Functional safety research: under the "equal rights for intelligent driving", safety of the intended functionality (SOTIF) design is crucial
As Chinese new energy vehicle manufacturers propose "Equal Rights for Intelligent Driving," when a high-level autonomous driving system is in operation, the time from the system issuing a takeover request to an actual collision is only 1-2 seconds. The importance of "safety of the intended functionality (SOTIF)" design by OEMs is self-evident. Mandatory industry standards and laws and regulations are essential. In the case of the European functional safety standard ISO 26262, accountability mechanisms can compel OEMs to take safety design seriously.
In recent years, OEMs and suppliers have placed greater emphasis on functional safety certification. According to statistics of public information, in 2024, Chinese companies obtained 134 functional safety certifications, including 52 functional safety product certifications (compared to 44 in 2023).
In addition to functional safety certification, driven by the formal implementation of SOTIF standards, over the past two years, more than 20 OEMs and suppliers, including Great Wall Motor, FAW Hongqi, Changan, GAC, Horizon Robotics, Jingwei Hirain, Huawei, Desay SV, and SenseAuto, have deployed SOTIF processes and obtained pre-certification, laying a safety foundation for their further layout of autonomous driving systems.
In terms of regulation, ISO incorporates AI into functional safety certification.
On the regulation front, in December 2024, the International Organization for Standardization (ISO) officially released ISO/PAS 8800:2024 Road Vehicles-Safety and Artificial Intelligence. This standard aims to manage and enhance the safety of AI systems in road vehicles, and provide a comprehensive safety framework and guidelines for ever wider adoption of AI technology in the automotive sector.
The core content of ISO/PAS 8800 includes: AI safety lifecycle management, safety requirements for AI systems, design and verification processes, AI system safety analysis, and data-related safety considerations. Its implementation will effectively help OEMs, component suppliers, and software developers systematically identify and manage potential risks in AI-related technology applications, thereby improving the overall safety of automotive products.
Additionally, ISO plans to include safety requirements for AI systems in the third edition of ISO 26262, scheduled for release in 2027. This will cover failure mode identification for deep learning models, safety mechanism design, and verification methods.
The new third edition requires OEMs to establish a full lifecycle management system for AI development, involving transparency and traceability in data collection, model training, deployment verification, and other stages. For example, formal verification is required to ensure the determinacy of neural network outputs, and safety cases are established for AI components.
Furthermore, in January 2024, SC 42, the joint IEC and ISO committee that develops international standards for artificial intelligence (AI), formulated and released ISO/IEC TR 5469:2024 Artificial Intelligence-Functional Safety and AI Systems, aiming to address the differences between traditional functional safety system development processes, and the technical characteristics and processes of AI technology development and enable the gradual application of AI technology in functional safety systems. The report highlights the application and usage levels of AI technology in safety-related systems, the components of AI technology, the unique technical characteristics and risks introduced by AI compared to non-AI technology, how to apply AI technology in functional safety systems, how to use non-AI technology to ensure the safety of AI-controlled systems, and practical techniques for designing and developing safety-related functions using AI systems.
Suppliers' Layout of Functional Safety Solutions for AI Systems
Facing challenges in AI system safety, suppliers such as Bosch and NVIDIA have introduced AI system safety-related solutions.
For intelligent driving, Bosch has proposed an AI Safety mechanism. Its Chinese and global teams have applied years of expertise in AI safety, including pre-research, practical processes, methodologies, and tools, into every stage of the full development cycle of functional safety for high-level intelligent driving solutions, involving data selection, model safety, and model verification, so as to ensure safety for AI-driven driving systems in all aspects.
Bosch has also introduced an innovative, systematic, and structured solution-the Machine Learning Development V-Model Process, which combines the traditional system/software development V-model and expands with a data-driven approach, referred to as the Data-Driven Engineering (DDE) process.
DDE provides a systematic process for ML system development, featuring a flexible and scalable operational design domain (ODD) analysis method. It standardizes data management methods for ML system development and provides infrastructure for safety analysis, testing, verification, and functional iteration of ML systems.
With the support of AI foundation models, the functional safety processes in vehicle function development, including hazard identification, risk assessment, functional safety concept, system design, and safety implementation, can benefit from AI at each stage.
For example, in the hazard identification phase, AI and LLMs can assist by analyzing vast datasets, historical accidents, and industry reports. They process unstructured data, such as natural language documents, to extract valuable insights that traditional methods might overlook, and detect potential hazards that could escape human eyes.
In October 2024, Jingwei Hirain successfully self-developed HIRAIN FuSa AI Agent, a functional safety agent capable of automatically conducting hazard analysis and risk assessment for functional safety analysis targets, setting safety goals, conducting safety analysis and deriving safety requirements, and continuously performing R&D testing and verification to ensure vehicle safety.
