ISO 21448:2022 – Road vehicles — Safety of the intended functionality (SOTIF) supports the safe performance of Advanced Driver Assistance Systems (ADAS) and Automated Driving System (ADS) even when systems function as designed in the absence of faults or malfunctions. The standard’s scenario-based framework is focused on addressing hazards that may occur due to challenging or unforeseen operational situations exposing functional limitations within the operational design domain (ODD).
A key concept within the SOTIF standard is “triggering conditions” – a condition of a scenario that can activate a system’s functional insufficiencies, potentially leading to hazardous situations. To address these concerns, the standard emphasizes functional modifications, which range from system design improvements for enhanced performance to minimal risk conditions activated during critical situations. ISO 21448 outlines a risk reduction framework at a system-level abstraction that includes, but not limited to the following:
ISO/CD PAS 8800 – Road vehicles — Safety and artificial intelligence, extends the ISO 21448:2022 framework by refining the risk evaluation and mitigation approach down to the AI (Artificial Intelligence) components level. It recognizes that AI-based autonomous systems (particularly those employing machine learning) come with unique safety challenges that, when left untreated, can cause SOTIF functional insufficiencies at the higher abstraction level.
The standard introduces the concept of an AI safety lifecycle, a tailored process for developing and assuring the safety of “AI systems” and “AI components”. This includes the derivation of AI safety requirements, and importantly, the development of “assurance arguments” for AI safety. These arguments utilize evidence gathered throughout the AI safety lifecycle to demonstrate risk minimization efforts. These can be directly traced to SOTIF measures and safety arguments at the higher level. They can be broadly categorized into the following elements:
- AI-safety lifecycle: This lifecycle comprises specific activities designed to address safety concerns throughout the development and deployment of AI systems. This allows us to extend safety analyses techniques down to the AI system development level to identify root causes.
- AI system-specific safety requirements: These safety requirements are meant to extend the general objectives and acceptance criteria specified in ISO 21448 and address the particular risks associated with AI components that lead to functional insufficiencies or triggering conditions.
- Safety-related AI properties: The standard provides guidance on the assessment of AI system safety properties including robustness, explainability, and controllability. These properties are paramount for building trust and confidence in the safety of AI systems and the integrated functionality at the higher level..
- AI component development: The standard outlines a systematic approach to AI component development including, but not limited to, AI architectural level safety analyses (qualitative and quantitative), AI software architecture decomposition for ease of verification and validation, dataset requirements specification and data-level safety analysis.
- AI safety assurance argument: The assurance argument provides a structured and transparent way to communicate the rationale behind the safety claims made for the AI-enabled system, given the uncertainties associated with AI technologies used in ADAS/AV functionalities.
While ISO 21448 provides the overarching framework for managing SOTIF risks of ADAS/AV, ISO/CD PAS 8800 dives deeper into identifying, addressing and building assurance arguments for the specific functional insufficiencies caused by AI components within functions like localization, perception, prediction, motion planning and control. This interplay between ISO 8800 and ISO 21448 standards and a resulting combined safety strategy is crucial for the safe implementation of AI in road vehicles. This will still be relevant when applied to the emerging end-to-end algorithm frameworks for autonomous driving.
ISO/CD PAS 8800 also provides guidance on adapting the existing automotive functional safety standard, ISO 26262:2018, to manage the safety of AI-powered systems. We’ll address the interplay between ISO 26262 and ISO 8800 in a future blog.
If you’d like to attend an instructor-led live training program to deepen your understanding of responsible AI and AI functional safety, check out our Responsible AI Training Courses.
