Integrating Artificial Intelligence (AI) technology in electric vehicles (EV) introduces unique challenges for safety assurance, particularly within the framework of ISO 26262, which governs functional safety in the automotive domain. Traditional assessment methodologies are not geared toward evaluating AI-based functions and require evolving standards and practices. This paper explores how an independent assessment of an AI component in an EV can be achieved when combining ISO 26262 with the recently released ISO/PAS 8800, whose scope is AI safety for road vehicles. The AI-driven State of Charge (SOC) battery estimation exemplifies the process. Key features relevant to the independent assessment of this extended evaluation approach are identified. As part of the evaluation, robustness testing of the AI component is conducted using fault injection experiments, wherein perturbed sensor inputs are systematically introduced to assess the component's resilience to input variance.

The deployment of automated functions that can operate without direct human supervision has changed safety evaluation in domains seeking higher levels of automation. Unlike conventional systems that rely on human operators, these functions require new assessment frameworks to demonstrate that they do not introduce unacceptable risks under real-world conditions. To make a convincing safety claim, the developer must present a thorough justification argument, supported by evidence, that a function is free from unreasonable risk when operated in its intended context. The key concept relevant to the presented work is the intended context, often captured by an Operational Design Domain specification (ODD). ODD formalization is challenging due to the need to maintain flexibility in adopting diverse specification formats while preserving consistency and traceability and integrating seamlessly into the development, validation, and assessment. This paper presents a way to formalize an ODD in the Pkl language, addressing central challenges in specifying ODDs while improving usability through specialized configuration language features. The approach is illustrated with an automotive example but can be broadly applied to ensure rigorous assessments of operational contexts.

he increased importance of cybersecurity in autonomous machinery is becoming evident in the forestry domain. Forestry worksites are becoming more complex with the involvement of multiple systems and system of systems. Hence, there is a need to investigate how to address cybersecurity challenges for autonomous systems of systems in the forestry domain. Using a literature review and adapting standards from similar domains, as well as collaborative sessions with domain experts, we identify challenges towards CE-certified autonomous forestry machines focusing on cybersecurity and safety. Furthermore, we discuss the relationship between safety and cybersecurity risk assessment and their relation to AI, highlighting the need for a holistic methodology for their assurance.

The emergence of Connected, Cooperative, and Automated Mobility (CCAM) systems has significantly transformed the safety assessment landscape. Because they integrate automated vehicle functions beyond those managed by a human driver, new methods are required to evaluate their safety. Approaches that compile evidence from multiple test environments have been proposed for type-approval and similar evaluations, emphasizing scenario coverage within the system’s Operational Design Domain (ODD). However, aligning diverse test environment requirements with distinct testing capabilities remains challenging. This paper presents a method for evaluating the suitability of test case allocation to various test environments by drawing on and extending an existing ODD formalization with key testing attributes. The resulting construct integrates ODD parameters and additional test attributes to capture a given test environment’s relevant capabilities. This approach supports automatic suitability evaluation and is demonstrated through a case study on an automated reversing truck function. The system's implementation fidelity is tied to ODD parameters, facilitating automated test case allocation based on each environment’s capacity for object-detection sensor assessment.

This paper describes an approach to better link legal and technical perspectives when investigating how to safely operate remote assisted vehicles in mixed traffic and higher velocities. This approach is applied to prepare for automated trucks in Gothenburg, Sweden. We argue that the challenges we see for the market introduction and sustainability of such vehicles require innovation from a system perspective. Such system innovation includes different dimensions: technology/products, policy/regulations, infrastructure, behavior/values as well as business models, whereas we focus mainly on the first two perspectives here. The proposed innovations support cross border integration for the more comprehensive market introduction of automated goods transport; the approach further includes the legal/policy framework in Sweden, France and the US.

The emergence of Automated Driving Systems (ADSs) has transformed the landscape of safety assessment. ADSs, capable of controlling a vehicle without human intervention, represent a significant shift from traditional driver-centric approaches to vehicle safety. While traditional safety assessments rely on the assumption of a human driver in control, ADSs require a different approach that acknowledges the machine as the primary driver. Before market introduction, it is necessary to confirm the vehicle safety claimed by the manufacturer. The complexity of the systems necessitates a new comprehensive safety assessment that examines and validates the hazard identification and safety-by-design concepts and ensures that the ADS meets the relevant safety requirements throughout the vehicle lifecycle. The presented work aims to enhance the effectiveness of the assessment performed by a homologation service provider by using assessment templates based on refined requirement attributes that link to the operational design domain (ODD) and the use of Key Enabling Technologies (KETs), such as communication, positioning, and cybersecurity, in the implementation of ADSs. The refined requirement attributes can serve as safety-performance indicators to assist the evaluation of the design soundness of the ODD. The contributions of this paper are: (1) outlining a method for deriving assessment templates for use in future ADS assessments; (2) demonstrating the method by analysing three KETs with respect to such assessment templates; and (3) demonstrating the use of assessment templates on a use case, an unmanned (remotely assisted) truck in a limited ODD. By employing assessment templates tailored to the technology reliance of the identified use case, the evaluation process gained clarity through assessable attributes, assessment criteria, and functional scenarios linked to the ODD and KETs.