At GTC 2025, NVIDIA announced NVIDIA Halos, a full-stack, comprehensive safety system for autonomous vehicles that brings together NVIDIA's lineup of automotive hardware and software safety solutions with its cutting-edge AI research in AV safety.
Halos is a holistic safety system on three different but complementary levels. At the technology level, it spans platform, algorithmic and ecosystem safety. At the development level, it includes design-time, deployment-time and validation-time guardrails. And at the computational level, it spans AI training to deployment, using three powerful computers - NVIDIA DGX for AI training, NVIDIA Omniverse and NVIDIA Cosmos running on NVIDIA OVX for simulation, and NVIDIA DRIVE AGX for deployment.
Serving as an entry point to Halos is the NVIDIA AI Systems Inspection Lab, which allows automakers and developers to verify the safe integration of their products with NVIDIA technology. The AI Systems Inspection Lab has been accredited by the ANSI National Accreditation Board for an inspection plan integrating functional safety, cybersecurity, AI safety and regulations into a unified safety framework.
The NVIDIA DRIVE AI Systems Inspection Lab also complements the missions of independent third-party certification bodies, including technical service organizations such as TUV SUD, TUV Rheinland and exida, as well as vehicle certification agencies such as VCA and KBA. It dovetails with recent significant safety certifications and assessments of NVIDIA automotive products.
Table of Contents
1 Status Quo and Development Trends of Vehicle Functional Safety
1.1 Definition and Development History of Vehicle Functional Safety
Definition of Vehicle Functional Safety
Reasons Why Vehicle Functional Safety Is Required
Key Features of Vehicle Functional Safety
Development history of Vehicle Functional Safety (1)
Development history of Vehicle Functional Safety (2)
Purpose of Vehicle Functional Safety: Lowering Risks to An Acceptable Level
Basic Principles of Vehicle Functional Safety Design
General Workflow of Vehicle Functional Safety
Example of SEooC Software Development Process
Cost Structure of Vehicle Functional Safety
Classification of Vehicle Functional Safety Software Tools
Design and Verification Methods for Vehicle Functional Safety
Basic Analysis Methods for Vehicle Functional Safety
Basic Definitions Related to Vehicle Functional Safety
1.2 Development Trend 1 of Vehicle Functional Safety:
1.3 Development Trend 2 of Vehicle Functional Safety:
1.4 Development Trend 3 of Vehicle Functional Safety:
1.5 Development Trend 4 of Vehicle Functional Safety:
1.6 Development Trend 5 of Vehicle Functional Safety: OEMs Place Increasing Emphasis on Safety
OEMs Place Greater Emphasis on Functional Safety and SOTIF Requirements
Increasing Functional Safety Certifications of OEMs (1)
Increasing Functional Safety Certifications of OEMs (2)
Increasing Functional Safety Certifications of OEMs (3)
Increasing Functional Safety Certifications of OEMs (4)
Increasing Functional Safety Certifications of OEMs (5)
Increasing SOTIF Certifications of OEMs
Industrial Division of Labor in Vehicle Functional Safety (1)
Industrial Division of Labor in Vehicle Functional Safety (2)
Key Tasks for OEMs and Component Suppliers Regarding Functional Safety
Steps for Implementing Functional Safety in Vehicle Projects of OEMs
Cases of OEMs' Assessment of Suppliers' Functional Safety Capabilities
SOTIF Development and Testing Process
Challenges and Key Elements in Implementing Functional Safety and SOTIF in OEMs
Status Quo and Trends of OEMs Deploying Functional Safety and SOTIF Solutions
2 Status Quo and Related Scenario Cases of Vehicle SOTIF
2.1 Overview of Vehicle SOTIF
Definition of Vehicle SOTIF
Reasons for Proposing Vehicle SOTIF
Analysis of Vehicle SOTIF Scenarios
Purpose of Vehicle SOTIF
SOTIF Methodology (1)
SOTIF Methodology (2)
Vehicle SOTIF System Analysis Methods
Typical Case of L3 SOTIF Design
2.2 Integration Trends of Vehicle SOTIF and Functional Safety
Vehicle Functional Safety VS SOTIF
Integration of Vehicle Functional Safety and SOTIF (1)
Integration of Vehicle Functional Safety and SOTIF (2)
Exploration of Integration of Vehicle Functional Safety and SOTIF Processes
Machine Learning and Vehicle Functional Safety & SOTIF (1)
Machine Learning and Vehicle Functional Safety & SOTIF (2)
Breakthroughs in Real-time SOTIF Risk Perception and Protection Technologies
2.3 SOTIF in ADAS
