Self-driving cars: A vision for safety (Reader Forum)
DoT Announces “Voluntary” Self-Driving Vehicle Safety Guidelines; Industry Comments Will Likely Shape Upcoming Mandatory Regulations
Hot on the heels of the U.S. House of Representatives’ unanimous passage of the SELF-DRIVE Act, intended to speed development of self-driving vehicles (i.e., vehicles that are equipped with “automated driving systems” or “ADSs”), the U.S. Department of Transportation (“DoT”) has released its Automated Driving Systems: A Vision for Safety (“Vision for Safety”) publication, containing numerous safety guidelines and procedures applicable to all entities involved in designing and marketing ADSs. These entities include vehicle manufacturers, Internet of Things (“IoT”) equipment suppliers, software developers, and testing firms. The publication also proposes limited state regulatory roles for ADS vehicles, as well as suggested “best practices” for state legislators and highway safety officials.
Are the guidelines really voluntary?
While DoT states that Vision for Safety offers a “non-regulatory” approach to ADS safety matters and avers that its guidelines are voluntary, reading this document in conjunction with the SELF-DRIVE Act strongly indicates that many of the Vision for Safety practices will soon become mandatory ADS regulations, unless stakeholders speak up.
As discussed in a previous article by Marashlian & Donahue, PLLC, the SELF-DRIVE Act requires DoT to promulgate mandatory ADS safety rules and submit a “Safety Priority Plan” to Congress less than two years after the Act’s passage. DoT has requested comments on all aspects of Vision for Safety, with an eye toward updating same. Because Vision for Safety contains a policy framework resulting from years of research and public input, it is almost certain that DoT will apply the guidelines and procedures from the updated document in its promulgating its mandatory ADS rules and Safety Priority Plan.
Commenters will be the early persuaders in devising ADS regulations
With ADS legislation progressing rapidly through Congress, this may be the last chance for ADS stakeholders to have their voices heard before a binding statute is in place and rulemaking proceedings begin. This article presents a high-level overview of Vision for Safety, but, as is usually the case, the devil is in the details. Accordingly, it is vital that ADS stakeholders study Vision for Safety to determine whether the guidelines therein help or hurt their businesses. As Vision for Safety’s guidelines are rather broad, there is a lot of room for commenters to provide more granular and persuasive information for DoT to consider when it promulgates its final rules. Comments are due by November 14, 2017.
SAE international automation levels
The threshold issue regarding the safety guidelines in Vision for Safety is at what level – according to the SAE International Standard (“SAE”) – a given ADS will perform. DoT has adopted SAE, and has determined that Vision for Safety will focus on ADS vehicles that incorporate the SAE Levels 3-5.
SAE’s six levels of driving automation
- Level 0 – No Automation. The operator performs all driving tasks.
- Level 1 – Driver Assistance. The vehicle can handle some steering, acceleration and braking functions, but the operator must be ready to take over those functions if called upon by the vehicle.
- Level 2 – Partial Automation. The vehicle handles steering, acceleration and braking, but immediately lets the operator take over if he or she detects events to which the vehicle is not responding. In the first three SAE levels, the operator is responsible for monitoring the surroundings, traffic, weather, and road conditions.
- Level 3 – Conditional Automation. The vehicle monitors surroundings and controls all steering, acceleration and braking in certain “normal” environments, such as highways. But, the operator must be ready to intervene if the vehicle requests it.
- Level 4 – High Automation. The vehicle handles steering, acceleration and braking, as well as monitoring the surroundings in most types of environments; exceptions include extreme conditions such as severe weather. The operator switches on the automatic driving only when it is notified and it is safe to do so.
Priority safety design elements for ADS suppliers
At the crux of Vision for Safety are 12 “Priority Safety Design Elements” that businesses should follow when designing and implementing best practices for the testing and safe deployment of ADSs.
- System Safety
DoT recommends that designers develop a systems-engineering design and validation process – based on industry standards – to ensure their ADSs are free of unreasonable safety risks. This process must include a hazard analysis and safety risk assessment. Software testing should also be included, with a well-documented software development and change management process. Safety considerations include design architecture, sensor & actuator functions, communication failure, potential software errors, potential collisions, and violations of traffic laws. Entities should document their entire system safety processes and changes thereto, so that all pertinent data may be traceable and transparent for customers and pertinent governmental entities.
- Operational design domain
DoT encourages ADS manufacturers to define and document an Operational Design Domain (“ODD”) for each ADS vehicle tested or deployed on U.S. roads and highways. The ODD should describe the specific conditions under which a given ADS feature is intended to function. The minimum information the ODD should include to determine the ADS’s capability limits is as follows:
- Roadway types on which the ADS is intended to operate safely
- Geographic areas (city, mountains, deserts, etc.)
- Speed range
- Environmental conditions (weather, day/night, fog, etc.)
- Other domain constraints
- Object and Event Detection and Response
DoT stresses the need for an Object and Event Detection and Response (“OEDR”), referring to the detection of the operator or ADS of any unusual circumstances in the course of driving, and system responses to such circumstances. Entities are encouraged to have a documented process for assessment, testing, and validation of their ADSs’ OEDR capabilities. When an ADS operates within its ODD, the OEDR functions are expected to detect and respond to other vehicles, pedestrians, animals, bicyclists, and objects that could affect safe operation of the vehicle.
