This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Safety Assurance for Automated Driving Systems: Open Problems and Learnings from a Review of Other Domains
ISSN: 2574-0741, e-ISSN: 2574-075X
To be published on September 16, 2022 by SAE International in United States
Citation: Ballingall, S., Sarvi, M., and Sweatman, P., "Safety Assurance for Automated Driving Systems: Open Problems and Learnings from a Review of Other Domains," SAE Intl. J CAV 5(3):2022.
Automated Driving Systems (ADSs) for road vehicles will be capable of performing the entire Dynamic Driving Task (DDT) without the active involvement of a human driver. Further, many ADSs will use Machine Learning (ML) to progressively adapt their driving functionality during in-service operation. This presents challenges for traditional regulatory frameworks, which do not readily support automated driving without a human driver or support safety-critical systems using ML to modify driving functionality post-market entry. However, these challenges are not entirely unique to ADSs. A review was undertaken into approaches taken in other domains to assure safety-critical systems that enable automated operation and adaptive functionality. Other transport modes were reviewed, including adaptive flight control systems in aviation, autonomous ship control systems in maritime, and automated train operation in rail. Non-transport domains were also reviewed, including medical devices in healthcare, control systems in nuclear power plants (NPPs), and autonomous weapons in the military. A range of findings are presented, covering issues relating to domain-specific functional safety standards, whole-of-life assurance, autonomous operation, and adaptive system changes. The lack of specific requirements or guidance relating to whether ML-enabled safety-critical changes could occur autonomously online within predetermined boundaries or should be restricted to only occur offline with human oversight was a specific issue identified as deserving of further research. A key recommendation is that the development of ADS safety assurance frameworks should give due consideration to learnings and open problems identified in other domains, while being cognizant that the differences and unique aspects of road transport mean not all findings will readily translate.