Automated driving requires international regulations - TUV Sud
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Automated driving
requires international
regulations
A look at the current state
of developments
White paper
Abstract
The rapid launch of automated vehicles on markets worldwide requires uniform global regulations. To
date, however, the regulations have varied greatly from region to region, and the development of uniform,
internationally binding guidelines has only just begun. The first UNECE regulation for an automated driving
system at SAE level 3 is expected to be in force early 2021 - a pioneering achievement and a template for
further internationally binding regulations.
This white paper takes the current version of the UNECE regulation for automated lane keeping systems
(ALKS) as a basis to examine the development and creation of uniform legal foundations for international
partners. It also takes a close look at efforts to approve automated driving functions in the various
automotive markets of Europe, the USA, and Asia.
Focus is placed on the system’s functionality and requirements for type approval, which form the context
for an examination of cybersecurity, software update processes, data storage systems (DSSAD), functional
safety, safety of the intended functionality (SOTIF), and simulations. The white paper also explores the issue
of physical testing in connection with the type approval procedure for the automated driving function ALKS.
TÜV SÜDContents
INTRODUCTION 3
OVERVIEW OF CURRENT DEVELOPMENTS 4
ADVANCEMENTS AROUND THE WORLD 5
PIONEERING ACHIEVEMENT: FIRST UNECE REGULATION FOR A LEVEL 3 LANE KEEPING SYSTEM 8
TEST SCENARIOS FOR THE AUTOMATED LANE KEEPING SYSTEM 11
SUMMARY 14
About the TÜV SÜD experts
Benjamin Koller
Head of technical regulations and knowledge management, automated driving
TÜV SÜD Auto Service GmbH
Dipl.-Ing (FH) Benjamin Koller has been head of technical regulations and knowledge
management of automated driving at TÜV SÜD Auto Service GmbH since 2019. The trained
mechanical engineer and officially recognised expert has been with the company since
2010 and has held various positions, including assistant to the board member for mobility at
TÜV SÜD AG, and PMO automated driving and driver assistance systems at TÜV SÜD Auto
Service GmbH.
Robert Matawa
Lead engineer physical testing autonomous driving / ADAS
TÜV SÜD Auto Service GmbH
Dipl.-Ing. (FH) Robert Matawa has been head of testing automated driving functions at TÜV
SÜD Auto Service GmbH since 2016. Before joining TÜV SÜD in 2002, the qualified vehicle
technician was a motorsport engineer for Audi in the STW and at the 24 Hours of Le Mans.
He joined TÜV SÜD as a test and development engineer for chassis and steering systems
and lead the department for analytical reports, among other divisions.
2 Automated driving requires international regulations | TÜV SÜDIntroduction
Mobility as we know it is facing only in terms of special permits automated driving at level 4/5 is
disruptive change in industrialised for automated driving on public accepted.
countries. The key phrase in roads. One important step on the
tomorrow’s mobility is ‘intermodal path to global harmonisation is the In a previous paper an overview
mobility’. From A to B on the roads, first UNECE regulation for approval about the “approval of automated
the water, the rails, and through the of an automated lane keeping driving functions with focus on a
air - algorithms will play a decisive system (ALKS), published in 2020. worldwide regulatory overview,
role. Vehicles will no longer be Its stipulations on monitoring, proving ground testing, customer
driven exclusively by people; they functional requirements and tests acceptance” has been already
will drive autonomously as well. will become the template for further given. 5 Here in this white paper an
And against the backdrop of the regulations. 3 update related to the current status
current COVID-19 crisis and social of regulation is provided.
distancing, individual mobility will Forging ahead with new, uniform
maintain its place alongside public global regulations for approval is
transport and sharing models in an the precondition for rapid market
intermodal context. introduction of automated vehicles Uniform regulations, such
(initially level 3) and thus for joining as those of the UNECE,
Assisted driving functions with the field of new mobility. Only if offer clear guidelines and
a high degree of automated the safety of automated vehicles ensure that the approval
functionality have ceased to be around the world is uniformly
a vision of the future. Emergency regulated drivers will feel confident.
