Guidance

Self-driving vehicle pilot scheme: information for applicants

Published 31 March 2026

Applies to England, Scotland and Wales

© Crown copyright 2026

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/self-driving-vehicle-pilot-scheme-information-for-applicants/self-driving-vehicle-pilot-scheme-information-for-applicants

Scope of this guidance

The self-driving vehicle piloting scheme enables the use of automated vehicle (AV) technologies without a safety driver on roads in Great Britain. This guidance has been developed to assist the application process and outline the expectations and requirements for pilot deployments.

The piloting process is distinct from the ‘trialling’ of automated vehicle technologies and services with a safety driver, which falls under the code of practice. Trialling of automated vehicle technologies requires a safety driver who is ready, able and willing to resume control of the vehicle.

This guidance does not apply to vehicles that require the use of a safety driver whilst the automated driving system (ADS) is engaged (for either control or for monitoring the vehicle with a view to immediate and safety-critical intervention in the way the vehicle drives).

Certification of pilot deployments requires the assessment of the vehicle, its ADS, its operation and the passenger service, if applicable.

All pilot deployments will need to comply with the requirements outlined in this guidance on:

If a deployment involves passenger services, applicants will also be expected to comply with the requirements in this guidance on automated passenger service (APS) permits.

All pilot deployments will need to comply with all relevant laws, apart from any regulation(s) from which an exemption is granted under a vehicle special order (VSO).

This guidance has been written to account for different operational models, where single or multiple applicants may hold varying roles. The guidance remains subject to change in response to any developments from applications and deployments.

This guidance refers to the UNECE Regulation on Automated Driving Systems (ADS) which has not yet been adopted internationally or by the UK government and is not yet in force. At the time of publication, references to ‘the UN ADS Regulation’ refer to the draft regulation as presented at the 198th session of WP.29 in document WP29-198-09e. The Department for Transport’s position in relation to the ADS regulation may change and this guidance may be updated accordingly.

This guidance refers to the APS permit under Part 5 of the Automated Vehicles Act 2024 (the AV Act). The signing into law of the APS statutory instrument, as consulted on, is intended in spring 2026, subject to consultation analysis and ministerial approval. The remaining provisions of the AV Act are due to come into force in late 2027. As such, APS guidance may be updated as secondary legislation is developed in advance of full implementation.

Consulting affected police forces

When exercising the Secretary of State’s duties under section 87(1) of the Automated Vehicles Act 2024, DVSA, acting on the Secretary of State’s behalf, will support consultation with affected police forces being carried out in a consistent and structured way. This supports a national assessment of policing implications before any APS permit is granted.

Vehicle registration and vehicle approval

Generally, vehicles must be registered to be used on public roads or in public places. This includes automated vehicles (AVs) for pilot deployment. This section describes vehicle registration and possible vehicle approval routes in relation to self-driving.

Vehicle registration 

Vehicle registration records indicate whether the vehicle is capable of self-driving. A vehicle can only be registered as capable of self-driving if it has been listed under the Automated and Electric Vehicles Act 2018. 

See the section of this guidance on vehicle special order (VSO) and vehicle listing for more information.

Once a vehicle has been listed as self-driving, the vehicle registration details can be updated to reflect that it is an AV.

The registered keeper is responsible for notifying the Driver and Vehicle Licensing Agency (DVLA) of a change in registration details.

Vehicle approval

Under normal circumstances registration requires the provision of vehicle-specific evidence, in the form of an approval certificate, to demonstrate compliance with various technical requirements. 

An approval certificate is obtained by undergoing either: 

Vehicle approval routes

Within vehicle type approval and IVA, there are various routes to approval for vehicles seeking pilot deployment, for example, multi-stage approval.

Applicants should contact the Vehicle Certification Agency (VCA) for further information on the appropriate route to obtaining vehicle approval for their deployment.

It is the expectation that novel designs aimed solely for self-driving (for example, vehicles without a driver’s seat and/or manual controls) are unlikely to be approvable under the current routes as the approval regulations are yet to be adapted to account for such designs.   

Vehicle special order (VSO) and vehicle listing

Before applying for a pilot deployment, applicants should consider whether they can comply with the criteria contained in this section. Applications should:

  1. Set out the case for obtaining a vehicle special order (VSO) in respect of the vehicle. A VSO will be needed before the vehicle can be legally used on GB roads if there are certain legal requirements with which it cannot comply.

  2. Set out the case for listing under Section 1 of the Automated and Electric Vehicles Act 2018 (AEVA) by the Secretary of State.

It is expected that for vehicles deployed under the piloting scheme, there will be non-compliance with certain regulations of the Road Vehicles (Construction and Use) Regulations 1986 (C&U).

An expected example of non-compliance is Regulation 107 of C&U - leaving motor vehicles unattended.

To obtain an exemption from this regulation, we expect applicants to meet the exemption requirements outlined in this guidance. A vehicle in respect of which an application successfully demonstrates the requirements for the granting of a VSO will also be considered for listing under the Automated and Electric Vehicles Act 2018.

In addition, if the deployment involves passenger services, we expect an automated passenger service (APS) permit to be applied for.

Separately, for a vehicle to be deployed on GB roads, it must be approved (if applicable) and registered. There are many routes to vehicle approval, and we advise consideration of the most suitable route for vehicles seeking deployment.

A successful application for pilot deployment will result in the granting of a VSO, the listing of the vehicle, and if necessary, the issuing of an APS permit.

Vehicle special order (VSO)

A VSO is a legal order under Section 44 of the Road Traffic Act 1988, issued by the Secretary of State. A VSO allows a vehicle which does not comply with legal requirements, relating to construction, weight, equipment and use, to be used on GB roads. VSOs may be made in respect of vehicles equipped with new or improved equipment, or types of equipment.

Upon a successful application, a VSO will be issued by the Vehicle Certification Agency (VCA), on behalf of the Secretary of State, to grant exemptions from legal requirements that the applicant is not able to comply with. In addition, the VSO will impose specific safety and operational restrictions and conditions, tailored to each deployment.

Vehicle listing

Vehicles will be listed if, in the Secretary of State’s opinion, they:

  • are designed or adapted to be capable, in at least some circumstances or situations, of safely driving themselves
  • may lawfully be used when driving themselves, in at least some circumstances or situations, on roads or other public places in GB

A vehicle is ‘driving itself’ if it is operating in a mode in which it is not being controlled, and does not need to be monitored, by an individual.

As per sections 1(1)(a) and 8(1)(a) of the Automated and Electric Vehicles Act 2018.

Monitoring and control

For the purposes of pilot deployments, we understand that operation may involve some remote assistance to the automated driving system (ADS).

If a deployment requires the use of a safety driver whilst the ADS is engaged - for either control or for monitoring the vehicle - then the application will not be considered suitable for pilot deployments and the information provided in this document is not applicable.

Pre-application engagement

In advance of the submission of any application, we expect there to be significant pre-engagement between potential applicants and the VCA, the Driver and Vehicle Standards Agency (DVSA) and the Centre for Connected and Autonomous Vehicles (CCAV).

As a starting point, this engagement will involve potential applicants answering several questions relating to their intended deployment.

Details shall be provided by the potential applicant on (but not necessarily limited to):

  • vehicle information
  • ADS information
  • vehicle organisations or activities that support vehicle operation
  • commercial deployment plans
  • stakeholder engagement

The intent of this engagement is to support potential applicants in preparation for their potential application.

Application information

An application should contain the following information.

1) A description of the organisation(s) involved in, or responsible for, the pilot deployment, including contact details.

2) A description of the pilot deployment, including the purpose of the pilot deployment, the service(s) offered, the deployment area and key dates associated with the deployment plan.

3) A list and description of the vehicles being deployed, including their make, model, design and any modifications made to the vehicles.

4) A short description of the automated driving system (ADS), including the operational design domain (ODD) of the system.

5) A description of the supporting operations necessary for deployment. This must include consideration of personnel safety, mitigation of insider risk, and the physical security of operations centres. It must also include a description of any remote operations to be undertaken, descriptions of the locations from which they will be undertaken, and descriptions of incident response planning. See the section of this guidance on AV operator physical and personnel security for more information.

6) A description of how vehicles will be maintained and how vehicle checks will be undertaken.

7) Details of the exemptions being sought under the VSO. Use the section of this guidance on exemptions under a VSO to prepare this information, which should include details of your approach to demonstrate compliance.

8) Any other relevant information not listed above.

On submission of the application, a preliminary assessment will be performed to confirm whether the information submitted is complete and satisfactory. Further information may be requested to support the application such as organisation and system capability, which may include a demonstration of ADS performance. This is to help determine that there is sufficient evidence of capability to accept the application and progress with review and assessment of the information as presented below.

Exemptions under a VSO

Generally, when applying for a VSO, the applicant should specify:

  • which specific regulations the vehicles do not comply with
  • why compliance with the regulations is not possible or is impractical in the case of the vehicles
  • what alternative measures have been put in place to ensure the vehicles and their operation remain safe and compliant with relevant legislation

It is expected that for vehicles deployed under the piloting scheme, there will be non-compliance with certain regulations of the Road Vehicles (Construction and Use) Regulations 1986 (C&U).

An expected example of non-compliance is Regulation 107 of C&U - leaving motor vehicles unattended.

To obtain an exemption from this regulation, we expect applicants to meet the requirements outlined in the following tables, specifically on:

  • requirements for vehicles - table 1
  • requirement for the safety case - table 2
  • requirement for the safety management system (SMS) - table 3
  • requirements for the operator - table 4

A vehicle in respect of which an application successfully demonstrates the requirements for the granting of a VSO will also be considered for listing under the Automated and Electric Vehicles Act 2018.

Table 1 - Requirements for vehicles

Vehicles should be equipped with an automated driving system (ADS) which meets the requirements in the following table.

Requirement Assessment
The ADS is free from unreasonable risk arising from malfunctions and insufficiencies in the intended functionality and its safety level is at least the same as (or higher than) a competent and careful human driver. Review of safety case with assessment informed by the UN ADS Regulation and any relevant standards for demonstrating absence of unreasonable risk (for example, ISO 26262 and ISO 21488).
The ADS can perform the entire dynamic driving task (DDT) safely and lawfully, without being controlled or monitored by an individual. Review of safety case with assessment informed by the requirements of Section 6.1. of the UN ADS Regulation.
The ADS is designed for safe interactions between the ADS and its user(s). Review of safety case with assessment informed by the requirements of Section 6.2. of the UN ADS Regulation.
The ADS and any system that interacts with it are protected from cyber threats. Assessment informed by the requirements of UNR155 on cyber security.
The ADS supports safe and secure software updates. Assessment informed by the requirements of UNR156 on software updating.
The ADS is equipped with data recording functionality to monitor the safety performance of the ADS. Assessment informed by the requirements for data storage systems of Section 6.3.1. of the UN ADS Regulation.
Virtual testing used in the development of the ADS shall be suitable for its application. Assessment informed by the requirements of Section 7.2. of the UN ADS Regulation.
The ADS is not adversely affected by electromagnetic interference. Assessment informed by the requirements of UNR10 on electromagnetic compatibility.

Table 1 notes

Automated driving system (ADS) means the vehicle hardware and software that are collectively capable of performing the entire dynamic driving task (DDT) on a sustained basis.

Safety case means structured documentation that provides a compelling, comprehensible, and valid case that the ADS meets the relevant ADS requirements and is free from unreasonable risk to the ADS vehicle user(s) and other road users.

Dynamic driving task (DDT) means the real-time operational and tactical functions required to operate the vehicle.

At the time of publication, references to ‘the UN ADS Regulation’ refer to the draft regulation as presented at the 198th session of WP.29 in document WP29-198-09e.

Table 2 - Requirement for the safety case

The following requirement for the safety case should be met for pilot deployments.

Requirement Assessment
A documented safety case is in place which provides a structured, comprehensible and valid case for the ADS and its development. Assessment informed by the requirements of Section 7.3. of the UN ADS regulation.

Table 3 - Requirement for the safety management system (SMS)

The following requirement for a safety management system should be met for pilot deployments.

Requirement Assessment
A documented safety management system for the ADS is in place for the duration of the pilot. Assessment informed by requirements of Section 7.1. of the UN ADS regulation.

Table 4 - Requirements for the operator

The following requirements should be met by operators of pilot deployments. Where relevant, these requirements also apply to third parties contracted to undertake any functions of the ‘operator’. Compliance will be assessed through a review of submitted documentation and, where appropriate, through practical demonstration.

