As the continent's automotive hub, Germany is aiming to become the leading force in driving autonomous mobility. This, however, means challenges in terms of functional regulations.
Germany has recently announced that it is planning to legalize self-driving vehicles on public roads. The announcement came shortly after a recent statement made by Chancellor Angela Merkel, according to whom Germany is to take a “pioneering role” in autonomous driving.
This step further demonstrates the magnitude of global emphasis on the future of mobility and the need for global cooperation. The foundations of the latter were laid down during a global summit in June, during which 50 countries have agreed to instate common regulations for driverless vehicles. But that’s just the first step, and the actual wording and requirements of these future regulations are yet to be revealed.
Safety considerations of vehicle autonomy
We distinguish between five different levels of autonomy when it comes to self-driving vehicles. Level 1 means that the driver still controls the vast majority of vehicle functions, while Level 5 refers to a system that completely controls the vehicle on a par with a human driver, even in extreme conditions, with no intervention from human drivers. The design and development process of such a system has proven to be a rocky road – at times, literally. Bad road or weather conditions, unexpected and emotional traffic decisions on the part of human drivers, and radar interference can all cause dangerous situations for the AI controlling the machine.
According to a 2018 report published by WHO, about 1.2 million people die each year on the roads. Considering the growing demand for motor vehicles globally, regulators need to find ways to reduce the number of accidents caused by both human error and faulty components. While legislators are finding ways for reducing the risk associated with the former (zero-tolerance for alcohol, compulsory use of seat belts, etc), engineers must look at ways for minimizing the risk of faulty components.
Safety standards for self-driving cars
ISO 26262 (“Road vehicles – Functional safety”) is a standard originally published in 2011. We consider Functional Safety to be the absence of unacceptable risk due to faults in the system. This is a well-known and pivotal requirement in terms of mechanical components and can be well-managed in a V-model development framework.
However, consider this: a Mercedes-Benz car, according to Daimler, contained approximately 10 million lines of code in 2010. This number today is well past 150 million. A few years ago, engineers would have had a few years to develop a new or redesigned component for their vehicles to be implemented in the new model. Today, this can be handled through a software update from the cloud. This results in a need for continuous improvement and an agile approach to development. Although this in itself complicates functional safety and regulatory compliance in the automotive industry, autonomous driving systems are a whole different question.
While the technology for driverless cars already more or less exists (and continues to rapidly develop), we can expect self-driving vehicles to be roaming our streets in no more than a few years, or a decade at most. Yet regulators seem to be trailing behind technological advancements.
According to automotive consultant Fabian Källström, “The challenge is in terms of turning/shifting a manual vehicle fleet into a connected/autonomous fleet. The transition could be simplified by physically separating manual and autonomous vehicles. This is due to the lack of or lags in the communication between a driver and an autonomous system. V-2-V is a necessary thing and will require a supervisory system, and I think the automotive industry must start to look more at the railway industry in terms of safety.”
The first autonomous train system was implemented in London in 1967 on the Victoria Line. While a fundamental similarity between railway and road applications of autonomy is that the slightest error could have disastrous implications, the complexity of a system required for driving on a closed track is considerably lower than that intended for public roads.
Limitations of simulation, difficulties of regulation
Autonomous driving systems are developed in simulators, where the AI behind them can understand traffic situations and work out ways to make safe driving decisions. Hence, the AI can only be as good as the model allows it to be – which in turn can only be as advanced as developers design it to be. This results in limitations we may only notice once we let them out on public roads.
Take, for example, the most recent scandal: autonomous driving vehicles are reported to be less efficient in noticing people of color, as all the human models used in the virtual simulation environment were white. Easily corrected in hindsight, yet catastrophic if not noticed in time. One might wonder how many similar limitations there may be which developers simply haven’t thought of. "The automotive sector should, in the future, focus more on the limitations of design, thereby how the system could perform in the worst case and not only analyze the cases and build preventive measures" continues Fabian Källström.
And while it’s worth debating whether it’s safe to allow vehicles to drive on real-life roads that have so far only driven in simulations, now alongside actual humans, one thing we can be sure of: the regulations surrounding autonomous vehicles are going to be at least as strict as ISO 26262. Thus, the challenge manufacturers are facing now is that they are building a system, investing millions of dollars and tons of time and human resources, unsure of whether or not it’s going to pass the regulations that are yet to be defined.
How to design the future’s self-systems – today?
Having to go back and redo the documentation, redesign workflows once the regulations are published, and possibly rework products or components can cost companies months and millions of dollars. In such a competitive industry, this could make or break success. So what can organizations do to ensure that they have a competitive edge and are as prepared as possible for future regulations?
An increasing number of automotive suppliers developing products with software components are turning to Application Lifecycle Management tools to give them the necessary foundation for building embedded systems (increasingly in an Agile environment) while maintaining compliance with functional safety requirements. While the exact requirements of future regulations are unclear just yet, what companies can do is make sure their documentation is as transparent and organized as possible, in line with ISO 26262 and higher levels of ASPICE.
Tools such as codeBeamer ALM foster collaboration and offer end-to-end traceability in terms of requirements, risk, test management, and validation. With our bespoke ISO 26262 predefined template, companies are benefiting from effortless audits and easy-to-follow built-in workflows. As opposed to legacy tools, codeBeamer is built from its very core to support Agile development, offers out-of-the-box integrations with the most common software tools used in the mobility industry, and works in the cloud to support secure remote collaboration.