process for vehicles
braking and traffic jam assist And here, of course, change also
runs smoothly in global
systems, as well as automatic means looking at security issues markets.
distance control and lane keeping from a completely new perspective.
assistance, have been installed in This particularly applies to passive
many vehicles. And yet, the step and active safety. The focus for
towards automated driving - that automated driving functions has
is, without the driver continuously moved to key safety and security
monitoring or delegating the issues such as cybersecurity, data
responsibility for driving to the storage systems and software
system - has many hurdles to updates - for example, over-the-air
overcome, especially with regards updates. 4
to regulations. This becomes clear
with the leap to SAE level 3 1, when For the rapid introduction of
driving responsibility is temporarily automated driving, product safety
transferred to the automated system and OEM safety and security
and the vehicle must be able to concepts also play an important role
master critical situations without in approval procedures. Uniform
the driver as a direct fallback regulations, such as those of the
solution. 2 UNECE, offer clear guidelines and
ensure that the approval process
As it stands, requirements for the for vehicles runs smoothly in global
approval of automated driving markets.
functions have been regulated
very differently worldwide. The In summary, it is safe to say that a
requirements are frequently defined few more years are needed before
TÜV SÜD | Automated driving requires international regulations 3Overview of current developments
Automated vehicles are being are still no uniform or established progress. Since 2018, various
developed and tested around the testing methods and standards for manufacturers have advertised
world. However, the requirements the reliable validation and approval level 3 vehicles as individually
for the vehicles, as well as the of automated driving functions. This approved vehicles undergoing
knowledge of and approaches presents a real hurdle for the testing testing or even their market launch.
to traffic rules, certification and market launch of automated As early as this year, test vehicles
regulations and test standards, vehicles, despite OEMs having will be launched with functionalities
vary from country to country. There made considerable technological beyond SAE level 3.1
TECHNOLOGY VS REGULATION ROADMAPS
2018 2019 2020 2021 2022 2023 2024 2025
L3/L4: First automated vehicles
are announced of OEMs
TECHNOLOGIES BY
OEMs
L3: several OEMS
introduce L3-AD functions
First UNECE Regulation ECE Rxx for AV in discussion
(CS, OTA, ALKS) but not planned/defined yet
REGULATIONS FOR
“L3/L4” ON UNECE
LEVEL
Drafts of several UNECE IWGs First proposals for higher
(e.g. ACSF, CS/OTA, DSSAD) automation requirements
Several ISO Publications: e.g. ISO 26262 3rd ed.
STANDARDS FOR ISO SOTIF/PAS Cybersecurity, Test Scenario for AVs with AV not planned yet
“L3/L4” ON
STANDARDIZATION
LEVEL ISO 26262 2nd ed Several ISO Publications:
FDIS, w/o AV content e.g. SOTIF, OTA, AI Risk Management
Preparation Implementation
By comparison, a look at the status cybersecurity for software updates publications are not expected until
of the UNECE regulations reveals (over the air, CS/OTA). This led to the end of 2020.
a clear deficit. The foundations the first UNECE regulation ALKS and
for automated driving were laid two further UNECE regulations for Despite developers and OEMs
and obstacles removed with the cybersecurity and software update driving innovation in these areas,
adaptation of the Vienna Convention procedures; their adoption was based on these standards and
on Road Traffic in 2016. The UNECE’s published in the first half of 2020. pending regulations, an overview of
World Forum for the Harmonization regulation development reveals that
of Vehicle Regulations (WP.29) This is also the case for standards. uniform and binding UNECE rules
created a basis with its frame-work Standards such as ISO 24089 and standards for developing
document. 4 This includes topics for software updates and ISO level 3 and level 4 automated
such as Automated Commanded 21434 for cybersecurity are still vehicles of the levels 3 and 4 can be
Steering Function (ACSF) and in the detailing phase. Their first expected in 2025 at the earliest.
4 Automated driving requires international regulations | TÜV SÜDAdvancements around the world
EUROPE Although Germany reacted very verification and validation methods
The individual European member quickly to Vienna by adopting the for automated driving functions.
states have also taken different Vienna convention’s provisions
paths to implementing the in national law by means of Overall, other member states
amendments to the Vienna corresponding changes to the Road present a heterogeneous picture.
