Controllability and Driving Automation

A key challenge for manufacturers of automotive systems, hardware components and software products with no contribution to driving automation is the stringent requirements imposed on elements while being integrated into vehicles with driving automation. The result is increased development cost and low reusability. For such elements or components with no contribution to driving automation, their functions and failure modes remain unchanged when comparing vehicle integration with and without driving automation. The influence of driving automation is not accounted for in the current approach of classifying risk while conducting a Hazard Analysis and Risk Assessment (HARA). Functional safety standards for on-road vehicles rely on human intervention as a parameter to classify risk. Since current safety standards for on-road vehicles are not inclusive of driving automation concepts, classification of risk, based on existing definitions of parameters such as controllability, leads to stringent integrity level requirements. The lack of human intervention forks the analysis into two paths: forces the analysis to use the worst-case scenario where the hazardous event is uncontrollable or use an alternate method to classify risk at the cost of non-conformity with the standard. An update to the definition of controllability to accommodate scenarios where human intervention is not available can potentially lead to reasonable outcomes while imposing automotive safety integrity level requirements on such elements. The two-fold challenge to this adaptation is firstly, creating a definition that fulfills both use cases. Importantly, a definition that preserves the underlying principles of the original definition, such that no inadvertent risks are introduced as a result of the adaptation.