To aim for market introduction and sustainability of automated vehicles requires technology innovation towards safe products and policy innovation to enable testing on open roads and type approvals. Further, it needs an enabling infrastructure to provide reliable connectivity, business models and increased public acceptance of this new technology. The project SCAT – Safety Case for Autonomous Trucks contributed to this transmission by looking at new policy strategies and system tests to prove how to handle vehicles when introducing this new technology safely. Main objective of the project was to investigate more systematically – from a legal and technical perspective – how to safely operate remote controlled vehicles in mixed traffic and with higher velocity. A safety case for the selected traffic environment has been described and explorative tests have been performed at the AstaZero test site in Sweden. This allowed us to investigate limiting parameters and stress testing the system's boundaries under real conditions with higher velocity – before the actual demo will be run. With regards to policy, we addressed which obligations drivers and road users have according to today's regulations and which of those may need to be handled through technological development, but also through adaptation of legislation in terms of new roles, tasks, and liability when a vehicle is driven automatically. We looked also at if and how these issues are treated in national and international legislation, in Sweden, France and the USA. What we learned from exploring the safety case contributes to practical improvement, theory building and recommendations on how to safely operate the vehicles. Together the partners have developed an approach to advanced argumentation for safety. In our approach, we combined policy lab methodology and an investigation of the technical safety aspects that helped to identify gaps and tests for improved safety. The approach provides step-by-step guidance before future trials. The project was running from October 2020 until September 2022. The consortium consisted of the partners AstaZero, Einride, Ericsson, RISE (coordinator), Telia as well as reference partners in France and the USA.

An evaluation of safety and security properties performed by an independent organisation can be an important step towards establishing trust in Automated Driving Systems (ADS), bridging the gap between the marketing portrayal and the actual performance of such systems in real operating conditions. However, due to the complexity of an ADS’s behaviour and dangers involved in performing real environment security attacks, we believe assessments that can be performed with a combination of simulation and validation at test facilities is the way forward.In this paper, we outline an approach to derive test suites applicable to generic ADS feature classes, where classes would have similar capabilities and comparable assessment results. The goal is to support black box testing of such feature classes as part of an independent evaluation. By the means of co-simulation of post-attack behaviour and critical scenarios, we derive a representative set of physical certification tests, to gain an understanding of the interplay between safety and security. During the initial tests an ADS is subjected to various attacks and its reactions recorded. These reactions such as reduced functionality, fall back etc., together with relevant scenarios for the class is further analysed to check for safety implications.

Connected and automated vehicles with a large variety in operating modes and operational contexts are now emerging. A vital safety assurance issue, also stressed by recent standards and guidelines, is the safety of human-machine interaction (HMI). This paper proposes, and shows a small example of using, a framework for human interaction safety analysis. It is intended for integration in an iterative development lifecycle and to be used in conjunction with relevant standards. In the framework, an analysis is first conducted to elicit all agreements between humans and the automated function, then an interaction analysis method is used to find potential problems with proposed interfaces affecting each agreement. Risk assessment is conducted to determine if risk reduction is necessary, and verification and validation activities are used to provide support for the analysis results and evidence of HMI safety for an assurance case.

Standardisation has a primary role in establishing commonground and providing technical guidance on best practices. However, asthe methods for Autonomous Driving Systems design, validation andassurance are still in their initial stages, and several of the standardsare under development or have been recently published, an establishedpractice for how to work with several complementary standards simultaneouslyis still lacking. To bridge this gap, we present a uni ed chartdescribing the processes, artefacts, and activities for three road vehiclestandards addressing di erent concerns: ISO 26262 - functional safety,ISO 21448 - safety of the intended functionality, and ISO 21434 - cybersecurityengineering. In particular, the need to ensure alignment betweenthe concerns is addressed with a synchronisation structure regarding contentand timing.