Convention. The approach of Traffic Act, technical requirements Norway, for example, has already
each country differs primarily in have not yet been defined. In implemented the framework
terms of practical implementation. various funded projects, such as conditions for tests, while Spain is
France, the Netherlands, Austria, Germany’s successfully completed still in the early stages of developing
and Great Britain are leading the project PEGASUS 6 or its follow-up specifications. Italy, on the other
way, having implemented the research consortium VVM (research hand, has already passed its first
Vienna model primarily following association for verification/ law for tests on certain roads.
guidelines and regulations for validation of autonomous driving Finland is also well advanced in
testing automated vehicles (AV) systems) 7, experts from highly this area, having stipulated the
on public roads. Their main focus diverse areas of industry and framework conditions for tests and
is on operational safety, functional supplier industries are developing passed the first laws that form the
safety, and cybersecurity. legally secure and efficient basis for later AV approval.
STATUS OF LEGISLATION IN EUROPE
6 Finland
Framework available
and 2 new laws
1 Norway 5 Sweden approved that further
Testing framework AV testing allowed enable AV
available but limited with planned
in reviewing legislation currently
technical extremes in discussion
6
7 The Netherlands
1 5 A comprehensive
framework for
2 UK allowing self-driving
Expanded Code of car tests
Conduct and aims for
fully autonomous car
tests by 2021
8 Germany
2 7 Comprehensive
8 framework with
3 France expanded legislation
Conducts incremental being prepared
changes to legislation
with L5 testing limited 3
9
9 Italy
Passed its first law
regulating testing on
4 Spain 4 designated roads
Comprehensive laws
are pending; Current
framework is very
limiting
No framework Comprehensive framework (testing and usage in
complete country with L5 tech)
TÜV SÜD | Automated driving requires international regulations 5USA check by technical service providers
The situation in the United States or the like is not required.
Many of the world’s
seems particularly confusing at first
glance but follows a familiar pattern. States on the West Coast, such
national platforms and
Federalism is particularly pronounced as California and Nevada, began initiatives that strive
in the United States. The states to create legal frameworks for for standardisation and
have considerable independence in automated driving and testing over uniform requirements
matters of transport. To some extent, ten years ago. The Department have formed the
more variation in traffic regulations of Transportation has stated its International Alliance
exists amongst individual states intention to create federal rules.
for Mobility Testing and
than has ever been the case in past
decades with European countries. A ASIA
Standardization (IAMTS).
striking example illustrates this: the Asia is more advanced in developing
various American states interpret regulations, standards and tests
a red traffic signal in different than the rest of the world. China is certification of advanced mobility
ways. A red light can have the same rapidly adapting its legislation, albeit systems and services, and the
significance as a stop sign in certain with major differences in the various development of applicable global
states; in others, it is comparable to regions. South Korea and Singapore safety standards which aim to create
Germany’s green arrow sign, which are at the forefront of development a commonly accepted framework of
allows drivers to turn right on red and can boast the first testing and regulations. IAMTS’s mission is “to
when there are no drivers with the approval standards and regulations develop and grow an international
right-of-way at an intersection. in the field of automated driving. One portfolio of smart mobility testbeds
However, in other states, a red light example of this is the four-part TR68 that meet the highest quality
means the same as it does in Europe. standard from Singapore, developed implementation and operational
For this reason, it is only logical that in connection with activities at standards.”
the rules for automated test-drives CETRAN (Center of Excellence for
are created at the state level. Testing and Research of AVs) at THE WORK OF THE UNECE IN
Nanyang Technology University AUTOMATED AND CONNECTED
Production vehicles equipped for in Singapore. 8 By contrast, Japan, DRIVING
level 3 and above will have to be one of the most significant OEM For years, the UNECE has been
designed for all regions. However, locations, has only adapted its laws involved in all regional and national
it is not at all certain that UNECE for testing, and efforts are being efforts to get AV on the road by
rules and regulations will find made to include the first automation drafting a uniform regulatory
their way into US legislation. This functions, such as ALKS, in the framework for global requirements to
country has always followed its national approval process. approve such vehicles. The reasons:
own course with regard to vehicle § Vehicles are global products
approval. The reverse is also true. Many of the world’s national whose components are produced
Across the Atlantic, regulations platforms and initiatives that strive throughout the world.