SOTIF in Lane Keeping System
SOTIF in Autonomous Emergency Braking
SOTIF in Adaptive Cruise Control
SOTIF in Traffic Congestion System
SOTIF in Automated Parking System
SOTIF Design of Control Strategies for Autonomous Emergency Braking (AEB)
2.4 SOTIF in Autonomous Driving System
Composition of Autonomous Driving System
SOTIF Related to Perception
SOTIF Related to Prediction
SOTIF Related to Decision
SOTIF Technologies Related to Control
SOTIF Related to Human-Machine Interaction
SOTIF in V2X
3 Standards and Policies Concerning Vehicle Functional Safety and SOTIF
3.1 Vehicle Functional Safety Standards and Policies
Global Vehicle Functional Safety Standards
Development of Foreign Functional Safety and SOTIF Standards
Development of ISO 26262 International Functional Safety Standards
ISO 26262 Third Edition Update Plan
ISO 26262 Third Edition Update Plan
ISO 26262 Third Edition Update Plan
Vehicle Functional Safety in the EU
Development of Vehicle Functional Safety in the US
Development of Vehicle Functional Safety Standards in China
Vehicle Functional Safety Standard Research Organizations in China
Vehicle Functional Safety Standard Research Organizations in China: Architecture of Vehicle Functional Safety Standardization Promotion Center
China's Special Standards for Vehicle Functional Safety
China's Vehicle Functional Safety Standards
Testing and Evaluation Methods for Vehicle Functional Safety and SOTIF
China's Medium- and Long-Term Plan for Vehicle Functional Safety and SOTIF Standards Research
China's Policies Concerning Vehicle Functional Safety and SOTIF
Guidelines for the Construction of the National Internet of Vehicles Industry Standard System (Intelligent Connected Vehicles) (2023)
Notice on Piloting Admittance and Road Access of Intelligent Connected Vehicles: Overall Requirements and Organized Implementation
Notice on Piloting Admittance and Road Access of Intelligent Connected Vehicles: Supporting Measures
Notice on Piloting Admittance and Road Access of Intelligent Connected Vehicles: Explanation (1)
Notice on Piloting Admittance and Road Access of Intelligent Connected Vehicles: Explanation (2)
Implementation Guide for Piloting Admittance and Road Access of Intelligent Connected Vehicles (Trial): Functional Safety Requirements at Corporate Level
Implementation Guide for Piloting Admittance and Road Access of Intelligent Connected Vehicles (Trial): Corporate Requirements for Functional Safety Guarantee
Implementation Guide for Piloting Admittance and Road Access of Intelligent Connected Vehicles (Trial): Corporate Requirements for SOTIF Guarantee
Implementation Guide for Piloting Admittance and Road Access of Intelligent Connected Vehicles (Trial): Requirements at Product Level
Implementation Guide for Piloting Admittance and Road Access of Intelligent Connected Vehicles (Trial): Requirements for Functional Safety of Vehicles and Autonomous Driving Systems
Implementation Guide for Piloting Admittance and Road Access of Intelligent Connected Vehicles (Trial): Requirements for SOTIF of Vehicles and Autonomous Driving Systems
3.2 Vehicle SOTIF Standards and Policies
Vehicle SOTIF Standards
SOTIF-Related Requirements in Major Countries' Autonomous Driving System Regulations and Standards
China's Main Vehicle SOTIF Standards
Construction of Vehicle SOTIF Standards in China
3.3 ISO 26262 Vehicle Standards
ISO 26262 Vehicle Functional Safety Standards
ISO 26262 First Edition VS Second Edition
ISO 26262 Third Edition Covers New Use Cases
Introduction to ISO 26262 Standard Content
ISO 26262-2: Management of Functional Safety (1)
ISO 26262-2: Management of Functional Safety (2)
ISO 26262-3: Functional Safety Concept
ISO 26262-3: Hazard Analysis and Risk Assessment (HARA) (1)
ISO 26262-3: Hazard Analysis and Risk Assessment (HARA) (2)
ISO 26262-3: Hierarchy of Safety Goals and Functional Safety Requirements
ISO 26262-4: Product Development at the System Level
ISO 26262-4: Technical Safety Concept
ISO 26262-4: System and Item Integration and Testing (1)
ISO 26262-4: System and Item Integration and Testing (2)
ISO 26262-4: System and Item Integration and Testing (3)
ISO 26262-4: System and Item Integration and Testing (4)
ISO 26262-5: Product Development at the Hardware Level (1)
ISO 26262-5: Product Development at the Hardware Level (2)
ISO 26262-5: Hardware Design
ISO 26262-5: Hardware Safety Analysis
ISO 26262-5: Hardware Design Verification
ISO 26262-5: Evaluation of the Hardware Architectural Metrics