Requirement Assessment
The operator has effective transport management systems to detect and respond to problems with the ADS and vehicle systems during journeys. 2-part verification:
Part 1: Initial desk-based assessment of documentation (policy and procedures), including adequate response plans should systems fail.
Part 2: On-site assessment, witnessing implementation of policy and procedures.
Best‑practice documents (e.g., BSI Flex 1886 (Clauses 8.7, 9.5, 11.3.2) and BSI Flex 1887 (Clauses 6.2, 7.2, 8.3)) may be used to support demonstration of compliance.
The operator has effective transport management systems to detect and respond to problems with passengers and/or loads during journeys. Review of documentation and demonstration of systems and processes to monitor load and passengers, including details of monitoring systems on and in the vehicle.
(Note that general passenger-assistance capabilities may be an APS responsibility.)
The operator has ensured the suitability of, and has safely implemented, any remote automated driving system (ADS) assistance systems used. Review of documentation and practical assessment showing remote ADS assistance is limited to advice only and includes validated response plans detailing levels of support required, communications performance (latency, bandwidth, coverage), fallback protocols, system-level testing and functional safety assurance.
Standards and best practice documents (e.g., See BSI Flex 1886 (Clauses 5, 9, 10), BSI Flex 1887 (Clauses 6.1, 7.1, 8.2), ISO 7856, and AVSC Best Practice for ADS Remote Assistance Use Case) may be used to support demonstration of compliance.
The operator has suitable vehicle maintenance and software management procedures, including pre-deployment checks. Review of evidence that the operator has documented processes in place for vehicle maintenance and software management to support safe and compliant operation. This should include documentation describing any systems used to monitor vehicle condition, performance, or operational status, whether on‑board or off‑board. 
Review of evidence of documented pre‑deployment check procedures and their application prior to vehicle operation. 
Assessment will be based on a review of relevant documentation and evidence demonstrating that the documented processes and procedures are implemented in practice. Where maintenance, software management, or monitoring activities are provided by third parties, evidence relating to those arrangements should also be included. 
For suitable vehicle maintenance systems operators can adopt the principles of the DVSA Guide to maintaining roadworthiness.
The operator has sufficient insurance to cover all liabilities arising from both the vehicle and its operations. Review of motor insurance policy certificate or other policy document which clearly specifies the use case and duration of the pilot, which covers at least third party liability and liability on the insurer under section 2 of AEVA 2018.
The operator has implemented sufficient measures to protect against cyber threats, ensure cyber security, and handle data appropriately. Review of documentation that demonstrates compliance to the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF). Providing detailed self-assessment and supporting evidence. See section on AV operator cyber security for more information.
Documented data handling procedures, proof of secure storage locations and ability to fulfil reporting obligations under the VSO and APS process. See ISO/IEC 27001, ISO/SAE 21434, data protection legislation and PAS 1882.
For any personal data, processing in a manner that ensures appropriate security in compliance with the data protection legislation.
The operator has implemented suitable incident management protocols (IMP),  including an incident management plan and has created training documentation (which includes elements of the IMP) and is kept up to date. Review of documentation to demonstrate systems and processes to implement suitable incident management protocols, aligned with legal obligations and emergency services requirements where appropriate.
See the section on the incident management plan for further detail on what should be included.

Alternative assessment

This guidance sets out the assessment expectations against each requirement, as listed in the tables above.

Where an assessment listed, or a particular aspect thereof, is not feasible or not appropriate (for example, with a standard or method not listed), the applicant must explain:

  • why the assessment is not feasible or not appropriate
  • how the proposed alternative is equivalent

The rationale will be taken into consideration when undertaking the assessment as set out in this guidance.

Piloting reporting obligations

This section sets out the reporting obligations for pilot deployments. The ongoing submission of reports will be set as conditions attached to the VSO. These reporting obligations are without prejudice to any reporting obligations under existing law.

At the time of publication, references to ‘the UN ADS Regulation’ refer to the draft regulation as presented at the 198th session of WP.29 in document WP29-198-09e.

Automated driving system

Reports on safety-relevant occurrences are to be submitted. Reportable occurrences will fall into 3 categories with the following associated timelines: 

  • notification reporting - an initial notification report should be provided within 24 hours from knowledge of the occurrence

  • short-term reporting - reports should be submitted within 30 days from knowledge of the occurrence

  • periodic reporting - the submission frequency of these reports will be decided on a case-by-case basis depending on the details of the pilot deployment

The occurrences listed in Annex 3 of the UN ADS regulation will be used to inform reportable occurrences. Reportable occurrences will be set out upon issuance of a VSO and will include reporting of, for example, collisions and traffic infractions.

Cyber security

Reports on cyber security incidents are to be submitted, both for vehicle cyber security and operator cyber security. In some cases, it may not be feasible to have complete and validated information about an incident that has occurred, in which case an early indication via a notification report is required.

This will take the form of a short-term report that has been completed in good faith and with the information available. This must be followed by a completed short-term report that provides further information on the extent of the incident and what steps have been taken to address and mitigate the occurrence.

We may ask for interim updates on any notified incident, prior to the short-term report being submitted.

Vehicle cyber security  

Vehicle cyber security reports are to be submitted that comply with the requirements outlined in section 7.4. of UN Regulation 155. These reports should comprise the results of the monitoring activities described in section 7.2.2.2. (g) of UN Regulation 155. Reports must include suspected or confirmed cyber-attacks and vulnerabilities (incidents). Reportable incidents will fall into 3 categories with the following associated timelines:  

  • notification reporting - an initial notification report should be provided without unreasonable delay, within 72 hours from knowledge of the incident 

  • short-term reporting - reports should be submitted within 30 days from knowledge of the incident

  • periodic-term reporting - the submission frequency of these reports will be decided on a case-by-case basis depending on the details of the pilot deployment

Operator cyber security  

Cyber security reports are to be submitted to indicate whether the operator has experienced a cyber security incident that includes a suspected or confirmed cyber-attack that has impacted the organisation. Reportable incidents will fall into 2 categories with the following associated timelines:  

  • notification reporting - an initial notification report should be provided without unreasonable delay, within 72 hours from knowledge of the incident

  • short-term reporting - reports should be submitted within 30 days from knowledge of the incident

Alternative reporting  

Not all occurrences set out in the UN ADS Regulation may be relevant or applicable for a given ADS design or deployment context and will be determined on a case-by-case basis.  

At the discretion of the department, alternative materially equivalent reporting may be accepted by the department where a reasoned case is made by the applicant with the overall objective of monitoring the safety and security of the deployment. 

Other occurrences not set out above may be deemed as reportable. Regardless of the reporting obligations set out, the organisation is expected to cooperate and engage with the department in good faith.

Other expectations

Vehicle maintenance and activity  

Operators should keep records of all safety inspections and vehicle maintenance undertaken to keep vehicles roadworthy for a period of at least 15-months, following the principles of the DVSA guide to maintaining roadworthiness. This information should be shared on request with agreed body(ies) for the purposes of ensuring ongoing roadworthiness and meeting the maintenance requirements set out above.  

Operators should keep a record of daily activities undertaken to ensure vehicles are roadworthy and safe for the carriage of passengers or freight, where relevant. This information should be shared on request with agreed body(ies) for the purposes of ensuring ongoing roadworthiness and meeting the maintenance requirements set out above.  

Incident management and cooperation  

As mentioned in the section on operator requirements and outlined in the section on the incident management plan, we expect the applicant to have an incident management plan in place. This plan should include the notification of incidents to any required bodies within an appropriate timeframe.

We expect applicants to engage with first responders when developing incident management plans.

In the event of any reported incident, the deploying organisation:

  • should provide all relevant data and documentation to the VCA and DVSA
  • will co-operate with investigations by law enforcement and/or other agreed bodies

Where any data and documentation is requested by law enforcement and/or other agreed bodies under their powers, we expect the deploying organisation to comply readily and promptly with such requests, including requests to provide expertise or support to enable law enforcement and/or other agreed bodies to understand any data provided.

Application assessment

Applications will be assessed according to the requirements outlined in this guidance or by alternative means if a request to use alternative means has been accepted by the VCA. In general, the assessment will include the following.

VSO pre-assessment

Preliminary assessment of organisation and system capability, which may include a demonstration of ADS performance, to determine whether there is sufficient evidence of capability to progress with a formal application.

Vehicle approval

Vehicle approval (type approval or IVA) is required for registration, unless the vehicle is registered as a prototype (for restricted purposes only).