like the Federal Motor Vehicle for standardisation and uniform § Uniform specifications are a
Safety Standards (FMVSS) of the requirements, such as the creation basic requirement for the rapid
Department of Transportation of testing methods for automated introduction of AV and their
(DOT) stipulate the requirements and connected driving, have formed approval in core markets.
for vehicles and components. There the International Alliance for § Uniform global regulations
is no homologation comparable to Mobility Testing and Standardization engender trust in consumers.
the procedure in countries within (IAMTS) to develop practicable
the UNECE region. Manufacturers and harmonised standards The first steps towards an
confirm that their products comply around automated driving.9 As a internationally uniform regulation
with the DOT rules, for example, member of the IAMTS, TÜV SÜD is were the corresponding
by printing this on a component. A closely involved in the testing and adjustments to the Geneva and
6 Automated driving requires international regulations | TÜV SÜDVienna Conventions. The various Regulations (WP.29) is responsible
contracting states and their relevant for the development and formulation
licensing authorities, such as of a uniform set of rules for the
The first steps towards
partner organisations NHTSA, the approval of AV. The international
an internationally
European Commission and CATARC, agreements of 1958 and 1998 uniform regulation
are collaborating on this, supported involve the participation of nearly were the corresponding
by international expert associations all countries. The understanding adjustments to the
including CITA, OICA, and CLEPA in that automated driving would Geneva and Vienna
the definition of requirements and increase overall safety and improve Conventions.
design. mobility has led to the definition of
thirteen key issues for the global
The World Forum for the harmonisation of regulations and
Harmonization of Vehicle requirements. 4
KEY ISSUES AND PRINCIPLES REGARDING UNECE
WP.29 focuses on following issues and principles.
Main parts will be discussed and developed under GRVA.
01 Cybersecurity
13 System Safety 02 Software Updates
12 Failsafe Response 03 Event Data Recorder /
Data Storage System AV
11 HMI / Operator
Information 04 Vehicle Maintenance
and Inspection
10 Object Event Detection
and Response (OEDR)
05 Consumer Education
and Training
09 Operational Design
Domain (ODD/OD)
06 Crashworthiness
and Compatibility
08 Validation for System
Safety 07 Post-crash
AV behaviour
AV: Automated Vehicles HMI: Human Machine Interface
TÜV SÜD | Automated driving requires international regulations 7A total of five working groups, part driving and accident data. Other § Automatic steering function
of the Working Party on Automated/ key issues are cybersecurity and § Functional safety requirements
Autonomous and Connected software updates (including over- § Validation methods for automated
Vehicles (GRVA), were designated to the-air). driving
develop the relevant regulations: § Cybersecurity and software
§ Informal Working Group (IWG) Another participant in the updates (over-the-air)
on Automatically Commanded development of uniform global § Data storage system for
Steering Function (ACSF) regulations related to autonomous automated driving
§ IWG on Functional Requirements driving is the Global Forum for Road
for Automated and Autonomous Safety WP.1. National authorities This has resulted in templates for
Vehicles (FRAV) are working closely with teams three new UNECE regulations:
§ IWG on Validation Method for of experts from OEM, industry, § UNECE regulation for uniform
Automated Driving (VMAD) technical services and other testing of software update
§ IWG on Data Storage System for specialist areas on international processes
Automated Driving / Event Data requirements for AV’s global § UNECE regulation for the
Recorder (DSSAD/EDR) approval. uniform testing of vehicles for
§ Task Force on Cybersecurity and cybersecurity and cybersecurity
over-the-air issues (CS/OTA) Accordingly, the aforementioned management systems
GRVA sub-working groups were able § UN regulation for the first
Their focus is on the functional to submit drafts for new regulations automated driving function:
safety of automated driving on the abovementioned topics Automated lane keeping systems
functions, as well as new validation in spring 2020, which WP.29 has (ALKS)
methods and systems for storing already adopted in 181 session.
