ISO/PAS 21448 (SOTIF)

ISO/PAS 21448 (SOTIF)
Title	ISO/PAS 21448 (SOTIF)
Status	Published
Year	2019
Organization	ISO
Domain	Automotive safety

Contents

Overview
Scope and Objectives
Key Concepts and Definitions
Development and Standardization Process
Requirements and Technical Guidance
Implementation in Automotive Systems
Criticisms and Challenges

ISO/PAS 21448 (SOTIF) is an international technical specification addressing safety of the intended functionality for road vehicles. It complements International Organization for Standardization standards related to functional safety by focusing on hazards arising from performance limitations and foreseeable misuse of systems, particularly those incorporating sensors, machine learning, and autonomous features. The specification informs manufacturers, suppliers, and regulators involved with advanced driver assistance systems and automated driving.

Overview

ISO/PAS 21448 provides guidance distinct from ISO 26262 by concentrating on scenarios where no system fault exists but unsafe behavior arises from design limitations, environmental conditions, or interaction with complex real-world elements. It targets systems such as perception stacks, sensor fusion, and decision-making modules used by manufacturers like Toyota Motor Corporation, Volkswagen Group, and Tesla, Inc., and influences regulators including UNECE and agencies like the National Highway Traffic Safety Administration. The specification draws on concepts from research communities at institutions such as MIT, Stanford University, and Carnegie Mellon University.

Scope and Objectives

The specification aims to identify and mitigate hazards caused by functional insufficiencies in systems whose intended functions interact with road users, infrastructure, and environments managed by authorities like Federal Highway Administration and projects such as European New Car Assessment Programme. Objectives include establishing a safety argumentation process that integrates design activities of suppliers like Bosch and Continental AG with OEM validation by companies like Ford Motor Company and General Motors. It addresses system lifecycle phases used by organizations including SAE International, IEEE, and research centers such as TNO.

Key Concepts and Definitions

Key terms include “SOTIF” relating to hazardous behavior without system faults, “performance limitations” exemplified in sensor attenuation seen in conditions researched by NASA, and “known or foreseeable misuse” studied in projects at Fraunhofer Society. Definitions align with taxonomy used in standards like ISO 26262 while incorporating scenarios akin to case studies from incidents involving manufacturers such as Uber Technologies, Inc. and Waymo LLC. The specification relies on concepts from machine learning research groups at Google DeepMind and OpenAI regarding generalization and distributional shift, and on perception benchmarking efforts like those at KITTI and ImageNet.

Development and Standardization Process

The development was led within working groups of ISO with contributors from national bodies including DIN, AFNOR, and BSI, and experts from suppliers such as Denso and consultancies like McKinsey & Company. Drafting incorporated input from academic conferences such as International Conference on Robotics and Automation and NeurIPS, and considered regulatory frameworks influenced by meetings at UNECE WP.29. Adoption involved consensus procedures similar to those for ISO 26262 and coordination with industry consortia including Autonomous Driving Consortium members.

Requirements and Technical Guidance

ISO/PAS 21448 provides a structured process for hazard identification, risk assessment, and mitigation planning emphasizing scenario-based analysis, validation, and verification strategies. It recommends techniques such as scenario catalogs akin to datasets used by Waymo and testbeds comparable to facilities like MCity, and advocates for simulation methods developed by groups at Argonne National Laboratory and Oak Ridge National Laboratory. Guidance covers sensor performance under environmental effects studied by NOAA and perception failure modes analyzed by researchers at ETH Zurich and University of Michigan.

Implementation in Automotive Systems

Implementation integrates with supplier development processes at companies like Magna International and system integrators such as Aptiv PLC. Practically, it informs design of lidar stacks produced by Velodyne Lidar, camera systems by Sony Corporation, and radar modules by NXP Semiconductors. OEM validation strategies combine on-road testing on proving grounds like Nürburgring and virtual verification methods influenced by simulation platforms from Siemens and Ansys. Deployment considerations intersect with regulatory approvals overseen by bodies such as Transport Canada and safety assessment programs like Euro NCAP.

Criticisms and Challenges

Critics highlight the specification’s non-mandatory status and challenges in quantifying residual risk in complex AI-driven systems, debates paralleled in discussions at European Commission forums and academic critiques from Harvard University and Yale University. Implementation complexity raises concerns among small suppliers represented by VDA and CLEPA, and real-world validation requirements pose scalability issues noted by research groups at University of Cambridge and Imperial College London. Integration with existing legal frameworks such as liability regimes examined by panels at International Bar Association remains contentious.

Category:Automotive safety standards