Deriving Architectural Requirements for SAE J3016 ^TM Level 3 System from Functional Safety Perspective

Vehicles with SAE J3016TM Level 3 systems are exposed to road infrastructure, Vulnerable Road Users (VRUs), traffic and other actors on roadways. Hence safe deployment of Level 3 systems is of paramount importance. One aspect of safe deployment of SAE Level 3 systems is the application of functional safety (ISO 26262) to their design, development, integration, and testing. This ensures freedom from unreasonable risk, in the event of a system failure and sufficient provisions to maintain Dynamic Driving Task (DDT) and to initiate Minimum Risk Maneuver (MRM), in the presence of random hardware and systematic failures. This paper explores leveraging ISO 26262 standard to develop architectural requirements for enabling SAE Level 3 systems to maintain DDT and MRM during fault conditions and outlines the importance of fail-operability for Level 3 systems, from a functional safety perspective. At a high-level, UN Regulation No. 157 – Automated Lane Keeping Systems (ALKS) is used as a baseline for deriving safety goals for SAE Level 3 systems, to ensure that the operation of Level 3 systems with failure conditions are free from unreasonable risk. This paper discusses the process by which these safety goals are manifested into architectural requirements for safely deploying SAE Level 3 systems. It highlights how fail -operability is a necessary characteristic to sustain DDT to tolerate safety-critical failures (single point, plausible dual point, or common cause failures) and to initiate MRM to bring the vehicle to a safe state or until the driver takes over.