st
Pioneering achievement: First UNECE regulation for
a level 3 lane keeping system
After the adopted UN regulations seats plus driver. The regulation is keeping system within a defined
are approved and conveyed to also limited to systems that function period. As long as the system
the contracting parties of the at speeds of up to sixty kilometres autonomously takes over driving,
1958 UNECE Agreement, and an per hour. This covers the automated drivers at level 3 no longer have to
accompanying six-month phase for driving function which controls keep their hands on the steering
comments has passed, individual the vehicle in the longitudinal and wheel, or otherwise prove their
countries can incorporate the lateral directions, thereby keeping attentiveness. Conversely, the
regulations, such as those for it in the lane without the driver’s driver must be able to intervene at
automated lane keeping system involvement. any time and take control again.
(ALKS), into applicable law. UNECE is thus following the
An important aspect of the planned Vienna Agreement, which always
THE UNECE REGULATION IN DETAIL regulation deals with monitoring gives the driver priority over an
The ALKS is the first set of rules and the driver’s condition, also known automatic steering function. The
regulations for automated driving as ‘driver monitoring’ or ‘driver same applies to the operation of
and as such is initially limited to awareness monitoring’. It must the brake or accelerator pedal; like
vehicles of the category M1 - that is, ensure that the driver can follow manual steering, it switches off the
passenger vehicles with up to eight a request to take over the lane ALKS.
8 Automated driving requires international regulations | TÜV SÜDThe human-machine interface, and of the regulation, the ALKS to legal requirements can be
the demands placed on the system regulation also requires the implemented via software updates
to monitor the human driver, are a fulfilment of the two new UNECE as well. Until now, these have
core element of the new regulation regulations for cybersecurity and been installed almost exclusively
and a real innovation. The regulation software updates. in workshops. But manufacturers
requires the system to monitor and suppliers have begun working
whether, during system activation, PROTECTION AGAINST ATTACKS on a so-called over-the-air method
the driver conforms to requirements One of the three upcoming (OTA), where the new program code
by sitting in the driver’s seat and regulations is concerned with is imported via connected Wi-Fi or a
wearing the seatbelt. Or in the case cybersecurity and the requisite cellular connection. For this reason,
of an event, such as reaching the management systems at the the Software Update Management
system limits, the system can record manufacturer and its supply chain. System (SUMS) required by
the situation and take over the This is to ensure that the vehicle’s UNECE places high demands on
driving task responsibly. 2 systems and software cannot be the quality of the procedure. For
compromised. The requirements example, the exclusive transfer of
The draft gives examples of criteria of the cybersecurity regulation software approved by the vehicle
to be detected: intervene in the three phases manufacturer must be guaranteed.
§ Blinking of a vehicle’s life cycle: during A check is therefore provided
§ Closed eyelids development, in production and before and after the update to
§ Deliberate head or body afterwards. determine whether the program
movements code fits not only the vehicle
§ Pressing switches and other The future core element that will model but the individual type. The
control elements only within check for compliant cybersecurity SUMS also requires a Certificate of
reach of the driver can also management systems is a Compliance.11
serve as a positive indication of Certificate of Compliance, issued by
attention an accredited organisation such as BASIC FUNCTIONS OF A LANE
TÜV SÜD.10 Vehicle manufacturers KEEPING SYSTEM FOR LEVEL 3
At least two independent criteria have to fullfil the new UNECE Based on the regulations under
must be met for the driver to be Cybersecurity Regulation to receive consideration, there are three
considered available. The time type approval in the EU from July operational states once the driver
between checks cannot be longer 2022 for all new vehicle types has activated the system, which
than thirty seconds. If the driver and from July 2024 for all newly must always be switched on
needs to take over, the design produced vehicles. manually. Furthermore, the process
requires the system to instruct must be repeated after each engine
them intuitively and unambiguously SECURITY DURING AN UPDATE start and is accompanied by a
to take over manual control of the Another UNECE regulation is self-test. An exception is made for
vehicle. concerned with software update operation using a start-stop system;
processes. It specifies how updates in this case, activation at the start of
An automatic lane keeping system should be handled and which the journey is sufficient.
