The fast development of autonomous driving technology is prompting regulators to rethink safety standards. Applying a SOTIF approach, ISO/PAS 21448:2019 is widely expected to become the first universal standard for (highly) autonomous vehicles.
Based on the vast amounts of investment and innovation effort going into the development of autonomous driving technology, you may assume that a bright self-driving future is imminent. Technologically speaking, you may be right: while there are still some challenges to overcome, autonomous technology is developing at a very rapid pace, and full vehicle autonomy seems attainable in the near future. Yet there’s another, equally important factor that we have to consider: public concern over driverless cars.
Research has shown that trust in autonomous mobility is far from solid, and dwindling. This has likely been influenced by certain autonomous testing accidents that received much publicity in recent years. As this lack of public trust is risking widespread adoption of the technology, both developers and regulators have called for comprehensive standards to guarantee safety requirement completeness in autonomous vehicles (AV).
So far, ISO 26262 has been the primary standard in automotive development. That regulation focuses on functional safety, aiming to eliminate the chance of electric/electronic (E/E) systems malfunctions. In the context of autonomous systems, however, malfunctions aren’t the most important factor you’ll need to worry about.
An autonomous car’s situational awareness is the result of combining data from a variety of complex sensor systems, lasers, lidars, cameras, radars, etc. All this data is processed and interpreted by algorithms driven by Machine Learning and Artificial Intelligence. Extreme or unforeseen situations may confuse these algorithms, resulting in unsafe behaviour.
In self-driving cars, risks may stem from a wide set of factors: a misuse of the function by the driver (that can be reasonably expected), performance limitations of sensor or other systems, and even unforeseen changes in the vehicle’s environment (including extreme weather conditions).
A new set of regulations, ISO/PAS 21448:2019 was devised to account for edge cases that may give rise to safety hazards that do not result from any system failures. Rather than focusing on failures, this new standard covers malfunctions in the absence of faults: any unintended consequences that result from the technological shortcomings of the system by design.
Put simply, ISO/PAS 21448 complements ISO 26262. It uses the same vocabulary, but extends it with autonomous-specific terms, and its scope is complementary to ISO 26262. They are different standards, and it is their combination that helps autonomous developers avoid hazardous situations – both in the presence and in the absence of malfunctions and unintended use cases.
The keyword of paramount importance that ISO/PAS 21448 is built around is SOTIF, or the Safety of the Intended Functionality. The standard defines SOTIF as follows:
The absence of unreasonable risk due to hazards resulting from functional insufficiencies of the intended functionality or by reasonably foreseeable misuse by persons is referred to as the Safety Of The Intended Functionality (SOTIF). – ISO/PAS 21448:2019 ROAD VEHICLES -- SAFETY OF THE INTENDED FUNCTIONALITY
ISO/PAS 21448 provides guidance on the design, verification, and validation measures that developers can apply in order to achieve the SOTIF in their autonomous mobility products. It helps developers attain safety requirement completeness to ensure safety even when the system is used in unkown or unsafe conditions, including the reasonably foreseeable misuse of autonomous vehicles. The standard, however, does not cover feature abuse (e.g. cases where the system is intentionally altered).
For developers of autonomous driving technologies, this new standard means a new approach to systematic failure analysis. Rather than focusing solely on malfunctions, ISO/PAS 21448 takes the complexity approach, requiring developers to account for any potential hazards resulting from the sheer complexity of the technologies covered by the standard. Many see that as the future of safety standardization.
What this means for developers, in practical terms, is increased focus on testing strategies and a need to apply statistical analysis in their safety validation efforts. Virtual simulation, that is, simulating a vast variety of road conditions to verify the intended and safe functioning of their autonomous technologies, is becoming a fundamental strategy.
The effect that ISO/PAS 21448 will have on public attitudes toward autonomous technologies remains to be seen. But as the first step of regulatory efforts to ensure the functional safety of AVs, it is definitely an important and long-awaited initiative.