ADS capability

The approach for assessment of the ADS capability is based on the UN ADS Regulation, with supporting assessments including on behavioural competencies and on the use of modelling and simulation. ADS capability assessment is broken down into the following elements:

1. Audit of processes and their implementation

Audit of the organisational processes, including those associated with the safety management system. The audit’s primary aim is to ensure that the processes are robust, effective and adhere to the requirements set out, both in terms of development and during deployment. This includes assessment of evidence associated with the implementation of those processes, including modelling and simulation credibility and scenario-based testing, to ensure the organisation can create evidence of ADS capability reliably and robustly.

2. Safety case assessment

Assessment of evidence provided by the applicant, including that obtained through scenario-based testing, that support its claims of compliance with the requirements set out and wider claims of safety and security as collated in their safety case.

3. Confirmatory testing

Additional spot testing to validate the evidence the applicant has submitted as part of their safety case that will include a mixture of real-world, track and simulation-based testing.

Cyber security and software updating

Assessment of cyber security and software updating will be considered as a parallel activity to the assessment of the ADS. The assessment approach will consider UN R155, R156 and supporting standards to determine if the applicant has adequate processes in place to manage cyber security and software updating. Attention will also be given to the wider operation of the deployment, where interactions from remote services could pose a risk to deployed vehicles.

Operational management

This is an assessment of the organisation responsible for operating the vehicle. The assessment approach is structured around 4 core pillars adapted from transport management systems:

  • safety policy and governance
  • operational safety risk management
  • operational assurance
  • performance monitoring and ongoing compliance

The scope of each assessment will be agreed prior to commencement and evidence will comprise an audit, beginning with an initial assessment of the operator’s management systems documentation such as safety policies, training, maintenance, incident management plans, data-retention schedules, etc. This will then be validated by an on-site assessment conducted pre-deployment.

If the application is successful, the VSO will be issued and will authorise the use of the vehicles (identified by vehicle identification number (VIN) and/or registration number) recognising the non-compliance(s). Issuance of a VSO is ultimately at the discretion of the Secretary of State and will be subject to conditions. There is no guarantee as to whether an application will be accepted, and each case is judged on its own merits.

If the application is successful, a recommendation will be put forward for the vehicle to be listed under Section 1(1)(a) of the Automated and Electric Vehicles Act 2018 by the Secretary of State.

Notifiable modifications  

Certain modifications to vehicle hardware and software should be notified to the VCA before they are undertaken. What constitutes a notifiable modification in the context of a specific pilot deployment will be considered on a case-by-case basis, taking into account the substantive nature of the type of modification and its potential impact on safety and security. The VCA may also set periodic notification requirements for lesser modifications. Notifiable modifications will be set as a condition attached to the VSO.

Conditions attached to the VSO

Failure to meet any conditions attached to the VSO, including the submission of the reports listed in the section on piloting reporting obligations throughout the lifetime of the deployment will result in actions being taken, which could include the revocation of the VSO.

AV operator physical and personnel security

Due diligence: operator services

In advance of considering whether a VSO should be issued, DVSA will consider evidence related to the organisation’s arrangements with respect to:

  • personnel safety and mitigation of insider risk
  • physical safety and security of the operations centre

All evidence should be risk based and proportionate to the service offering. Organisations seeking higher risk deployments should produce more detailed security evidence. Factors that could influence the risk of a deployment include the number of vehicles deployed or the amount of control the operator is able to have over the vehicle.

Risk considerations

The organisation applying should determine the risk level associated with each agent’s role within relevant facilities, which could include:

  • remote operations centres
  • vehicle depots - for storage, maintenance, charging, cleaning, etc
  • customer support centres

Considerations could include whether the agent can:

  • exert control over vehicle functions, sensitive to the nature and extent of that control and the degree to which that control could impact safety
  • set strategic goals for a vehicle or multiple vehicles, including while passengers are inside
  • override any vehicle security or safety systems, including those related to the ADS
  • provide tactical advice related to the trajectory of the vehicle
  • access data from the vehicle that may be sensitive, including audio or visual data
  • communicate with passengers inside the vehicle

Personnel security

Organisations should provide detailed operator personnel security evidence to DVSA. An organisation’s personnel security evidence should consider the items listed in the table below for personnel risk and mitigations. A risk assessment should be completed for every role within the relevant facilities. DVSA may request additional evidence, including an organisational roles and responsibilities diagram, that details operational roles and their system access.

Table 5 - Personnel security considerations and example evidence

Personnel security considerations Example evidence
Employee training Appropriate training programs, including ADS and security culture.
Employee health assessment For roles where physical or mental health are relevant to the safe and secure operation of the vehicle, the operator should have their employees medically assessed for fitness to perform their roles, by a UK-registered doctor. 
The operator must confirm that medical assessments are carried out, but the report itself does not need to be shared with the appropriate national authority.
Working hours Appropriate working hours and fatigue management plans.
Background checks Identity and criminal history check as appropriate. See section below on vetting.
Relevant regulatory compliance Policy to prevent drug or alcohol misuse in relevant roles. Meeting requirements set by Health and Safety at Work etc Act 1974.
Compliance with Highway Code and Road Traffic Act if relevant.
Location Appropriate location of staff, including work from home policy.
Driving licensing and records protocols If applicable, a valid UK driving licence for the correct vehicle category. 
If applicable, maximum penalty points threshold.
Other (minimum age) Minimum age requirement, role dependant.

Background checks

The department will seek assurance that organisations are taking appropriate steps to manage insider risk. Organisations should consider requiring Disclosure and Barring Service (DBS) checks, or equivalent criminal record checks, for those undertaking operational roles. The department may consider setting additional requirements for remote operators if a role is high risk, for example if the role allows a very high degree of individual influence over the operation of the vehicle, or the capability to influence driving behaviours.

Organisations should also consider applying standards for training and background checks on call centre employees dealing with personal data (for example, BS7858).

Read more about security clearance:

Physical security

Organisations should provide evidence demonstrating their risk assessment and mitigations for any relevant facility’s physical security to the approving authority. An organisation’s physical security evidence should consider the risk of malicious actors accessing the site and resilience following disruptions such as adverse weather or power outage. Organisations should consider that malicious actors could potentially originate from within the organisation. Evidence should include risk mitigations and plans for how to respond in the event of an incident.

Table 6 - Physical security considerations

Physical security considerations Details
Restricted location High risk systems are not easily accessible from public areas.
Controlled access Entry to the operations site is controlled. Electronic logging of entry to secure areas and systems.
Supervised entry/escorts Only authorised personnel can access secure areas. Employees without authorisation, such as cleaners or visitors, should be supervised.
Alarm systems Alarm systems are in place in case of an incident or when the centre is unmanned.
Resilience planning Contingency plans are in place to respond to possible disruptions such as power failure, weather or fire. This includes plans for business continuity and safety shut down.
Consider the need for back up data centres or other relevant facilities.
Monitoring systems Comprehensive coverage to monitor staff and maintain security. CCTV must be high enough resolution to identify a person correctly.
Site protection If applicable, consider security guards and building quality.
If applicable, consider geographic location including how location effects potential natural disasters such as earthquakes or flooding.
Geographical location If applicable, consider how facility location affects security including risk assessment related to connectivity, resilience and local crime risk.