for level 3 is a complex system management processes must be
that must first be defined. This can established. The software used in Afterwards, the system is running in
be found in the new regulation. highly automated vehicles will most one of three states:
Naturally, this kind of system likely require regular updates. The
contains a lot of electronics, reasons for this are manifold. On the Normal operation. The automated
software and interfaces, and their one hand, new threats are possible driving function records all
safeguarding and inspection are due to previously unknown security necessary data and information via
of central importance. In addition vulnerabilities; an update can sensors, and carries out the driving
to the requirements for complex eliminate them. Also, improvements task independently by controlling
electronic systems in Annex 4 to ease of use are possible. Changes lateral and longitudinal movements.
TÜV SÜD | Automated driving requires international regulations 9GENERIC FUNCTION DIAGRAM OF THE LEVEL 3 ALKS SYSTEM
Cyber Software
ALL Interaction between the Normal security updates
ENTER System activation
OK driver/system – System activation operation
IF Interaction between the
NOT driver/system – System unavailability
Normal operation Interaction between Object event detection Interaction between Normal operation
OPERATION
NORMAL
(unless specified the driver/system – response within the the driver/system – (Build-In-Self-Tests)
otherwise) Driver availability automated mode & Override/Suppressing
operational speed override
If system has
difficulties
Collision risk
OPERATION
If override
REDUCED
detected Manual deactivation Minimum Risk
Transition Manoeuvre
Driver not available
Emergency Demand
Transition demand
Manoeuvre
Collision risk System
Normal operation Overtaking deactivated
disappears
OPERATION
Interaction between the
END
EXIT
driver/system – System deactivation
Normal Operation Emergency Manoeuvre
Conclusion of the diagram based on document GRVA-06-02r4e
Interaction Driver/System (HMI) Minimum Risk Manoeuvre
Object Event Detection Response (OEDR) Transition Demand
The interaction between the system driver receives a takeover request. follow the prompts it receives. In the
and the driver is running undisturbed. If he/she does not intervene, a case of an automatic lane keeping
The driver-condition monitoring driving manoeuvre will be initiated to system, this means that after explicit
system reports that the requirements minimise risk, which ends when the activation by the driver, the system
for the driver to operate the ALKS vehicle comes to a stop. The system processes the longitudinal and
are met, and he/she could intervene always follows the primary goal of lateral functions while driving and
if necessary. Deliberate corrections, avoiding a collision. monitoring the driver. This includes
such as a brief change in speed, are checking via condition monitoring
also possible. Deactivated. The system is ready whether the driver is available. The
for operation, but the driver is system then performs its normal task
Reduced operation. A problem has steering or has perhaps assumed via sensors and actuators, to keep
occurred, and the driver is warned. responsibility for driving, following a the vehicle in the selected lane. As
At the same time, the system tries request for system takeover. soon as an intervention becomes
independent countermeasures such necessary, or the driver deliberately
as evasive action within its own DEFINITION OF TEST CRITERIA intervenes, the automated driving
lane. If this succeeds, it will go back The basic requirement for a complex function must switch to emergency
to normal operation. Otherwise, the electronic system is that it must mode.
10 Automated driving requires international regulations | TÜV SÜDTest scenarios for the automated lane keeping
system
To verify the safety of the complex licensing authorities, or the normal lane guidance in longitudinal
overall system, the ALKS regulation designated technical service and transverse directions, tests
requires an audit of the safety providers. Further requirements primarily deal with disturbances
concept for its functional and include a series of physical caused by stationary objects on the
operational safety; verification is tests, listed in Annex 5, which road and by other vehicles, such as
achieved using simulations and are carried out by a designated moving into or out of the vehicle’s
real tests. The documentation technical service provider lane. It will also be important to
required for the audit is provided by or in cooperation with the assess the area covered by the
the manufacturer, the responsible manufacturer. In addition to system.
6 TEST SCENARIOS TO ASSESS THE PERFORMANCE OF ALKS REGARDING
THE DYNAMIC DRIVING TASK
4.1 Lane keeping 4.4 Lane change of another vehicle into
the lane
1. 1.
y y
2. 2.
x x
4.2 Avoid a collision with a road user or 4.5 Stationary obstacle after lane
object blocking the lane change of the lead vehicle
1. 1.
y y
2. 2.
x x
4.3 Following a lead vehicle 4.6 Field of view
1. 1.