ISO 26262-5: Evaluation of Safety Goal Violations due to Random Hardware Failures (1)
ISO 26262-5: Evaluation of Safety Goal Violations due to Random Hardware Failures (2)
ISO 26262-5: Evaluation of Safety Goal Violations due to Random Hardware Failures (3)
ISO 26262-5: Hardware Integration and Testing (1)
ISO 26262-5: Hardware Integration and Testing (2)
ISO 26262-6: Software Functional Safety
ISO 26262-6: General Topics for the Product Development at the Software Level
ISO 26262-6: Software Development Plan
ISO 26262-6: Software Safety Requirements
ISO 26262-6: Software Architectural Design
ISO 26262-6: Software Architectural Design - Software Safety Mechanisms
ISO 26262-6: Software Architectural Design - Mechanisms for Software Error Handling
ISO 26262-6: Software Architectural Design - Software Architecture Verification Methods
ISO 26262-6: Software Unit Design and Implementation
ISO 26262-6: Software Unit Verification
ISO 26262-6: Software Unit Test Case Derivation and Coverage Analysis
ISO 26262-6: Software Integration and Verification
ISO 26262-6: Software Integration Test Coverage
ISO 26262-6: Testing of the Embedded Software
3.4 ISO 21448 Vehicle Standards
Vehicle SOTIF Standards
Development of ISO 21448 Vehicle SOTIF Standards
ISO/CD 21448 Vehicle SOTIF Standards Catalog
Vehicle SOTIF Development Process (1)
Vehicle SOTIF Development Process (2): Specification Definition and Design
Vehicle SOTIF Development Process (3): Hazard Analysis and Risk Assessment
Vehicle SOTIF Development Process (4): Identification and Evaluation of Potential Functional Insufficiencies and Potential Triggering Conditions
Vehicle SOTIF Development Process (5): System Optimization and Improvement
Vehicle SOTIF Development Process (6): Product Verification and Evaluation
Vehicle SOTIF Development Process (7): Product Verification and Evaluation
Vehicle SOTIF Development Process (8): Product Verification and Evaluation
Vehicle SOTIF Development Process (9): Operation Phase Activities
4 Development of Vehicle Functional Safety and SOTIF Certifications
4.1 Vehicle Functional Safety Certification
Overview of Vehicle Functional Safety Certification
Categories of Functional Safety Certification
Main Processes of Vehicle Functional Safety Certification
Basic Steps of Vehicle Functional Safety Process Certification
Basic Steps of Vehicle Functional Safety Product Certification
Cases of Functional Safety Product Certification R&D Process (1)
Cases of Functional Safety Product Certification R&D Process (2)
Achievements in Vehicle Functional Safety Certification
Functional Safety Layout Cases of Suppliers (3): ARM's Split-Core, Lockstep, and Mixed Modes
Functional Safety Layout Cases of Suppliers (3): Application Cases of ARM's Split-Core, Lockstep, and Mixed Modes
5.3 Functional Safety Design and Cases of Automotive Operating Systems
High-Safety Requirements of Next-Gen Intelligent Vehicle Operating Systems
Practical Implementation of Functional Safety for Intelligent Vehicle Operating Systems
Functional Safety of Linux
Functional Safety of BlackBerry QNX OS
Functional Safety Solution for BlackBerry QNX Basic Platform Software
Functional Safety for QNX Virtualization Basic Software Platform
Functional Safety Mechanisms for Intelligent Driving OS: Functional Safety Goals of Functional Software of Intelligent Driving OS of Automotive Intelligence and Control of China (AICC)
Functional Safety Mechanisms for Intelligent Driving OS: Functional Safety Mechanisms of Functional Software of Intelligent Driving OS of Automotive Intelligence and Control of China (AICC)
Functional Safety of Vehicle Control OS
Functional Safety Mechanisms of Vehicle Control OS
5.4 Functional Safety Design and Cases of Vehicle Centralized EEA
Challenges in Design and Development of Functional Safety of Centralized EEA
Functional Safety Development Process of Centralized EEA
Functional Safety Development Requirements of Centralized EEA
Key Factors to Be Considered in Design and Development of Functional Safety for Centralized EEA
Redundancy Design in Functional Safety Development for Centralized EEA
Functional Safety Development Practice Case: IM Motors
Challenges in Hardware Functional Safety in CCU + Zonal Architecture, and Solutions (1)
Challenges in Hardware Functional Safety in CCU + Zonal Architecture, and Solutions (2)
Functional Safety Design of Cockpit-Driving Integration Computing Platform with Dual SoCs (Orin X + Qualcomm 8295)