The research and development of autonomous vehicles can potentially revolutionize the transportation sector. However, as several countries worldwide prepare to roll out the technology, that will take over driving functions from testing stages to commercial phases, safety measures and regulations remain a significant concern. In addition, the anticipated shift in driving responsibilities from a driver to an autonomous vehicle serves as a motivation for researching and analyzing liability and safety concerns. Failing to develop or observe safety regulations and standards exposes autonomous vehicle users to high risks, including unexpected accidents that may cause death. More importantly, reasonable and precise determination of safety liabilities are essential to encourage manufacturers to research further how to ensure autonomous vehicles are safe and secure.
INTRODUCTION
There are different levels of autonomy guiding the development of autonomous vehicles. According to the National Highway Traffic Safety Administration, there are six levels of autonomy, which are described in the following diagram:
Figure 1: Overview of the levels of autonomy (image adapted from NHTSA)
LEVEL 0 — No autonomy, and drivers have complete control of all functions: In this level, the driver has sole and complete control of all vehicle functions, including throttle, steering, and braking. Also, the driver monitors the road to ascertain their safety as well as that of other vehicles.
LEVEL 1 — Autonomy in a specific function: A vehicle has at least one specific control function automated. Where there are multiple automated functions, their operations are independent of each other. Drivers are responsible for the vehicle’s overall control and safety operations but can choose to provide limited authority to the automated function.
LEVEL 2 — Several functions are automated at the same time: At this level, a vehicle has at least two primary functions automated and designed to work simultaneously to relieve a driver from controlling the functions. Vehicles with level 2 autonomy can use shared authority whenever the driver cedes the automated primary controls in specific but restricted driving conditions.
LEVEL 3 — Restricted autonomy: Vehicles with level 3 autonomy permit a driver to cede complete control of the vehicle’s safety-critical functionalities under specific environmental or traffic conditions. The driver can also rely on the vehicle to monitor changes in the driving conditions that may require the driver to regain control.
LEVEL 4 — High autonomy: Autonomous vehicles in this level can handle immediate responses, such as emergency braking. It is unnecessary for the passenger to be in the driver’s seat or pay full attention but must be ready to control the vehicle under certain environmental conditions.
LEVEL 5 — Complete autonomy: Under level 5 autonomy, a vehicle is designed to control all crucial safety driving functions and to monitor the road conditions throughout the journey. The vehicle’s design anticipates that the user will input the navigation or destination but will not assume the vehicle’s control at any time. The safety is solely on the fully automated vehicle.
BENEFITS OF AUTONOMOUS VEHICLES
Autonomous vehicles offer numerous benefits that range from environmental to economic. Firstly, autonomous vehicles increase passenger safety. Even today, automated functions, such as lane departure warnings, adaptive headlights, dynamic brake support, and forward-collision warnings, ensure driver safety. Vehicles with level 5 autonomy hold much promise to prevent accidents, ultimately.
Also, experts forecast that autonomous vehicles can impact traffic congestion positively. According to Silberg and Wallace (2016), annual traffic congestion delays add almost 4.8 billion vehicular travel hours. Moreover, traffic jams and congestion results in fuel wastage. As autonomous vehicles penetrate global markets, drivers will save more fuel and could avoid getting stuck in traffic. Autonomous vehicles can optimize routing by sharing data amongst each other and therefore reduce road congestion. This of course can be further magnified by leveraging rideshare where multiple people share an autonomous vehicle for their journey. Even better, autonomous platforms can leverage electric cars and eliminate use of fuel based vehicles, helping reduce air pollution.
It is also vital to appreciate the economic benefits of autonomous vehicles. For example, they may cause decentralization of urban centers since passengers can sustain longer commuting times. Urban administrations can also utilize autonomous vehicles’ ability to drop and pick passengers to create parking spaces in outer peripheral zones, freeing land used on parking spaces for more economical use.
Lastly, self-driving vehicles enhance mobility. Features in level 5 autonomous vehicles require zero human input or intervention to take a passenger from one point to another or pick up passengers at designated locations. The enhanced mobility is beneficial to individuals with diverse challenges that inhibit their ability to drive on their own.
CHALLENGES OF AUTONOMOUS VEHICLES
Despite the clear benefits, global autonomous vehicles adoption contains various challenges. These challenges can be grouped into two: general challenges and technical challenges.
GENERAL CHALLENGES
Autonomous vehicles may increase transportation usage since they encourage individuals to drive longer distances. However, the more autonomous cars are used in transportation, the higher the Vehicles Miles Travelled (VMT). A higher VMT ultimately leads to increased air pollution, causing harm to the global climate (Woldeamanuel, M., & Nguyen, 2018). Some of this can be offset by using electric cars, especially in the first world countries, where more consumer awareness and availability of options is leading to a higher utilization of environmentally friendly electric cars.