2. y
2. y
x x
VUT TSV Driving corridor
The validation requirements relate These are first checked during the the manufacturer’s safety concept
to the main criteria of human- audit and assessment according must be confirmed. The methods
machine interface, normal function, to Annex 4 of the regulation. 3 Audit used, of driving on test tracks and
dealing with emergency situations results serve as the basis for the operation in real traffic, are tried
and the identification of objects. actual tests. The function itself and and tested. The design also opens
TÜV SÜD | Automated driving requires international regulations 11the possibility of using simulations of functions, the manufacturer’s security conditions apply. Critical
in the type-approval process, for security and management concept, driving manoeuvres prohibited in
example, to verify valid system and information for the end user are public traffic areas are possible
behaviour in a critical situation, thoroughly appraised. The overall on closed test tracks. It is also
or to test a very broad range of aim is to determine the suitability of possible to predict the behaviour of
parameters.12 the system for use on public roads. a vehicle and its systems in other
Approval by an approval authority environments.
MERGING PHYSICAL AND VIRTUAL then takes place via the technical
TESTS service documentation. However, only public roads provide a
Some scenarios are too complex to range of realistic conditions, without
test on a test track or even on public DYNAMIC TESTS which a comprehensive assessment
roads. Simulation can provide a Six basic scenarios are used is not possible. Therefore, the
valuable service in such cases. This to check the automated driving appropriate procedure is to validate
calls for the creation of appropriate function’s system behaviour in the knowledge gained on the test
tools and the guarantee that the reaction to defined traffic situations, track on the road.
simulation models sufficiently from common to critical, according
adhere to reality.13 The results of to Annex 5 of the regulation. This SCOPE OF TESTS ON ROAD AND
real test-drives are combined with includes dealing with motorcycles, TEST TRACK
the simulations, allowing experts to but also awareness for traffic The steps for testing on the test
make statements about the overall light systems, emergency vehicles track are far more extensive than
performance of the systems. This and construction sites, as well as for those in public traffic. On their
enables them to conclude from correctly reacting to people on the premises, the experts work through
correct reactions, in physical and road. a checklist of more than seventy
simulated test operations, that other points. Data read or recorded from
requirements are also correctly VALIDATION ON THE ROAD seven categories must deliver results
fulfilled.13 Detailed documentation Regarding the issue of what, across 117 scenarios, whereas a
is included in the expert’s report. where and under what conditions checklist of around twenty-four
Hence, the requirements, the range a vehicle is being tested, strict criteria applies on general roads.
WHAT TESTS ARE REQUIRED?
DOMAIN CATEGORIES
Requirements Requirements
confirmed by confirmed by
CHECKLIST DATA ACQUISITION
Proving Ground
70 items 117 single scenarios
in 7 categories
Documentation of
Road 24 items
24 Checklist items
12 Automated driving requires international regulations | TÜV SÜDThe regulations define criteria testing verification points can be up and the vehicle registering this.
not only for an automated lane derived from the requirements in Even this must be considered and
keeping system but also for the regulation’s main text and the documented in a test plan. The
the test procedures and their corresponding annexes that address validation of the test environment
environment. At first glance, the requirements for the complex has a larger scope. Is it safe to
the challenge inherent in the electronic system, as well as the use? Are the required speeds and
regulation is that it does not test specifications. Some points do distances drivable? This includes
define any explicit tests and not require a complex test setup, observing the weather and road
requirements. However, ninety-six with test drivers simply buckling conditions.
TEST SPECIFICATIONS FOR ALKS - HOW DO CHECKLIST REQUIREMENTS LOOK LIKE?
