Functional requirements

 

The absence of the human driver as a fallback level in the event of a fault in L4 automation means that the system not only has to safely master its primary driving task within its ODD. Rather, the system has to ensure that a safe system status is always maintained even in the event of faults, component failures or uncontrollable driving situations.

 
Main topics

Based on a requirements analysis of the dynamic driving task, first the ODD needs to be clearly defined and the nominal behavior of the L4 vehicle within the ODD has to be specified. This forms the basis for considerations regardingthe system safety. Here, two complementary processes (top-down & bottom-up) are developed to create a suitable safety concept that meets the requirements of ISO 26262:2018 and ISO 21448:2022 and should serve as a basis for later series development. In this work package, the aspect of (technical) self-awareness is addressed in an overarching concept. In addition to the classic diagnostic mechanisms, the current capabilities of the system are explicitly recorded and continuously evaluated in order to take them into account in decision making and implementation and to be able to assess the risk/consequences of a decision.