- Fallback (Minimal Risk Condition)
DoT wants ADS suppliers to document a process for transitioning to a minimal risk condition when either a hazard is encountered, or the ADS cannot operate safely. This means that ADSs should be capable of detecting malfunctions, operating in a degraded state, or outside of its ODD when necessary. The ADS should be capable of immediately notifying the human operators of such problems in a way that enables seamless human control of the vehicle or allows the ADS to return to a minimal risk condition independently.
- Validation Methods
ADS designers should develop validation methods to mitigate risks associated with their operations. Testing to demonstrate the competencies that an ADS would perform during normal driving conditions, crash avoidance situations, and performance of fallback strategies pursuant to the ODD is necessary. ADS suppliers should work with DoT and industry standards organizations such as SAE and the International Organization for Standards to develop and update tests and performance criteria for facilities that conduct validation tests.
- Human Machine Interface
DoT encourages the development of flexible human machine interface (“HMI”) capabilities in all ADSs. One aspect of HMI is the incorporation of driver engagement monitoring (e.g., driver awareness and readiness) in cases where drivers could be involved in driving tasks. This would mainly apply to Level 3 vehicles. Processes for testing, assessment, and validation of an ADS’s HMI should be documented. For Level 4 and 5 vehicles, a remote dispatcher or central control authority should be able to determine the status of the ADS at all times.
- Vehicle Cybersecurity
ADS designers are strongly encouraged to follow a stringent product development process based on systems engineering to minimize cybersecurity threats and vulnerabilities.
This process should include a systematic and ongoing safety risk assessment for each ADS, the overall vehicle design and the overall transportation ecosystem. This process and any cybersecurity best practices should be documented. DoT urges information sharing among industry members, as well as incorporation of cybersecurity practices designed by recognized industry standards organizations.
Occupant protection is of paramount importance. ADS designers should incorporate information from advanced sensing technologies needed for ADS operation into new occupant protection systems for the safety of all vehicle operators and passengers. Unoccupied vehicles with ADSs should provide geometric and energy absorption crash compatibility with existing vehicles on the road.
- Post-Crash ADS Behavior
DoT suggests that entities engaged in testing or deployment of ADS vehicles should employ methods of returning the vehicles to a safe state immediately after a crash. This would include shutting down the fuel pump, removing motive power, moving the vehicle to a safe location off the road, and disengaging electrical power. Methods for communicating relevant information to operations centers should also be implemented.
- Data Recording
Collection of information from crashes is vital to improving the safety of ADS vehicles. Accordingly, DoT requests that entities engaged in testing or deployment of ADS should establish a documented process for testing, validating, and collecting data related to malfunctions, degradations, or failures that can be used to determine the cause of any crash. This data should be stored, maintained, and readily available for retrieval, with applicable privacy protections built-in. Entities should have the technical and legal capability to share with government authorities the relevant information necessary for crash reconstruction.
- Consumer Education and Testing
DoT stresses the importance of education and training for safe deployment of ADS vehicles. Accordingly, all pertinent entities (e.g., manufacturers and testers) should develop, document, and maintain employee, dealer, distributor, and consumer education and training programs to address the anticipated differences between the operation of ADS vehicles and conventional vehicles. Understanding and proper used of ADS technology should be the main focus of the educations and training programs. ADS dealers and distributors should implement an on-road experience demonstrating ADS operations and HMI functions prior to sales to consumers.
- Federal, State, and Local Law
ADS designers are encouraged to document how they intend to account for all applicable federal, state, and local laws. ADS vehicle development should account for all governing traffic laws when operating in automated mode. DoT suggests that all ADSs should have the capability to handle “normal” situations that may technically violate traffic laws, such as having to cross a double-line, safely pass a disabled vehicle, driving on the shoulder, etc. ADSs should also have the capability to adapt to changes in traffic laws and regulations.
Voluntary Safety Self-Assessment
DoT proposes to allow entities involved in testing and deployment of ADSs to demonstrate compliance with the Vision for Safety guidelines by publishing a Voluntary Safety Self-Assessment. This would demonstrate to the proper authorities and consumers that the entity: (a) is considering the safety aspects of ADSs; (b) communicating and collaborating with DoT; (c) encouraging safety norms for ADSs; and (d) building public trust through transparent testing and deployment of ADS.
Federal and State Roles in ADS Regulation
Vision for Safety includes a section on proposed federal and state regulatory roles, as well as suggested practices for state legislatures and safety officials to encourage ADS deployment. This section proposes a minor role for the states – limited to licensing, insurance, and various traffic-related administrative functions. This is probably due to the federal preemption section in the SELF-DRIVE Act. DOT clearly proposes secondary roles for the states.
Stay Aware and Informed
Vision for Safety is but one element of the Federal Government’s rapid ADS implementation process. The SELF-DRIVE Act has been passed, and the U.S. Senate is working on a companion bill. Lawmakers are holding hearings almost every week, exploring ways to speed up the deployment of self-driving vehicles as the auto industry and safety advocates clamor for action at the federal level.
As legislation progresses, federal agencies will commence proceedings that will result in the nuts and bolts regulation of ADS vehicles. The final rules will have winners and losers in the ADS industry. It is important to remain aware of these proceedings and have your voice heard on matters important to your business. To state the obvious, the ADS industry and its regulations are still in the nascent stages. Now is the time for you to have your say to ensure that the regulatory environment is favorable to your business.