The principles of autonomous driving: the safety requirements of ADAS (Advanced Driver-assistance Systems)

While automatization is still in its infancy, the complexity of cars today is already astonishing: L3 and L4 vehicles operate with interconnected electronic systems. But how do developers ensure the safety of these devices? In our first article, we present an overview of the safety requirements throughout development phase.

Improved safety on the road

When it comes to automatization, safety is the number one concern. According to the German traffic accident statistics published by the Federal Statistical Office of Germany (Destatis, 2018), over 98% of traffic accidents are caused, at least in part, by humans. Therefore, automated driving can help to reduce the number of driving-related accidents and crashes.

In addition, a heavy vehicle loaded with explosive fuel, or high-energy batteries requires all of the on-board systems to interface correctly with no surprises. This means that the safety of driver-assistance systems does not only relate to traffic situations, but also to how efficiently on-board systems cooperate and communicate with the driver. What are the most crucial expectations when it comes to safety?

The 12 principles of autonomous driving

Safe operation

If safety-related functions or system components become hazardous, for instance, they suddenly become unavailable, the system shall be capable of compensating and transferring into a safe condition. This includes a sufficient time frame for the transition of control to the driver. Systems must also be fail-operational, meaning that the loss of safety-related functions or components shall not lead to a safety risk.

Operational design domain

As soon as a safety risk to the automated system is recognized, the system shall react to compensate or shall issue a request for the driver to take over. The automated driving system has to be able to manage typical situations that can be expected and address possible risks.

Vehicle operator-initiated handover

Engaging and disengaging the automated driving system shall require an explicit interaction from the driver, indicating a high confidence of intent.


When providing an automated driving system, steps must taken to protect the automated driving system from security threats.

User responsibility

To promote safety, the user’s state of alertness must be suitable for a responsible takeover procedure. The system should be able to recognize the user’s state and keep them informed about their responsibilities concerning the required user‘s task. The aspects of the driving task which remain under the user’s responsibility must be clear to the user.

The automated function must ensure that the currently active driving mode can be recognized explicitly and unmistakably at any time. This is referred to as mode awareness. In addition, a change in driving mode must be clearly apparent to the user as well.

Vehicle-initiated handover

If the vehicle operator does not comply with a takeover request, the automated driving system must perform a maneuver to minimize risk, resulting in a minimal risk condition. This maneuver depends on the situation and the current performance of the automated driving system.

Vehicle-initiated handovers shall be clearly understandable and manageable for the driver.

Interdependency between the vehicle operator and the ads

The overall evaluation of system safety needs to take effects on the driver due to automation into account, even when they occur immediately after the period of automated driving has ended and when a direct link to the automated driving part of the journey can be drawn.

Safety assessment Verification and validation shall be used to ensure that the safety goals are met so as to reach a consistent improvement of the overall safety.

Data recording

Automated vehicles shall record the relevant data when an event or incident is recognized in a manner that complies with the applicable data privacy laws.

Passive safety

The vehicle layout should accommodate modifications to crash scenarios resulting from vehicle automation. This also applies to alternative seating positions: the protection of the occupant shall be ensured, even when the customer has new uses for the interior that are made possible through automated driving systems.

Behavior in traffic

The behavior of the automated function needs to be easy-to-understand, but also predictable and manageable for surrounding road users. The applicable traffic rules are to be taken into account by the automated driving system.

Safe layer

The automated driving system shall recognize its limits, especially those that do not allow the safe transition of control to the driver, and react to minimize the risk.

As we can see, there is a growing need for ADAS systems and self-driving vehicles to operate without errors. Through a selection of the appropriate components and their thorough testing, engineers are able to design robust and reliable automotive systems.

In our next article, we look at various components of these systems and how testing contributes to ensuring their safety. Source: