David Ward, senior technical manager for functional safety at automotive engineering consultancy HORIBA MIRA, asks what best practice looks like in the new era of Automated Lane Keeping Systems.
Vehicle manufacturers are preparing a new ‘common rulebook’ for Level 3 automation of vehicles, with just months until the new UN regulations on Automated Lane Keeping Systems (ALKS) are enabled. But with an international standard for functional safety already in place, what does best practice look like in the new ALKS era?
June saw another step forward for functional safety engineering standards with UNECE’s World Forum for Harmonization of Vehicle Regulations publishing its ALKS regulations.
From January 2021, this is set to apply to 60 countries including the UK, Japan and EU member states.
The regulations are designed to enable the safe introduction of ‘Level 3’ automation features in certain traffic environments, with the driver permitted to take their hands off the wheel and eyes off the road, but expected to be ready to take back control if required, in case of malfunction or error.
ALKS has already made national headlines recently due to the UK government launching its consultation on the technology, which marks the start of a much greater onus on this significant step forward in the transition to autonomy.
It will most likely mean that vehicle manufacturers may need to take a closer look at their functional safety processes, in practice. For the first time, the new requirements are already in progress as they put functional safety of automation features on the road to eventually becoming a legal obligation.
In reality manufacturers are already committed to safety and working to existing international standards, in order to achieve and maintain compliance with new regulations too.
Achieving functional safety
For a number of years, HORIBA MIRA has worked with clients across the industry to help meet the requirements of the international standard ISO 26262 Road Vehicles – Functional Safety, with functional safety being nothing new for automakers.
ISO 26262 is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems, and that are installed in series production passenger cars. It addresses possible hazards caused by malfunctioning behaviour, including those caused through interaction between systems.
The standard was first introduced in 2011 (later updated in 2018) and while there is no direct legal obligation to follow it, it is considered state of the art and best practice across the industry and is widely followed worldwide. This has also played a part in contributing towards functional safety in engineering becoming a relatively mature discipline.
However, the extent to which the standard is likely to be adhered to is very much still dependant on each organisation, its engineering programme or product lifecycle.
The new ALKS regulation makes an explicit reference to ISO 26262 and although the document does not explicitly mandate it, audit and assessment should be carried out in line with the standard in order to demonstrate compliance in the processes being used. It is reasonable to assume, therefore, that adherence with ISO 26262 will ensure compliance with ALKS.
The SOTIF challenge
There is another international document which supports the safety of autonomous vehicles. ISO/PAS 21448 Road Vehicles – Safety of the Intended Functionality (SOTIF) provides guidance on design, verification, and validation measures relating to functional performance. Once again, the ALKS regulation makes explicit reference to this document, so the expectation is that adherence to ISO/PAS 21448 will ensure compliance with ALKS.
It applies to the functional performance of a system, recognising that faults could come from inaccurate performance of for example, a sensor such as a radar or camera, which could give false positive or false negative detection of objects. This is in contrast with traditional functional safety (ISO 26262) which is concerned with mitigating risk due to system failure or malfunction.
One of the challenges with SOTIF is the continuous development of enhanced technology. There is always something new that emerges, so when do you stop testing? There is also some debate about whether SOTIF and functional safety are really separate as the two documents would suggest, or whether they are closer – in fact, SOTIF was originally intended as an additional point in ISO 26262. However, it is clear in the new regulations that both are critical and the approval body will be looking for both being considered.
The additional challenge is that SOTIF is a more emerging concept and ISO/PAS 21448 is only deemed to cover up to Level 2 automation. While an initial PAS document has been developed as the industry works towards a SOTIF standard to Level 3, it remains a working project for leading contributors including HORIBA MIRA, which is actively engaged in writing the new standard at international level.
Achieving compliance
Being prepared for external scrutiny is the priority for the majority of automakers. Manufacturers need to demonstrate all correct procedures through a consistent and continual process of compliance and checking.
The focus in most cases will therefore be on documentation and preparation, rather than introducing any specific new safety measures or processes.
Those organisations adhering to ISO 26262 and ISO 21448 should already be doing the right things to meet the new regulatory scrutiny which will be placed upon them from January 2021. The key will be in formalising processes and demonstrating the effectiveness of those processes through a full safety process audit and possible certification - for which many will turn to a third party auditor like HORIBA MIRA.
Crucially, this can also support external certification to the ISO standards, which again is not a requirement of the new regulations, but does make it easier to demonstrate adherence while mandating the requirement for ongoing surveillance to maintain compliance too.
The benefits of early engagement
One of the benefits of external assessments – whether it is to demonstrate the requirements of legislation of not – is addressing any potential safety issues early in order to minimise costly redesigns further in the production process.
The ALKS regulation states that the Approval Authority shall undertake an assessment of the product to determine whether it meets the safety aspects required. The challenge for manufacturers will be how much information do they want to share in terms of product design.
When HORIBA MIRA undertakes an independent functional safety assessment for clients, it is a staged activity. We go in at key gateways throughout the programme to ensure early identification of any potential safety issues and this, in turn, will now provide the information required for approval authorities because assessments can be carried out throughout the process.
Ultimately, the ALKS regulations will state the regulatory requirements expected of manufacturers and, in doing so, set a globally accepted minimum set of expectations around the ISO 26262 and ISO 21448 standards. There will be further changes as this fast-paced industry continues to develop, but greater clarity will only support enhanced safety. Now the focus turns to manufacturers in demonstrating their commitment and processes to external scrutiny.
Dr David Ward is senior technical manager for functional safety at automotive engineering consultancy HORIBA MIRA.
