The MASS Code
[By Priyatham Sanjeeva Reddy, Ramidi]
On 1 July 2026, the International Code of Safety for Maritime Autonomous Surface Ships (MASS) enters its first operational phase. That date will not suddenly empty bridges or dispatch uncrewed container ships across every ocean. It does, however, mark a decisive change in the autonomous-shipping debate. The industry is moving from asking whether autonomy is technically possible to asking whether it can be governed safely at scale.
The International Maritime Organization adopted the non-mandatory MASS Code in May 2026. It applies initially as a voluntary framework for large cargo ships engaged in international trade, while experience is gathered for a future mandatory instrument. This transition matters because autonomous shipping has never been only a navigation problem. It is a system-of-systems problem involving ship design, connectivity, cyber resilience, remote operations, human factors, maintenance, liability and emergency response.
From Demonstration to Operational Reality
The most difficult questions begin where the promotional videos end. A remotely operated ship may have radar, cameras, lidar, satellite links and automated collision-avoidance functions. Yet no sensor suite removes uncertainty. Visibility deteriorates, communications fail, software behaves unexpectedly, and traffic situations become ambiguous. The real test is not whether an autonomous system performs well in routine conditions. It is whether the wider organization recognizes degradation early, transfers control safely and remains accountable when several safeguards fail together.
The Remote Operations Centre Challenge
That places the remote operations center at the heart of the new regime. Shipping companies will need to decide how many vessels one operator can supervise, when active intervention is required and how workload should be managed during simultaneous alarms. A ratio that appears efficient during normal operations may become unsafe when weather, traffic and technical failures affect several ships at once. The industry therefore needs staffing models based on credible worst-case demand, not average workload.
The competence question is equally important. A remote operator is not simply a deck officer working ashore. The role combines navigational judgment with systems monitoring, cyber awareness and the ability to understand the limits of automation. Operators must remain capable of taking control even after long periods in which the system performs correctly. That "out-of-the-loop" problem is well known in other safety-critical industries: people asked to supervise reliable automation may lose situational awareness precisely when rapid intervention becomes necessary.
Training should therefore focus less on ideal voyages and more on difficult handovers. Simulators must expose operators to degraded sensor data, intermittent communications, conflicting targets and incomplete information. Performance should be assessed through decision quality, intervention timing and recovery effectiveness, not merely whether a candidate remembers a procedure.
Who Is Responsible When Control Is Distributed?
Accountability also needs sharper definition. Traditional shipboard command structures identify who has authority and responsibility. Distributed operations complicate that picture. The master, remote operator, automation provider, ship manager, software integrator and communications supplier may all influence an outcome. Unless authority is clearly allocated before a casualty, investigations risk becoming contests over system boundaries and contractual wording.
Companies entering the experience-building phase should create a decision-responsibility map for every critical function. It should identify who may change the voyage plan, who can override automated action, who declares a communications emergency and who authorizes operation in a degraded mode. These arrangements must remain understandable to pilots, vessel traffic services, port authorities and emergency responders who may interact with the ship.
Cybersecurity and Resilient Fallback
Cybersecurity is another operational issue that cannot be treated as a separate information-technology exercise. Autonomy expands the number of systems that receive, process and transmit safety-critical data. A vessel may be physically sound yet operationally compromised through manipulated positioning, corrupted sensor feeds or loss of authenticated control. Resilience therefore requires diversity: independent means of position verification, secure command pathways, local fallback functions and procedures that assume shore connectivity may be unavailable.
Maintenance Without a Full Crew
Maintenance will change as well. Fewer people on board means fewer opportunities for informal detection — the unusual vibration, smell, leakage or temperature change that an experienced engineer notices during a round. Condition monitoring must become more comprehensive, but more data does not automatically produce better decisions. Owners will need thresholds for when a remotely monitored defect requires speed reduction, diversion, attendance by riding crew or withdrawal from service.
This creates a commercial discipline that has sometimes been missing from autonomous-shipping trials. Demonstrators are usually supported by specialists and carefully selected operating areas. Commercial ships must operate day after day with ordinary staffing, maintenance budgets and supply chains. The relevant measure is not whether a prototype completed a voyage. It is whether the operating model remains safe, repairable and insurable across thousands of voyages.
The MASS Code gives the industry an opportunity to build evidence before mandatory requirements arrive. Owners should use this period to document near misses, intervention frequency, communications outages, false alarms and maintenance burdens. Classification societies and flag administrations should encourage comparable reporting so that the sector learns collectively rather than repeating isolated experiments.
Three Principles for Safe Implementation
Three principles should guide implementation.
First, autonomy should be introduced by operational domain. A system approved for a defined coastal route, traffic density and weather envelope should not be assumed suitable everywhere. Second, the human role must be designed, not added at the end. Interfaces, staffing and authority should be developed alongside the automation. Third, degraded operation must be treated as a normal design condition. Safe fallback cannot depend on perfect communications or immediate human understanding.
The new code is important not because it declares autonomous shipping complete, but because it makes disciplined implementation possible. The winners will not necessarily be the companies with the most impressive algorithms. They will be those that can demonstrate controlled risk, competent human oversight, transparent accountability and reliable performance when technology is no longer behaving at its best.
that matters most
Get the latest maritime news delivered to your inbox daily.
Autonomous shipping has entered its regulatory era. Its credibility will now be determined less by what the ship can do alone than by how well the entire maritime organization supports it.
Priyatham Sanjeeva Reddy, Ramidi currently works in maritime technical and operational roles with a focus on the intersection of ship technical operations and risk management. The views expressed in the article are presented independently and do not represent those of any employer or organization.
The opinions expressed herein are the author's and not necessarily those of The Maritime Executive.