Functional Safety & SOTIF for Autonomous Vehicles: Safe-of-The-Intended-Functionality

Thanks to rapid advances in AI, sensor technology, computer vision, and data processing, cars are gradually gaining the ability to independently perceive their surroundings, make decisions, and operate without direct human intervention. However, along with these capabilities, the level of responsibility for ensuring the safety of such systems is also increasing, as any error or unforeseen behavior of an autonomous vehicle can lead to serious consequences.

The traditional approach to ensuring the safety of automotive systems is based on the concept of functional safety, as defined by the international standard ISO 26262. However, a significant portion of the risks is associated with sensor limitations, environmental perception algorithms, or incorrect interpretation of the traffic situation, even when the system operates without technical errors.

Key Takeaways

• Safety and standards are core to the deployment of autonomous vehicles.
• Functional safety and SOTIF address different but complementary risks.
• GNSS and integrity metrics enable lane-level decisions and monitoring.
• Real-world deployments increase the need for scalable assurance.

Standards ISO 26262, ISO 21448, and ISO/PAS 8800

Functional safety SOTIF autonomous driving annotation: Data and Labeling Best Practices

Most modern environmental perception algorithms are based on machine learning methods that require large amounts of accurately labeled data for training and testing. Incorrect or incomplete annotation can lead to errors in object recognition, potentially creating dangerous situations on the road.

From a functional safety perspective, data and its processing must be integrated into the risk management process throughout the system’s entire lifecycle. This includes verifying dataset quality, implementing version control, ensuring traceability of data sources, and documenting annotation processes.

The SOTIF concept, formalized in ISO 21448, expands on these requirements by focusing on hazards arising from limitations in the operation of perception systems. An algorithm may misclassify an object due to insufficient diversity in the training data or complex environmental conditions (poor lighting, rain, fog). To mitigate such risks, it is important to ensure that datasets include a variety of scenarios, including rare or complex traffic situations. One of the key aspects of ensuring the safe operation of autonomous driving systems is adherence to best practices for data annotation:

• Clear annotation guidelines. Detailed instructions must be developed for labeling objects (pedestrians, vehicles, road signs, road markings, etc.). Consistency among annotators reduces the risk of ambiguous or incorrect labels.
• Annotation quality control. Using multi-level verification, including automated tools and manual expert review, helps identify annotation errors.
• Data diversity. Training datasets must cover a range of weather conditions, times of day, road types, and road user behavior so the system can operate reliably in real-world conditions.
• Identification of edge cases. Special attention is paid to rare or unusual scenarios that can cause errors in perception algorithms, such as atypical pedestrian behavior or non-standard road signs.
• Data traceability. It is necessary to ensure the ability to trace the origin of each dataset and changes made during the annotation process, which is an important requirement for the certification of safety systems.

Positioning Integrity and ODD Awareness: GNSS, PL/AL/TIR, and System Reliability

Summary

As autonomous technologies increasingly rely on complex perception algorithms, machine learning models, and satellite positioning systems, safety cannot be addressed solely through traditional fault-based engineering methods.

Improving the safety of autonomous vehicles depends on continuous verification, interdisciplinary engineering practices, and adherence to constantly evolving safety standards. By integrating functional safety, SOTIF methodologies, and integrity-by-design, the automotive industry can move closer to implementing autonomous mobility solutions that are both technically reliable and safe for widespread public use.

FAQ

What is functional safety in autonomous vehicles?

Functional safety ensures vehicle systems operate correctly even if components fail, reducing risks to passengers and other road users. It is governed by ISO 26262.

What is the purpose of SOTIF requirements?

SOTIF requirements address hazards that arise from system limitations or perception errors, ensuring safety even when no technical faults occur.

What role does hazard analysis play in autonomous driving?

Hazard analysis identifies potential dangers, evaluates risk, and defines safety measures to prevent accidents. It is essential for both functional safety and SOTIF compliance.

Why is safety annotation important for autonomous vehicle datasets?

Safety annotation provides accurate labeling of objects, road features, and scenarios, allowing perception algorithms to make reliable decisions in real-world conditions.

What is the difference between ISO 26262 and ISO 21448?

ISO 26262 focuses on failures in electronic and software systems, while ISO 21448 (SOTIF) addresses risks caused by system limitations or environmental conditions.

What is the significance of GNSS in autonomous vehicle positioning?

GNSS provides global coordinates and timing, forming the foundation for navigation and location-based safety decisions.

What is Protection Level (PL) and Alert Limit (AL)?

PL is the estimated maximum positioning error with a confidence level, and AL is the threshold above which the system must alert or limit operation to remain safe.

What is ODD awareness in autonomous systems?

ODD awareness enables vehicles to recognize operational conditions, such as road type, traffic, and weather, ensuring safe operation within defined boundaries.

What is the role of AI/ML verification in safety?

Verification ensures AI algorithms correctly interpret data and act safely across diverse scenarios, supporting both functional safety and SOTIF.

Why is system reliability critical for autonomous driving?

Reliable systems consistently perform intended functions, reducing the likelihood of hazards caused by sensor failures, software errors, or incorrect perception.