ISO/PAS 8800 Walkthrough (Part 2): The AI and Dataset Lifecycles
This article continues our ISO/PAS 8800 Walkthrough by focusing on two essential elements of AI safety: the AI safety lifecycle and the dataset lifecycle. It explains how AI systems are developed and assured within the broader frameworks of ISO 26262 and ISO 21448 (SOTIF), highlighting the iterative nature of AI development, verification, and validation, and the critical role datasets play in defining, training, and validating safe system behavior.
Looking to go deeper? SRES offers ISO 8800 AI Safety Professional (AISP) training in collaboration with SGS-TÜV Saar, as well as automotive AI safety consulting to help organizations implement ISO 8800 alongside ISO 26262 and ISO 21448 (SOTIF) within real-world product development programs.Introduction to Part 2 of the ISO/PAS 8800 Walkthrough
Part 1 of this blog series provides an overview of the content of ISO/PAS 8800.
In Part 2 we dive deeper into two essential concepts for AI safety:
- The AI safety lifecycle as outlined in ISO/PAS 8800, clause 7
- The AI dataset lifecycle as outlined in ISO/PAS 8800, clause 11
AI Lifecycle Applicability
The AI lifecycle becomes applicable at the system design level where AI is used to implement a requirement.
The encompassing system contains the AI system but may also include other non-AI elements.
An AI system is an item or element that uses one or more AI models.
An AI component is an element of an AI system, such as the AI model, AI pre-processing, or AI post-processing. Conventional software components can also be elements of an AI system. Pre- and post-processing are often implemented as deterministic software components.
The following illustration shows an example of an AI system and its AI components.
AI Safety Lifecycle
Clause 7: AI safety management
The AI safety lifecycle originates from an encompassing system that is developed in accordance with existing standards such as ISO 26262 (functional safety) and ISO 21448 (SOTIF).
The AI development process is inherently iterative. Safety requirements may be refined at any phase of the lifecycle. This iterative process is guided by performance indicators, including safety-related properties associated with the AI safety requirements.
Develop AI safety requirements
Clause 9: Derivation of AI safety requirements
AI safety requirements are developed as a refinement and addition of requirements of the encompassing system.
Part 3 of this blog series will explore developing AI safety requirements in more detail.
AI system design and V&V
Clause 9: Derivation of AI safety requirements
Clause 10: Selection of AI technologies, architectural and development measures
Clause 11: Data-related consideration
Clause 12: Verification and validation of the AI system
Clause 13: Safety analysis of AI systems
This V-cycle could be considered the core of AI safety.
Data considerations are depicted as an inner V-cycle but are, in fact, a distinct lifecycle that provides the essential datasets for training, validation, and testing. We will discuss the dataset lifecycle later in this blog post.
The AI system and AI component design is followed by implementation. The right side of the V-cycle contains verification activities. Data is critical both for AI component implementation and for enabling the iterative development process that results in a performant and safe AI system.
Part 3 of this blog series will explore the AI system design and V&V in more detail.
Assurance Argument
Clause 8: Assurance argument of AI systems
As outlined in Part 1, the purpose of the assurance argument is to demonstrate that the residual risk of the AI system violating its safety requirements is sufficiently low.
The AI safety assurance argument is analogous to the safety case used in ISO 26262 and the SOTIF argument defined in ISO 21448. All three assurance work products may be integrated into a single, coherent safety case document.
The V-cycle then continues with the verification and validation of the encompassing system.
Operations
Clause 14: Measures during operation
AI safety must be maintained after the deployment of the AI system. This requires field data to a much greater extent than traditional automotive systems, which primarily relied on field returns. Similar to humans, automotive AI systems must adapt to environmental changes over time. For example, sidewalk robots may be rare today, but if they become more common in the future, appropriate datasets for AI component training and testing must be available and become “common knowledge” of automotive perception systems.
During operations, the AI system is interdependent of the encompassing system in terms of deployment (e.g., over-the-air updates), monitoring, and the continuous assurance of safety.
The Dataset Lifecycle
The dataset lifecycle is a fundamental component of the AI safety lifecycle.
ML-based AI systems are inherently data-driven. Data is essential both to establish system capability and to validate that safety requirements are met.
Dataset requirements are derived from the AI system requirements and aim to cover the vehicle’s Operational Design Domain (ODD). They address both logistical aspects – such as dataset storage, access, and version control – and technical aspects, including the parameters needed to describe the data.
Dataset design translates the dataset requirements into concrete implementations. While requirements specify what needs to be done, design specifies how it will be achieved.
Examples of the delineation of dataset requirements and design:
- The design specifies data sources, such as collection via a mule vehicle or synthetic data. If data is collected with higher-resolution cameras than the target production system, the design must describe how this difference is managed to ensure the trained AI model performs correctly in the production vehicle.
- The requirement specifies alignment between visual data and metadata while storing both in different databases for maintainability. The design might implement this by storing a SHA-256 hash with the metadata, enabling verification that each metadata entry corresponds to the correct image.
Dataset implementation refers to the actual acquisition, preprocessing, and organization of the data.
Dataset verification ensures the correctness of datasets from both product and process perspectives. Product verification checks that core data – such as images or videos – is correctly aligned with metadata. Process verification ensures correctness of the data by checking consistent application across the entire dataset.
Dataset validation assesses the dataset against its original requirements, confirming that it adequately supports the AI system’s intended functionality.
Dataset safety analysis identifies potential insufficiencies in the dataset and applies countermeasures or metrics to address gaps and reduce risk.
The outputs of the dataset lifecycle are datasets for training, validation, and testing of the ML-based AI component and AI system.
As the AI safety lifecycle is iterative, the datasets may evolve iteratively as well. When gaps are identified or a novel testing dataset is required, additional data will need to be acquired, annotated, and verified.
Continued: Part 3
Part 2 outlined the AI lifecycle and dataset lifecycles.
In Part 3, we dive deeper into the development of AI safety requirements, as well as AI system design and verification & validation (V&V). [Click here to read part 3]
Have insights or questions? Send us an email at info@sres.ai or leave a comment below—we welcome thoughtful discussion from our technical community.
Interested in learning more about our approach? Explore why teams choose SRES training and how we help automotive organizations with consulting support across functional safety, cybersecurity, autonomy safety, and EV development.
