Safety Case
The Safety Assurance Framework (SAF) aims to support the development of a safety case for an Automated Driving System (ADS), enabling the manufacturer to determine whether the system is ready for assessment by a type-approval authority. When ready, the safety case is submitted to the authority, which decided whether there is sufficient evidence that the ADS meets the legal safety requirements and can be permitted on public roads.
Regulations and the Safety Case
Regulations often include different types of requirements* (e.g. UNECE R157). Each of these requirements and associated tests need to be included in the safety case:
- Specific requirements – e.g. maintaining a minimum following distance (Clause 5.2.3.3.) – must be tested across a wide range of possible scenarios, typically with clearly defined metrics and pass/fail criteria. Test results demonstrating pass/fail in each test need to be provided, along with an explanation of scenario coverage relative to the ADS’s Operational Design Domain (ODD).
- General requirements – such as the ADS shall not cause any reasonably foreseeable and preventable collisions (Clause 5.1.1.) – require not just quantified evidence, but reasoned argumentation supported by data showing what collisions can be considered reasonably foreseeable and that the ADS is able to avoid a collision in these scenarios.
- Soft requirements – e.g. smooth and predictable vehicle behaviour (Clause 5.2.1.) – are less strictly defined and require qualitative or semi-quantitative assessments based on the demonstration of vehicle behaviour in a variety of scenarios. Documentation of system behaviour in relevant scenarios allows authorities to check such evidence, e.g. by evaluating the test reports and performing spot checks.
Quantifying Safety Risk
Despite the complexity of ADSs, safety assessment results must remain clear, transparent, and explainable to experts, politicians, and the public. A key metric is the residual safety risk associated with deploying an ADS on the road. Approaches such as Positive Risk Balance (PRB) and Globalement Au Moins Aussi Bon (GAMAB) are commonly referenced. Data-driven scenario identification allows for exposure levels and parameter distributions to be estimated. These scenarios feed into simulations that assess crash probabilities and consequences. The overall risk is calculated by combining crash probability, severity, and exposure across scenarios.
V&V of Methods, Tools, and Data
A credible safety case must be supported by evidence that the methods and tools used are valid and trustworthy. Documentation should cover:
- Data, scenario databases, and selection tools;
- Scenario generation and sampling methods;
- Equipment used in physical testing (e.g. vehicles, sensors, obstructions, measurement equipment);
- Simulation models (for vehicles, sensors, environment, etc.).
If verification and validation (V&V) documentation is unavailable, appropriate validation efforts must be undertaken to fill these gaps. How to conduct V&V falls outside the SUNRISE project scope.
*Additional requirements from standards like ISO 26262 (Functional Safety) and ISO 21448 (Safety of the Intended Functionality) are not included but can be incorporated into the SAF structure.