Moreover, strict requirements regarding the reliability and availability of autonomous systems imply that all functions perceived to be the driver’s responsibility shift to the autonomous car (Martin et al.,2017). Such a high degree of innovative automation breeds new regulations and standards to ensure passenger safety and other vehicles. Subsequently, manufacturers must comply with the regulations or risk developing unsafe or unapproved vehicles. Manufacturers also become liable for safety incidents involving their products, especially if the accident results from non-compliance with specific regulations.
TECHNICAL CHALLENGES
Vehicle and passenger safety is one of the most significant challenges for autonomous vehicles. The technology is still in its infancy since it is still uncertain whether it can function with the current technological abilities (Woldeamanuel & Nguyen, 2018). For instance, in a dire situation that requires an autonomous vehicle to make a critical decision to prevent a catastrophic incident, should it prioritize the passenger’s life above others? Safety challenges also breed liability concerns since it is unclear the mechanisms to be used during accident claims to ensure legal liability accountability.
The increasing sophistication of autonomous driving systems is a challenge to ensuring vehicle safety. A system required to ascertain fail-operational is expected to contain an architecture with high-complexity implemented functions (Martin et al.,2017). Such systems grow according to the interactions between implemented components. The effort involved when integrating additional safety functions in an already complicated system architecture may cause unexpected impacts due to the effect of repetitive interactions between non-linear functions of the components. Therefore, an understanding of interdependence of automated systems and their interactions with each other is a critical challenge that needs to be overcome before productionalizing any vehicle.
Autonomous vehicles also face security threats, such as inter-vehicle and intra-vehicle threats. Inter-vehicle threats could occur when malicious actors inject false data within an IoAV (Internet of Autonomous Vehicles) network (Nanda et al., 2019). Autonomous vehicles rely on shared information to help them implement various functionalities, including accident warnings and congestion control. Malicious data can cause sensors or machine learning algorithms to malfunction, resulting in unexpected outputs. On the other hand, intra-vehicle security threats primarily impact on-device or on-vehicle systems and components (Nanda et al., 2019). Attackers exploit existing vulnerabilities when an autonomous vehicle attempts to access internet connectivity for system or status updates. Adversaries can attack such connections to cause damage or destroy components providing autonomous functionalities.
To overcome these challenges one needs an understanding of automated components, their interaction, and finally a robust tech stack that protects vehicles from malicious operators.
WHY DO WE CARE ABOUT DEVELOPING A SAFE PRODUCT?
CONSUMER SAFETY
Before any reasonable on-road rollout, consumer safety has to be paramount with rigorous testing for all autonomous vehicle components. In a survey of American and European consumers ⅖ respondents expressed comfort with low-speed AV cars but that dropped when asked about a high-speed environment (businesswire, 2020). Recent fatal accidents with Uber and Tesla underscore the importance of consumer safety while designing AVs. The expectation from AVs is that it will lower the rate of crashes (especially fatal ones) as compared to human driven cars, because they are run by machines with less scope of errors. If AVs are unable to establish this clearly, it will be a significant setback to the adoption and rollout of AVs.
MANUFACTURERS AND PRODUCT LIABILITY
Current liability laws mandate manufacturers to be liable for safety incidents in autonomous vehicle products. The steady shift in a vehicle’s responsibility from the driver to an autonomous car may see a similar change in liability accidents from a passenger to the manufacturer. Product liability law, which is a combination of contract and tort law, governs vehicle manufacturers’ liability for all their products (Anderson et al., 2014). Developing unsafe products implies manufacturers will be legally responsible for accidents involving their products.
WHAT DOES IT MEAN TO BE SAFE?
Three primary safety pillars are around autonomous vehicles development and use (NVIDIA, 2018). They are:
DESIGN AND IMPLEMENTATION OF ARTIFICIAL INTELLIGENCE PLATFORMS
A scalable AI platform spanning autonomous driving design, including assisted driving, is necessary to ascertain vehicular safety. The platform should combine sensor fusion, surround vision, and deep learning to ensure passengers have a safe driving experience (NVIDIA, 2018). Such a platform helps vehicles understand the traffic conditions in real-time to plan and execute a safe path. An AI platform is pertinent to ensure passenger and vehicle safety. Since autonomous vehicles run on sophisticated computing algorithms, processing performance implies safety. Rapid processing for multiple autonomous vehicles requires a secure AI platform.
DESIGN AN INFRASTRUCTURE TO STORE AND PROCESS VAST SWATHES OF DATA
A single autonomous vehicle can potentially generate petabytes of information each year. Effective capturing, processing and managing vast swathes of data from a fleet of autonomous cars requires the development of new computing infrastructure and architecture. The AI infrastructure should train deep neural network models to ensure highly accurate precision systems required to protect autonomous vehicles and passengers (NVIDIA, 2018). Failing to develop robust deep learning infrastructure impedes the realization of driverless vehicles. Self-driving cars depend on high-performance computing to determine safe and less traffic routes and communicate with autonomous vehicles in real-time to avoid accidents and collisions.