AV operator cyber security

Organisations must provide a detailed self-assessment of operator cyber security including supporting evidence to the approving authority to demonstrate that they are sufficiently cyber secure.

Operator cyber security should be assessed against the National Cyber Security Centre (NCSC) cyber assessment framework (CAF). Organisations should be prepared to provide additional evidence to the approving authority upon request, such as an architecture diagram of the supporting infrastructure, to visualise data and information flow between the vehicle and remote operator.

All safety assessments should be risk based and include comprehensive risk assessments. Organisations operating with higher risk should produce more detailed evidence of their cyber security procedures. Factors that could influence the risk of a deployment include the number of vehicles or the amount of control the operator has over vehicle.

A CAF template will be provided by the VCA.

Other resources for organisations to consider when preparing their cyber security case:

Incident management plan

The operator is required to have implemented suitable incident management protocols. Part of the compliance to this requirement includes demonstration of a thorough, structured and up to date incident management plan. 

An incident management plan should include (but not be limited to):

  • details on the detection of an incident
  • protocols for a number of different scenarios
  • operator emergency contact information for emergency services, in the case of an incident
  • how first responders can gain access to the vehicle in an emergency and secure it following an incident, including stopping an AV from moving
  • emergency movement of an AV, even if damaged
  • information required for the extraction of trapped passengers
  • procedures that will be put in place to enable passengers to safely get to their planned destination
  • electrical architecture information for fire and rescue services
  • post-incident procedures to enable passengers, other road users and first responders to work safely if the pilot vehicle is involved in an incident 
  • cooperation with first responder’s and the DfT and its agencies post-incident, including during investigations
  • the procedure and timeframe for notification of incidents to any required bodies

See separate guidance for first responders for more information.

Automated passenger service (APS) permit

This part of the guidance is designed to support the automated passenger service (APS) permit application process under part 5 of the Automated Vehicle Act 2024 (the AV Act). The remaining provisions of the AV Act are due to come into force in late 2027. As such, this guidance may be updated as secondary legislation is developed in advance of full implementation. This guidance will also be updated, as appropriate, based on feedback and experience from applicants going through the process.

If the pilot deployment is intended to operate a passenger carrying service, the APS permitting scheme provides a clear legal route to do so. The deployment will need to comply with the APS requirements in this section of the guidance, in addition to the requirements in the sections on: 

Where the APS permit holder is also the operator of the pilot deployment, any duplicated operator requirements need only be evidenced once, as outlined in the section on vehicle special order (VSO) and vehicle listing.

This section of guidance applies to applicants intending to deploy a taxi- or PHV-like service in England or a bus-like service in Great Britain. The permit applicant will be issued an APS permit by the appropriate national authority, subject to the service meeting the required service standards and any relevant consenting authority giving consent.  

The appropriate national authority grants APS permits. This is the Secretary of State for Transport for taxi- and PHV-like services in England and bus-like services in GB. DVSA will grant permits on behalf of the Secretary of State for Transport.

This guidance is non-statutory, enabling lessons and best practice to be incorporated flexibly in response to the experience gained from pilot deployments. This guidance is not intended to be prescriptive, as each deployment will differ. Rather, it is intended to inform and support the deployment of automated vehicles operating passenger carrying services.

APS permit overview

The AV Act sets out that a permit for an automated passenger carrying service may be granted for the following purposes:

  1. Securing the disapplication of taxi, private hire vehicle and bus legislation; and/or,
  2. Satisfying a requirement imposed by regulations under section 12 (licensing of No User in Charge Operators (NUICOs)) of the AV Act in relation to the holding of a permit.

For a service resembling a taxi, private hire vehicle (PHV) or bus, a permit cannot be granted without consent from the relevant consenting authorities.

For taxi and PHV-like services, consent is required from the taxi and PHV licensing authorities in which the service will operate.

For bus-like services, consent is required from the relevant bus franchising bodies.

A permit may be granted for the provision of an APS service using a road vehicle designed or adapted to travel autonomously - without a safety driver.

For a vehicle to be viewed as designed or adapted to travel autonomously, it will be required to be listed under section 1 of the Automated and Electric Vehicles Act 2018 (AEVA) or, following its full implementation, authorised under section 3 of the AV Act.

It is recommended that an applicant carefully reads this guidance and has a full understanding of the permit process and requirements before any application is made. 

Failure to provide all required information will result in the application being delayed. It should also be noted that conditions can be applied to any permit issued.

General requirements

This section sets out the legal requirements for deploying an APS in the UK, as well as guidance to help applicants navigate the APS permit process and understand the roles and expectations associated with the permit.

Be of good repute

The applicant must be of good repute, and evidence must be provided that indicates that the applicant is fit and proper to operate, manage, or control the provision of APS in a manner consistent with trustworthiness, compliance, and overall conduct. This may include aspects such as considering experience of running passenger services in the UK or elsewhere, criminal convictions or where operator licences / permits have previously been modified, suspended or withdrawn.

Failure to maintain appropriate good repute or to notify the appropriate national authority of material changes may result in action being taken against the permit.

Be of good financial standing

The applicant must demonstrate evidence of good financial standing, that is, sufficient financial resources, on an ongoing basis to ensure the proper conduct of its operations and the discharge of its obligations to passengers, staff, partners, and regulatory bodies. Such resources must be readily available and demonstrated prior to deployment.

The applicant must maintain financial stability throughout the permit period. The appropriate national authority may require periodic submission of updated evidence to ensure ongoing compliance.

Failure to maintain adequate financial standing and records to demonstrate it, or to notify the authority of material changes affecting financial capacity, may result in action being taken against the permit.  

Maintain operational competence

The applicant must demonstrate that they have the organisational capability, operational systems, and technical competence necessary to operate the APS service safely, reliably, and in compliance with all applicable legislation as set out in a comprehensive operational plan. The operational plan must demonstrate the proposed scope and method of operational deployment for an automated passenger service.

Maintain safety assurance

The applicant must demonstrate its ability to implement systems ensuring the safety of passengers, other road users, and the general public. This detail should be set out in a comprehensive deployment safety plan. The deployment safety plan must demonstrate the proposed scope and method of APS safety deployment.

Before a permit can be issued, DVSA will request consent, where appropriate, from the appropriate taxi and PHV licensing authorities or bus franchising bodies. A permit cannot be issued without consent, and as such it is strongly advised to engage with the appropriate authorities at an early stage and throughout the development of a service proposal. Lack of engagement in advance of making an application may result in a delay.

For a service resembling a taxi or private hire vehicle

The consent of each taxi and PHV licensing authority in whose area the proposed service is intended to operate will be needed for an APS permit to be granted.

An applicant is encouraged to engage with the relevant licensing authority prior to an application being submitted where an authority is able to engage in the process. The applicant should outline their proposals to address any potential issues and to understand any factors the licensing authority may consider in whether to consent or not.

