How Secure are Waymo's Driverless Taxis?

Waymo, the US-based autonomous vehicle pioneer owned by Alphabet, has announced its intent to launch robotaxis in London as early as September 2026.

The deployment marks the company's first commercial move outside the US and could introduce significant new cybersecurity considerations for the UK's transport infrastructure.

A pilot service is scheduled to launch in London in April, providing a testing ground before a wider public rollout, following deployments in San Francisco and Los Angeles.

Regulatory framework addresses cyber threats

Waymo's decision to deploy driverless taxis in London has been encouraged by the progress of new laws.

The UK Government is currently finalising the secondary legislation required to activate the Automated Vehicles Act 2024, with the Department for Transport expecting the regulatory framework to be operational by the second half of 2026.

Former Transport Minister Lilian Greenwood, who recently inspected Waymo's London fleet, expressed confidence that the technology would enhance safety.

She says: “We know that unlike human drivers, automated vehicles don't get tired, don't get distracted and don't drive under the influence.”

However, she cautions that vehicles must meet strict standards, “including protection from hacking and cyber threats,” before they are permitted.

This regulatory emphasis on cybersecurity reflects growing concerns about the vulnerability of connected vehicle systems to malicious actors, particularly as autonomous vehicles rely on continuous data transmission and real-time processing.

The involvement of multiple stakeholders in the deployment process means coordination across government departments, manufacturers and technology providers will be essential to maintain security standards throughout the vehicle lifecycle.

Complex supply chain creates multiple attack surfaces

For cybersecurity executives, the logistics of Waymo's UK fleet reveal a complex, globalised production cycle that could introduce multiple potential attack surfaces. 

The vehicles – primarily all-electric Jaguar I-PACE models – are initially manufactured in Europe. They are then shipped to the US, specifically to facilities including the Mesa, Arizona plant operated in partnership with contract manufacturer Magna.

In the US, the vehicles are fitted with the ‘Waymo Driver’ – a proprietary suite of sensors and compute hardware – before being shipped back to the UK.

This trans-Atlantic movement and the involvement of multiple parties in the supply chain means that securing the entire production and deployment process requires robust protocols at each stage to prevent tampering or unauthorised access to critical systems.

Each handover point in this international supply chain represents a potential vulnerability where malicious actors could attempt to compromise vehicle systems.

The extended logistics chain necessitates comprehensive security auditing and chain-of-custody protocols to ensure the integrity of both hardware and software components from manufacture through to deployment on London's streets.

Sensor architecture and data processing infrastructure

The technical heart of the Waymo vehicle consists of a sophisticated sensor stack that includes lidar, vision (cameras), radar and microphones.

This array provides 360-degree awareness, allowing the vehicle to perceive objects up to 300 yards away, even in adverse weather conditions.

Nicole Gavel, Senior Director at Waymo, says these sensors allow the cars to “perceive the world around them more accurately and with more of a field of view than human drivers can”.

All telemetry is processed by a powerful computer housed in the boot, which determines the vehicle's reactions in real time without human intervention.

The real-time nature of this data processing means that any cybersecurity breach could have immediate physical consequences on London's streets.

A fleet of 24 cars is currently mapping the capital, navigating some of the most challenging urban layouts in the world.

Unlike the wide, grid-based roads of Phoenix or San Francisco, London's narrow, medieval streets and unique features like zebra crossings with flashing Belisha beacons require specialised training.

Ben Loewenstein, Head of EU and UK Policy at Waymo, explains that the cars have been manually steered for months to “learn the nuances, learn about the zebra crossings”.

The market for autonomous ride-hailing is expected to be fiercely contested. Rival firms Uber and Lyft are also preparing UK launches, partnering with Chinese manufacturer Baidu for their vehicle platforms.

Wayve, a UK-based startup, represents domestic competition.

The UK Government estimates that the autonomous vehicle industry could add £57.5bn (US$71.8bn) to the UK economy by 2035 and create nearly 40,000 new jobs.