|
Abstract
|
27th International Technical Conference on the Enhanced Safety of Vehicles (ESV): Enhanced and Equitable Vehicle Safety for All: Toward the Next 50 Years
https://www-esv.nhtsa.dot.gov/Proceedings/27/27ESV-000345.pdf
Designing, developing, testing, and deploying an Automated Driving System (ADS) for use on public roadways in the United States is challenging for a variety of reasons, including for the ADS developer in defining and describing their approach for ensuring the safety of their vehicles. An autonomous vehicle is subject to National Highway Traffic Safety Administration (NHTSA) motor vehicle safety requirements, despite there being no defined Federal Motor Vehicle Safety Standards (FMVSS) that govern ADS performance requirements. The operation itself may be subject to other federal safety, state, and local laws and regulations depending on the type of operation (e.g., commercial motor vehicle or passenger service operation) and operating location. In addition, there is federal voluntary guidance containing priority safety design elements and a growing number of relevant industry-developed consensus standards and best practices available to an ADS developer to consider and incorporate in the design of their ADS. In navigating these various regulatory frameworks, standards, and best practices, the ADS developer is still ultimately responsible for defining and ensuring safety for their own vehicles. A safety case-based approach is a valuable way to provide such assurance.
A safety case is a structured argument, supported by evidence, intended to justify that a system is acceptably safe for a specific application in a specific operating environment. While this approach is not entirely new – safety cases have been incorporated into other safety-critical industries – safety cases for the development of autonomous vehicles are novel.
A safety case-based approach creates value through both flexibility and a high degree of rigor, if applied correctly. It is flexible because it provides the ADS developer with the latitude to determine what claim to make, and it is rigorous because there must be evidence to substantiate it. For example, there are now several publicly available voluntary industry standards and guidance spanning many important topics related to the development and safe operation of an ADS. These topics include functional safety, behavioral safety, and safety assurance for machine learning systems. The emergence of these standards provide1 varying perspectives that ADS developers should consider and how an ADS developer implements these standards can be the basis of a safety case claim related to adhering to industry standards.
This paper will present Aurora's experience and lessons learned in developing and implementing its own Safety Case Framework. |