For a service resembling a bus within a bus franchising area

The consent of each bus franchising authority in whose area where the proposed service is intended to operate will be needed for an APS permit to be granted. Transport for London (TfL) and Transport for Greater Manchester (TfGM) are currently (March 2026) the only bus franchising authorities. Where further authorities gain bus franchising powers, their consent will be required.

It is important to note that other bodies may secure these powers and that this guidance should not be taken as a definitive guide to bodies that hold bus franchising powers. Organisations wishing to deploy a bus-like service should engage with appropriate local stakeholders to understand if they will be operating in a bus franchising area.

The applicant is encouraged to engage with the relevant franchising authority prior to an application being submitted, where an authority is able to engage in the process. The applicant should outline their proposals to address any potential issues and to understand any factors the bus franchising body may consider in whether to grant consent or not.

For a service resembling a bus outside of a bus franchising area

Consent is not required for a bus-like service in areas that are not subject to a bus franchising scheme. The applicant is, however, strongly encouraged to consult with any relevant local transport authorities, particularly where those authorities are in the process of transitioning to a franchised bus network or where a bus service improvement plan (BSIP) has been adopted.

This will identify any potential interaction with existing or planned local bus service arrangements. Where local measures are in place, such as, but not limited to, multi-operator ticketing schemes, the expectation is that any proposed service should support these measures unless robust reasoning can be provided for why this is not appropriate.

Cross border services

Where a proposed service would operate cross-border in various consenting authority areas, consistency of service will need to be considered in initial discussions, and separate consent must be obtained in each consenting authority area.

Stakeholder engagement

As discussed in relation to local consent requirements, applicants are strongly encouraged to engage with relevant stakeholders to discuss the proposed service prior to an application being made.

Prior to the granting of a permit, DVSA will consult any traffic authorities and emergency services that are considered by the agency to be substantially affected if the permit was granted. It is strongly recommended that a similar approach to engagement is taken with traffic authorities and emergency services as for consenting authorities. Should an issue be raised that has not already been addressed by the applicant, the result may be:

  • a delay to issuance of the permit
  • additional conditions being attached to the permit
  • a permit not being granted

The views of traffic authorities and emergency services will be considered during the assessment of the permit application. Additional conditions may be required to address any raised concerns.

It is important to note that there may be more than one traffic authority, and multiple emergency services within a geographic area. This could include the local highway authority, any strategic transport authority with appropriate powers and, where using the strategic road network in England, National Highways.

Transport Scotland manages the strategic road network in Scotland, and the Welsh Government manages the strategic road network in Wales.

The applicant is also strongly encouraged to engage with other local stakeholders to gain further insight into the development of the service. This may include community groups and engagement with older and disabled people.

Application process

This guidance is designed to guide organisations intending to deploy an automated passenger service that either:

  • resembles a taxi or private hire-like vehicle
  • resembles a bus-like public service vehicle

Consideration of the appropriate route will be undertaken on a case-by-case basis. However, ‘resembling’ will broadly be considered based on the most suitable licensing route if the vehicle was driven by a human driver.

Engagement in advance of making an application

Applicants should at the earliest opportunity discuss their proposed deployment with the VCA and DVSA. Early discussions will identify any deployment barriers or opportunities and assist in understanding the operational requirements for deployment. Applicants should also note the engagement guidance set out in the sections on local consent and stakeholder engagement.

Application fees

Section 89(3) of the AV Act enables regulations to be made to set a fee in respect of making an application for a permit (or for the renewal of a permit) or the granting, retention or renewal of a permit. While the government has not exercised this power in advance of full implementation of the Act, it is the intention, as outlined in the APS consultation, to make regulations in the future to set fees. This will be subject to consultation, which will provide detail on the proposed fees regime for APS.

The application

To be permitted to operate a service through the APS permit scheme, the applicant will have to submit evidence of organisational competence and suitable systems to operate a safe and compliant service. An APS application is expected to contain the following information and evidence.

Contact details 

The applicant should provide contact details, including the address for a registered office and all UK operating/control centres - a PO box is not acceptable.

Contact details for day-to-day communication and incident communications should also be provided. This should include phone numbers and email addresses. The type of business and entity details (for example, limited company, limited liability partnership, partnership, sole trader) including trading name should also be provided.

Organisational structure

An organisational tree identifying key roles and responsibilities. Responsible persons should be identified, and their contact details, phone numbers and email addresses should be included.

Operational plan

A comprehensive operational plan, which demonstrates the proposed scope and method of APS deployment. While not exhaustive, this plan would be expected to include:

  • customer information - an overview of how information will be provided to passengers to support them at different stages of their journey
  • service descriptions - description of the proposed services and measures to assure continuity of services, including contingency in the event of the service being unable to operate. This information should include the geographical deployment area for the service, including, where appropriate, details of any routes and/or schedules.
  • operating locations and centres - description of the intended locations and operating centres to be used. This should include details of control centres and where the vehicles will be maintained and parked when not in use, including any relevant planning permission.
  • vehicle descriptions - proposed vehicle details to be used under the permit
  • appropriate insurance - evidence of adequate insurance coverage for APS operation and the carriage of passengers
  • accessibility plan - how the service will provide inclusive and accessible travel and the features / support available to enable people to travel, with specific consideration given to disabled and older people
  • staff competence and training plan - to demonstrate that the services meet the requirements for staff who are involved in customer service and passenger safety oversight
  • complaint management plan - to demonstrate an effective handling process for complaints
  • local considerations - to demonstrate the capability to improve local transport and integrate with the local transport system

This may also include where specific consideration has been given to reflect discussions with consenting authorities.

Deployment safety plan

A framework outlining safety policies, risk assessments, and mitigation strategies focussed on the passenger carrying role of the service. The deployment safety plan should identify and define individual roles and responsibilities to demonstrate continuous and effective processes and policies to enable passengers to travel safely at all times. The plan should show the applicant has considered and has addressed the safety, security and other risks associated with carrying passengers. The plan should consider processes and plans for improving passenger safety following any incident.

This plan should include (list not exhaustive):

  • contingency plan - to ensure service continuity and passenger safety if the automated service fails or cannot operate
  • passenger safeguarding policy and plan: to demonstrate the capability to identify and address passenger issues and handle them appropriately
  • passenger support - to demonstrate an effective process for remote or in-person assistance. This should include support during incidents.
  • passenger communication plan - to demonstrate a clear approach to inform, communicate and guide passengers in emergency events, or at times of concern. This should include evacuation and emergency procedures.
  • response plan for disruptive actors - to demonstrate the planned response to disruptive activities and the safeguarding of passengers and the public
  • third party services - to provide details of any third party provision and contractual agreements associated with the operation (this should include roles, responsibilities, monitoring of compliance and service fall back provisions)

Incident management plan

The applicant should demonstrate an effective incident management plan. The plan must ensure that all incidents involving passengers or the public are recorded and thoroughly investigated in a timely manner. A responsible person should be identified who will ensure reports are properly collated, verified and signed off. The report will be produced to the appropriate national authority when requested. The process and report will include causal analysis, lessons learned and recommendations.

