By David Ward, Horiba Mira senior technical manager for functional safety
With less than six months until the new UN regulations on Automated Lane Keeping Systems (ALKS) are enabled, automakers are preparing for a new ‘common rulebook’ for Level 3 automation of vehicles.
But with an international standard for functional safety already in place, what does best practice look like in the new ALKS era?
When the UNECE’s World Forum for Harmonization of Vehicle Regulations published its new ALKS regulations in June, it was another step forward for functional safety engineering standards.
Set to apply to 60 countries including the UK, Japan and European Union member states from January 2021, the regulations are designed to enable the safe introduction of ‘Level 3’ automation features in certain traffic environments.
At Level 3, the driver is permitted to take their hands off the wheel and eyes off the road, but is expected to be ready to take back control if required in case of malfunction or error.
Most recently the move towards ALKS became the subject of numerous national headlines as the UK government launched its consultation on the technology – marking the start of a much greater onus on this important step forward in the transition to autonomy.
In practice, ALKS will most likely mean that automakers may need to take a closer look at their functional safety processes. The new requirements are certainly progress as, for the first time, they put functional safety of automation features on the road to eventually becoming a legal obligation. In reality, those automakers who are already committed to safety and working to existing international standards, are likely to achieve and maintain compliance with the new regulations too.
Achieving functional safety
Of course, functional safety is nothing new for automakers.
For a number of years, Horiba Mira has worked with clients across the industry to help meet the requirements of the international standard ISO 26262 Road Vehicles – Functional Safety.
ISO 26262 is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars.
It addresses possible hazards caused by malfunctioning behaviour, including those through interaction between systems.
The standard was first introduced in 2011 (later updated in 2018) and whilst there is no direct legal obligation to follow it, it is considered state of the art and best practice across the industry and is widely followed worldwide. This has also played a part in contributing towards functional safety in engineering becoming a relatively mature discipline. However, the extent to which the standard is likely to be adhered to is very much still dependant on each organisation, their engineering programme or product lifecycle.
The new ALKS regulation makes an explicit reference to ISO 26262 and although the document doesn’t explicitly mandate it, audit and assessment should be carried out in line with the standard in order to demonstrate compliance in the processes being used. It is reasonable to assume, therefore, that adherence with ISO 26262 will ensure compliance with ALKS.
The SOTIF challenge
There is another international document which supports the safety of autonomous vehicles. ISO/PAS 21448 Road Vehicles – Safety of the Intended Functionality (SOTIF) provides guidance on design, verification, and validation measures relating to functional performance.
Once again, the ALKS regulation makes explicit reference to this document, so the expectation is that adherence to ISO/PAS 21448 will ensure compliance with ALKS.
It applies to the functional performance of a system, recognising that faults could come from inaccurate performance of for example, a sensor such as a radar or camera, which could give false positive or false negative detection of objects. This is in contrast with traditional functional safety (ISO 26262) which is concerned with mitigating risk due to system failure or malfunction.
One of the challenges with SOTIF is the continuous development of enhanced technology.
There is always something new which emerges, so when do you stop testing?
There is also some debate about whether SOTIF and functional safety are really separate as the two documents would suggest, or whether they are closer – in fact, SOTIF was originally intended as an additional point in ISO 26262.
However, it is clear in the new regulations that both are critical and the approval body will be looking for both being considered.
The additional challenge is that SOTIF is a more emerging concept and ISO/PAS 21448 is only deemed to cover up to Level 2 of automation. Whilst an initial PAS document has been developed as the industry works towards a SOTIF standard to Level 3, it remains a working project for leading contributors including HORIBA MIRA, which is actively engaged in writing the new standard at international level.
With this in mind, the key for many automakers is in being prepared for external scrutiny.
This is not just a case of meeting regulations at the time of going for approval, manufacturers need to demonstrate that they are following the correct procedures through a continual process of checking and compliance – in most cases, the focus therefore will be on documentation and preparation, rather than introducing any specific new safety measures or processes.
Those organisations adhering to ISO 26262 and ISO 21448 should already be doing the right things to meet the new regulatory scrutiny which will be placed upon them from January 2021.
The key will be in formalising processes and demonstrating the effectiveness of those processes through a full safety process audit and possible certification - for which many will turn to a third-party auditor like Horiba Mira.
Crucially, this can also support external certification to the ISO standards, which again is not a requirement of the new regulations, but does make it easier to demonstrate adherence whilst mandating the requirement for ongoing surveyance to maintain compliance too.
The benefits of early engagement
One of the benefits of external assessments – whether it is to demonstrate the requirements of legislation of not – is addressing any potential safety issues early in order to minimise costly redesigns further in the production process.
The ALKS regulation states that the Approval Authority shall undertake an assessment of the product to determine whether it meets the safety aspects required.
The challenge for manufacturers will be how much information they want to share in terms of product design.
When Horiba Mira undertakes an independent functional safety assessment for clients, it is a staged activity.
We go in at key gateways throughout the programme to ensure early identification of any potential safety issues and this, in turn, will now provide the information required for approval authorities because assessments can be carried out throughout the process.
Ultimately, the ALKS regulations will state the regulatory requirements expected of manufacturers and, in doing so, set a globally accepted minimum set of expectations around the ISO 26262 and ISO 21448 standards.
There will be further changes as this fast-paced industry continues to develop, but greater clarity will only support enhanced safety.
Now the focus turns to manufacturers in demonstrating their commitment and processes to external scrutiny.