sidley's analysis notes. The danger is a split world: type-approval markets converging on the UN black box while the largest AV testbed runs on a different, voluntary standard. Harmonization that stops at the Atlantic is only half a win.
What to watch in June
None of this argues against adoption. A common, event-scoped, outcome-based safety record is exactly the light-touch interoperability that lets AV developers scale across borders instead of rebuilding for every jurisdiction. The WP.29 vote should pass, and on the merits it deserves to. What will decide whether DSSAD becomes trusted infrastructure or a quiet surveillance default is the governance fine print: tight access controls, clear retention limits, owner visibility, and enough US engagement to keep the standard genuinely global. Get the black box's access rules as right as its recording rules, and the UN will have shown that vehicle-automation policy can be proportionate and global at once.