Financial evidence

The applicant should provide financial evidence indicating sufficient financial resource to provide and operate the service they intend to deploy. Any financial documentation should be in the name of the entity applying for an APS permit and could include:

  • full accounts
  • a certified bank account statement of opening balance demonstrating financial standing
  • financial guarantee
  • similar financial documents

Third party services

The applicant should provide details of any third party provision and contractual and data-sharing agreements associated with the APS and how they intend to monitor that service. The third party provider could include:

  • remote operation centre information
  • passenger travel experience, for example monitoring and cleaning of vehicle
  • booking system
  • customer support and / or assistance

It is important to note that the permit holder remains responsible for the APS operation and should provide assurances that safeguards are in place to ensure third parties fulfil contracts. The appropriate national authority may wish to check that any third party provision is suitable and remains so. Any material change in contracting arrangements may require a variation of the permit.

Engagement with authorities and other bodies

The applicant should have sought to engage with the relevant authorities and bodies concerning the proposed service, prior to any permit application being submitted. The application should provide details of any discussions, such as including where changes have been made to reflect feedback, and key contacts.

Areas of potential interest for authorities and other bodies may include understanding:

  • the proposed service and where and when it will operate
  • how vehicles will be managed out-of-service and between passenger journeys
  • confirmation of suitable permissions for operational and other facilities
  • what vehicles will be used and how they can be identified
  • any potential impact or demand the service will have on local infrastructure
  • implications and alignment with existing transport provision
  • approaches to maintain traffic flow and not increase congestion
  • accessibility features and support for older and disabled people
  • the approach to safeguarding passengers and their safety
  • protocol for emergencies, disruption, roadworks and contingency planning
  • demand for kerbside usage and other passenger embarking / disembarking points
  • how the service will interact with emergency services and other traffic control / management officials
  • how the bodies can raise concerns about the service through operation
  • support and / or training available to raise their understanding of the proposed service and interaction with vehicles
  • data management and sharing policies

This should not be treated as an exhaustive list, and applicants are encouraged to understand local policies and strategies to inform discussion, alongside building awareness from engagement. Applicants are also strongly encouraged to review the first responder guidance.  

Engagement with other stakeholders

The applicant should provide an overview of any engagement with other stakeholders, for example where there has been discussion with local community groups and with older and disabled people.

Data management

Procedures for handling service-related data, ensuring security and privacy. The applicant should be able to demonstrate robust systems for data collection, storage and disposal.  

See the section of this guidance on data protection and handling for more information. 

The applicant should detail the process for sharing requested data with DVSA in the agreed standard format. The applicant must ensure a single responsible person should sign disclosures to the relevant body. 

The responsible person should have a genuine link to the APS permit holder, being the owner, partner, employee or director. They should be a level of seniority within the organisation with responsibility for, and access to, the required information. They should have the skills, resources and authority to perform the duties of a nominated individual. Alternatively, an external contractor may perform the duties of a nominated individual provided a formal written contract is in place and they meet the requirements as stated above.

Safeguarding

Safeguarding policies and a risk assessment addressing any potential risks specific to automated passenger services. The applicant will be able to satisfactorily demonstrate that sufficient safeguards are in place to ensure passenger safety for all potential users of the APS service. This could include:

  • in-vehicle video monitoring and recording systems
  • panic button
  • in service monitoring
  • passenger interaction with the AV
  • passenger interaction with remote assistance
  • remote vehicle monitoring and communications
  • limitations and safeguarding for children carried as passengers
  • staff training and checks for suitability for role

Accessibility

The applicant should demonstrate the provision of accessible services for users, including the range of features and wider measures adopted to enable travel. This is to include:

  • accessibility of booking platform
  • how the passengers can interact with the operator, such as via an app, service advisor, messaging service, or other means
  • emergency procedures
  • how passengers with mobility issues access or egress the vehicle, including in emergencies or other service disruption
  • provisions for passengers with assistance dogs

The applicant should record and investigate all instances where a disabled person has raised issues in relation to the above in using the service and what action has been taken in response.

A new non-statutory APS accessibility advisory panel will begin meeting from spring 2026. The panel will be tasked with providing their recommendations to the government on the provision of accessible services. This will guide the department’s development of further policies and non-statutory guidance relating to the deployment of APS.

Application submission

Applications for an APS permit should be submitted to DVSA accompanied by all required documentation.

Permit requirements

To ensure the safe and lawful operation of automated passenger services and that appropriate standards are maintained, operators are expected to adhere to the following:  

Vehicle requirements

Where a vehicle has been issued with a VSO and listed as self-driving, it should maintain compliance with the requirements and conditions set out under the VSO

For details of requirements, see the sections of this guidance on:

Maintain compliance with established safety protocols and standards. The vehicles operated under the APS permit must be maintained in a roadworthy condition and remain legal for use on the road. There may be further requirements on the vehicle determined by the conditions of the VSO or APS permit such as identification or safety markings. These will be determined on a case-by-case basis.

Compliance requirements

During pilot deployment, compliance with APS permit conditions, other regulatory requirements, and reporting requirements, is mandatory. Failure to comply may result in regulatory action being taken against the permit. Such action may also influence future consideration of the applicant’s repute.

Notify of any changes

Notify in advance any changes which may require a permit variation. This would generally be viewed as a change that would have had a material impact on the decision to grant a permit in the first instance.

Where a permit holder is uncertain, it is advised to engage with DVSA on the scope of the change to understand if a variation will be required. Where a change is made that would be outside the agreed scope and conditions of the existing permit, the permit would no longer be valid.

Permit holders failing to notify of changes that require a variation may impact on their good repute alongside wider offences that may be a result of operating outside the scope of the permit.

Ensure passenger safety

Ensure that passengers have access to on-board safety information and a means of obtaining remote support or communications. Appropriate safeguards must be in place in the passenger compartment of the AV to ensure passenger safety, such as CCTV or other monitoring processes. 

The applicant must keep a record of safety related incidents and any action taken for a minimum of three years. The data should also be available for access by the victims of any relevant incident, in so far as making the data available is compliant with the permit holder’s obligations under the data protection legislation.

Ensure appropriate safeguarding

Staff involved in overseeing or supporting AV services including remote operators, call centre staff, and maintenance personnel must undergo appropriate background checks (including criminal record checks, if relevant) where they may interact directly or remotely with vulnerable individuals.

Applicants providing a taxi/PHV-type service for the public using safety drivers must ensure that the safety driver holds a current taxi driver licence or private hire driver licence when working in a vehicle carrying passengers. This will ensure they are eligible for an enhanced DBS check and have a full UK driving licence.

The taxi or private hire driving licence does not have to be from the area in which the service will be deployed, although applicants are encouraged to consider doing so where practical.