ROBUST SIMULATION AND TESTING
Manufacturers and engineers require to validate the AI and ML algorithms and other software that power driverless vehicles before they can safely be used for road transport. Autonomous vehicles must respond appropriately to diverse situations they could encounter to prevent accidents (NVIDIA, 2018). As such, engineers should simulate and test autonomous vehicles in environments resembling the real world to ensure safe operation. Failing to subject autonomous vehicles to sufficient tests can cause the use of unsafe cars, endangering the lives of all road users.
CURRENT STATE OF THE ART
FUNCTIONAL SAFETY ISO 26262
Traditionally, automotive manufacturers base their safety strategy on the premise that human drivers have the ultimate responsibility for their safety. The development of automated vehicles has resulted in a different interpretation of ISO 26262 “Road Vehicles — Functional Safety” that details functional safety. Generally speaking, functional safety is applied to ascertain that a system can mitigate failure risks adequately in light of identified hazards (Gosavi, Rhoades & Conrad, 2018). The required mitigation depends on the system’s operational exposure to dangers, the severity of a possible hazardous event, and a driver’s controllability of the system in case of a failure.
These factors culminate into Automotive Safety Integrity Level (ASIL) per predefined risk registers. An assigned ASIL for a system’s function determines the process and technical mitigations to be applied. Therefore, ISO 26262 emphasizes avoiding design faults and mitigating the impacts resulting from equipment failure when in operation (Gosavi, Rhoades & Conrad, 2018).
ISO 26262 is primarily a functional safety standard that governs systems engineering in autonomous vehicles. The standard can also be used to interpret other aspects of an AV like crucial system properties, including maintainability, reliability, security, availability. Safety engineering and reliability engineering are pertinent to realizing the safety of autonomous vehicles. However, while reliability engineering focuses more on costs by determining failure resulting from system downtime, repair equipment, warranty claims, and cost of vehicle spares, safety engineering is more concerned with preserving passenger or vehicle life. As such, safety engineering deals with critical autonomous vehicle failure modes.
Also, ISO 26262 provides requirements guidance by recommending measures for reducing risks that may cause systematic product failure. However, most manufacturers face challenges in complying with the standard because it provides recommendations and requirements but fails to elaborate on how companies can meet and implement them explicitly. Therefore, complying with various aspects of the standard may necessitate expert knowledge in diverse functional safety areas to develop a thoughtfully argued interpretation of the standard.
It is vital to note that while ISO 26262 provides guidelines and recommendations in the case of system failures, it fails to account for other safety hazards that may occur in the absence of system failures. As a result, there was a need to develop a new standard, dubbed ISO/PAS 21448, commonly referred to as SOTIF (Safety of the Intended Functionality). SOTIF purposes of guaranteeing the safety of an autonomous vehicle’s functionality when there are no systematic faults. On top of both ISO 26262 and SOTIF, basic cybersecurity requirements ensure autonomous vehicle processes privacy and security as depicted in the figure below:
Figure 2: SOTIF was developed to address safety issues that do not occur as a result of system failure (adapted from Yoshida, 2019)
ISO/PAS 21448 (SOTIF)
Safety of the Intended Functionality (SOTIF) is a safety standard developed for driver assurance functions that may fail to operate as envisioned even in the absence of equipment failures. The standard’s primary purpose is to mitigate risks due to unexpected operating conditions, where an intended function fails to operate as a result of algorithm or sensor limitation. It also seeks to close gaps in requirements, such as an inadequate description of the intended functionality (Koopman et al., 2019).
SOTIF is a crucial standard since it is applied on top of ISO 26262 to cover missed safety measures. For example, it offers validation, verification, and design measures for manufacturers. Applying the measures can assist companies to develop safety in areas they may not anticipate failures. Examples of design measures are a specific requirement describing expected sensor performance, and simulations help organizations validate complete products. Other concerns addressed in SOTIF are:
Inadequate situational awareness
Removing unknowns (focusing on determining and filing requirement gaps)
Foreseeable machine-human interaction and misuse problems
Challenges resulting from the operational environment, such as infrastructure and weather
CONCLUSION
Autonomous, self-driving vehicles are the future of transportation. As the industry innovates and moves vehicles from L0 to L5, there are numerous safety challenges that need to be understood and solved before AVs are cleared (by regulatory bodies and society) for a broader rollout. Traditional standards like ISO 26262, would need to be used as a baseline to guide an autonomous vehicle’s build, but those standards would also need to be updated and modernized for the various safety challenges in an AV world. The three biggest pillars guiding the development of safe autonomous vehicles are designing an AI platform, developing an infrastructure to process data (software stack), and robust simulation and testing. Each of these pillars eventually break-out into numerous safety requirements, across hardware (sensors like LIDAR, Camera, Radar etc.) and software, further increasing the complexity around AV safety.
Comments