Tough road to safe autonomous vehicles
SHENZHEN, China — Experts in autonomous driving from many of the leading automotive OEMs gathered at the SAE China’s Automated Vehicle Security & Safety Technology Conference here this week to report on their progress with autonomous vehicle (AV) safety standards. Several years into the development of AVs, the experts detailed how to conform to various safety standards. A few also questioned if China's new EV startups have had enough time to digest standards, let alone putting a fundamental safety-by-design process in place.
The road to safe autonomous vehicles (AVs) has proven much tougher, and now looks a lot longer, than anyone in the AV industry anticipated just a few years ago.
On one hand, some car OEMs have cleared a hurdle by making AVs that conform to functional safety and security standards. On the other, developers’ desire to win the AV race is so fierce that most are now competing on safety claims — and that's an issue too.
At the conference, speakers offered presentations focused on automotive safety/security standards that range from functional safety (ISO 26262) to Safety of the Intended Functionality (SOTIF, or ISO/PAS 21448) and cybersecurity (ISO/SAE 21434). Many speakers also spent time connecting the dots among various standards, emphasizing that they are not isolated.
(Source: NXP Semiconductors) Click here for larger image
Pang Sung-Hoon, a specialist at the China FAW Group, discussed the significance of harmonizing ISO 26262 and SOTIF in his team’s first L3 Autonomous Vehicle design, which he said is near completion.
Matt Thrasher of Ford Autonomous Vehicles spoke about leveraging Systems Theoretic Process Analysis (STPA) for SOTIF and how best to use a model-based approach to facilitate early verification via simulation.
Timo van Roermund, director of automotive security at NXP Semiconductors, stressed that no carmakers can achieve safety without security. He said safety and security must be addressed at all levels from IC level to domain architecture and mobility services.
China today reportedly has close to fifty car OEMs, only ten classified as traditional automakers. Most are new EV startups. Many, including the newcomers to the automotive industry, appear to be cramming hard on the nuances and advancements of functional safety and security standards.
Nailing down functional standards is the first phase. AV developers in China are pushing toward phase two, as they engage in simulations, in test courses and on public roads — just like their peers in the United States.
During the SAE China conference, I moderated an AV system safety panel that included some of Asia’s most experienced automotive industry pros. One of the first questions I asked: “Of all the things you are learning from AV testing, which data or lessons are you willing to share with other automotive companies?”
The question induced a long pregnant pause. My panelists looked at one another uncomfortably. Finally, a few murmured that data sharing wouldn’t make financial sense. They explained that with each company investing so much in its own AV testing, why should they share the fruits of their research?
My perception was that each company believes that if it does enough testing, it can be the first to roll out commercial AVs. I asked a follow-up: “How do you know when you're done testing? How will you know your AVs are safe enough for commercial launch?”
In other words, when is enough testing enough?
Again, panelists strenuously avoided eye contact and kept mum. The audience also fell silent.
AV System Safety Panel sponsored by SAE China (Photo: SAE China) Click here for larger image
‘Safety shouldn't be a competitive advantage’
Michael Krutz, president of Wind River’s Japanese subsidiary finally spoke up. He said, “Actually, you’re never done with testing. Testing is a continuous process.”
Further, Krutz declared: “Every car should be safe. Safety shouldn't be a competitive advantage.”
Panelist Chengliang Yin, vice dean of Institute of Automotive Engineering at Shanghai Jiao Tong University, explained that China recently began issuing licenses to AV testing vehicles. Citing a glut of AV developers who want to do public road testing, he explained the importance of requiring permits before certain AV testing vehicles can hit the road. Yin acknowledged his role in designing the licensing system.
Will AVs then need to get licenses before commercial launch in China? Yin said no, that's not part of the plan. “We are talking about test vehicles.”
Ted Haung, CTO of Jiangling Motors, acknowledged that some information exchange is happening among members of an automotive alliance to which his company belongs. But in general, data sharing is sparse, he said, because data collection costs so much.
Krutz's suggestion that carmakers shouldn’t compete on AV safety resonated with both the panel and the audience.
A global problem
Jiangling Motors’ Huang noted that even SOTIF offers nothing like “standard sensor suites.” He acknowledged, “We are moving into uncharted territory in the AV business, with no bible, no guidelines for safety.”
Having no yardstick to assure themselves when their AVs are ready to go commercial isn’t a uniquely Chinese problem. It’s universal.
Phil Magney, founder and principal advisor at VSI Labs, told us, “There is no official standard or benchmark for certifying the safety of a highly automated vehicle.” A robo-taxi developer, for example, must determine unilaterally its vehicle is safe enough to deploy. “At the moment this is up to them.”
Put more bluntly, this is a classic model of the corporate “Trust Us” ethos, noted Phil Koopman, co-founder and CTO of Edge Case Research.
>> Continue reading the next section, "Knowing where to collaborate", on page two of this article originally published on our sister site, EE Times:" AV Safety As a Competitive Feature."