Manage communications and complaints

Provide information on service provision to passengers and the general public, provide clear mechanisms for users to report concerns or incidents. The operator should be able to demonstrate a clear and accessible complaints procedure. The operator should:

  • provide contact details for complaints (for example, email, phone, website) in and on the vehicle and on any communication
  • acknowledge complaints promptly
  • investigate complaints as appropriate and respond in a reasonable time frame
  • keep records of complaints and any actions taken

The operator should provide clear information to passengers on how the service operates, fare structures, service hours and / or timetables and what to do in the case of an emergency or other disruption to service. This includes any differences from traditional service expectations for example haptic or visual communications.

The operator should provide communication channels to support those in working capacity and any other people supporting passengers in the event of an incident or service disruption. These should include:

  • other passengers
  • blue lights services
  • other road safety operatives
  • members of the public at the scene

Permit holders are encouraged to consider community engagement schemes to improve public understanding of the potential benefits offered to the community and encourage buy in for the service.

Notification of incidents

The permit holder must provide notification of all incidents involving vehicle operated under an APS permit within the required regulatory timescales. Notifications must include sufficient information to alert the regulator to the occurrence of an incident and its apparent characteristics, enabling initial regulatory awareness and triage. 

Incident data must be captured as soon as reasonably practicable following the occurrence of an incident. This includes the use of on‑board vehicle systems, automated driving system logs, sensors and other internal vehicle technologies. All data must be securely stored, protected against unauthorised access and retained in accordance with permit conditions. 

Critical reportable incidents must be notified as soon as reasonably practicable and no later than 24 hours after knowledge of the incident. Critical incidents include (but are not limited to): 

  • incidents involving at least one person suffering an injury that requires medical attention or dies as a result of being in the vehicle or involved in the event

  • collisions 

  • safety critical component failures 

  • vehicle fires 

  • dangerous occurrence that did not cause harm, but which could reasonably have led to a collision, injury or serious safety incident

  • safety defects (or allegations of) 

  • safeguarding incidents 

Non-critical incidents must be notified without unreasonable delay. Non-critical incidents include (but are not limited to): 

  • traffic offences/infractions - including speeding tickets and parking infractions

  • fail to achieve minimum risk condition 

  • automated service suspension/withdrawal 

  • external disruptive action – affecting the service  

  • incident which may attract significant negative public attention 

  • any other incident that the permit holder considers notifiable

Monitor performance

Regularly assess service performance and customer feedback including (but not limited to):

  • journey mileages travelled
  • ‘dead milage’ including empty journeys to and from collecting passengers, or starting and finishing a service
  • instances where the service has not been met and the reason for the failure

Provide periodic reporting

Submit scheduled reports to DVSA, on behalf of the Secretary of State as the appropriate national authority, detailing operational data and compliance status in the required format. The applicant should provide travel data including (but not limited to):

  • journey start and finish information
  • routes and schedules
  • failure to undertake or complete a service
  • compliance with performance targets

Ensure cybersecurity

Ensure cyber security as it relates to the operation of the vehicles and to prevent unauthorised access to personal data.

The applicant shall have appropriate safeguards in place against potential security threats or breaches including an incident management plan. The list below identifies potential risks for consideration, but it is not exhaustive:

  • vehicle on-board passenger information systems
  • remote passenger support / assistance
  • manipulation of communication channels
  • ability to detect and respond to cyber threats and attacks
  • booking apps
  • customer information

It is anticipated that, where the entity holding the APS permit is different to the VSO holder, the provisions of the section on AV operator cyber security are complied with.

Ensure service continuity

Maintain service availability and accessibility in line with the terms of the permit.

Applicant declaration

Make a declaration that:

Application assessment

Assessment of an APS application by DVSA can take place in parallel with the assessment of the VSO and listing application by the VCA.

DVSA will:

  • conduct a desk-based assessment of documentary evidence, in support of the application
  • carry out an on-site assessment of operations
  • require initial pre-deployment inspection of vehicles to ensure they meet any permit conditions
  • request consent from consenting authorities and consult with substantially affected traffic authorities and emergency services
  • carry out any other enquiries as may be necessary

Issuing a permit

Subject to an applicant meeting the required criteria, consent being granted by any relevant consenting authorities and the consultation of traffic authorities and emergency services, a permit will be issued. The duration of the permit will be decided on a case-by-case basis depending on the details of the deployment.

It is important to note that for the period in advance of full implementation of the AV Act, the permit period is likely to be an agreed period up to a maximum between 12 to 18 months.

Permit monitoring

DVSA may:

  • conduct random safety audits, inspections, or on-site assessments of operations
  • conduct investigations into complaints and reported incidents
  • carry out other activities to assess compliance with permit conditions

Contact and support

This guide provides a foundational understanding of the application and management processes for the APS Permit scheme under Part 5 of the AV Act. Operators are encouraged to understand the full legislative framework and seek appropriate legal and other advice where necessary. This guidance is subject to updates as the regulatory framework for AVs evolves and to reflect feedback from early deployments.

For further information or support, applicants should consult DVSA and CCAV.

Data considerations

Monitoring, reporting and learning

In addition to the reporting requirements set out in the vehicle special order (VSO) and vehicle listing, and the automated passenger service (APS) permit sections of this guidance, the Department for Transport intends to gather additional data to ensure that:

  • lessons are learned regarding the pilot deployment of AVs
  • that information is made available for public scrutiny of the regulatory approach

Accordingly, the department may wish to collect information on themes including, but not limited to: 

  • the safety performance of deployments
  • the scale of deployments
  • how deployments affect traffic flow
  • what economic effects are observed from pilot deployments
  • what the role of remote assistance is in supporting the safe operation of vehicles 
  • how automated passenger services support accessible travel
  • what safeguarding issues are observed/reported in automated passenger services
  • how automated passenger services fit into local transport networks

To support wider learning around the functioning of the AV safety framework, the department expects operators to engage in good faith through feedback, interviews and/or surveys. This engagement may be organised by the department or a third party.

Data sharing agreement

To ensure appropriate data sharing with the Department for Transport, we will ask for the signing of a data sharing agreement in relation to non-personal data. This may stipulate that collected information can be shared with others including: 

  • local authorities

  • academics and researchers

  • other individuals or bodies for the purposes of data processing or evaluation

  • other individuals or bodies for the purposes of policy development requiring targeting sharing

  • the general public, where there is public interest

Where the data sharing agreement is not adhered to, the department may take a decision to revoke the VSO.

Data protection and handling

The processing of any personal data by the vehicle or by or on behalf of the deploying organisation or its third party providers must comply with applicable laws of England and Wales, including the Data Protection Legislation (as defined in section 3 of the Data Protection Act 2018 and the Privacy and Electronic Communication Regulations 2003

Refer to the Information Commissioner’s Office (ICO) guidance and codes of practice for more information.   

Given the ICO’s view that the processing involved in the use of automated vehicles is an example of high-risk processing, deploying organisations are strongly advised to consider their obligations under article 35 of the UK GDPR, to carry out a data protection impact assessment (DPIA).

Where the DPIA indicates that processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk, deploying organisations should consider whether the statutory duty to consult with the ICO under article 36(1) is engaged. 

Deploying organisations should identify any personal data that will be transferred out of the UK and consider whether international data transfers are compliant with part V of the UK GDPR.

Back to top