EXCERPT FROM NUMBER OF
CHAPTER NUMBER COMMENT
THE REGULATIONS TEXT TEST POINTS
Single points described
6.1.3.1 Criteria for deeming driver available 5
in 6.1.3.1
Single points described
5.1.3 Driver support system active 3
in 5.1.3 like wiper, …
6.3.1.1 Driver attentiveness 3 Points redundant
Annex 5
Test
specifications System behavior during a Minimal Risk Sum point for tests
Manoeuvre […] Driver take over […] required in Annex 4 and
5.5. 3
Standstill (hazard lights) […] Reactivation can be transferred to
disabled if reached standstill checklist tests
Transition demand and Sum valuation per
5.1.4 3
behavior/escalation observation
TEST-DRIVES IN REALITY In the 117 scenarios, individual events and conditions that are
The seven main categories to be points are checked at different conceivable and inconceivable
assessed are: speeds, distances, and in real traffic. This would require
§ Staying in the lane environments. Different static and many millions of kilometres of test-
§ Detection of static objects dynamic obstacles to which the drives. A deterministic approach is
§ Detection of moving objects automated driving function must therefore required to conclude that
§ Following a leading vehicle accurately react are also used. an automated driving system will
§ Entering a lane master all practical requirements.
§ Leaving a lane ENABLING DETERMINISTIC
§ Areas monitored by the system STATEMENTS To achieve this, a number of
(field of view) It is not possible to check all requirements must be met in the real
TÜV SÜD | Automated driving requires international regulations 13tests. These include 100 per cent the lateral direction, which places collision. This is the only way to test
precision, guaranteed repeatability, special demands on the localisation automated driving functions safely
and absolute secure control during and control of dynamic objects. up to the system’s limit.
execution. In this case, precision The right safety concept is crucial
means that dynamic objects on for the safe execution of the tests. The appropriate high-quality
the test premises achieve an At a certain level of criticality, the equipment for the test site and
accuracy within ten centimetres for tests are carried out with controlled laboratories is naturally of the
measurements in the longitudinal self-driving platforms, thus reducing utmost importance.
direction and three centimetres for the risk for drivers in the event of a
Summary
The UNECE has not only created the mobility. Trust in the new technology SOTIF and cybersecurity - similar
first mandatory requirements for an is another fundamental requirement to the UNECE regulation, these are
automated lane keeping system, it for market success. important key issues. In addition
also calls for measures to prevent to preliminary examinations and
cyber threats or faulty software An example of this can be found vehicle tests, the programme
updates, as well as a data-storage in the spa town of Bad Birnbach also includes in-depth document
system that ascertains who was in Lower Bavaria, where the first reviews. These are supplemented
responsible in each respective fully automated public buses have by comprehensive dynamic tests in
driving situation. These points thus shuttled spa guests between the which driving functions are tested
become an essential part of the market square and the spa for the in a variety of real and simulated
homologation. last two years, and since last year, situations. This ultimately ensures
between the train station and the that the vehicle always reacts safely
The UNECE regulation for ALKS city centre. This system conveys and reliably. A detailed safety report
is an important first step in more than 130 people per day safely from TÜV SÜD on the vehicle’s use
the rapid implementation of through a wide variety of traffic and functional safety, along with the
automated driving, and in enabling situations. To be able to operate required expert reports, closes the
internationally uniform and on public roads, a single-vehicle regulatory gap for the recommended
simplified market access for AV. approval according to §21 StVZO approval for road use.
This development also demonstrates (Germany’s road traffic licensing
that it will take some time for AV act), in connection with exceptions With the existing national
to become a ubiquitous presence according to §70 StVZO, was possibilities for automated vehicles
on our roads. One reason for this necessary for every bus shuttle. for testing purposes on public
relates to the regulations’ adoption The exceptions according to the roads and the UNECE regulation
into applicable law, such as the EU StVZO are necessary because the for the first automated driving
directive coming into effect in the automated vehicles do not fully function in production vehicles, the
autumn of 2020. Another reason meet the requirements of the StVZO. legislators have taken a major step
is that regulations for automated To evaluate the underlying safety toward closing the gap between
driving functions beyond the scope concept of the vehicles and to justify technology and legislation. This
of ALKS have yet to be drafted. the necessary exceptions (e.g., for presents an opportunity for society
the braking system), the TÜV SÜD to accept and increasingly trust
Until then, an increasing number of technical inspection body in Bavaria the technology, thus allowing
individual permits for automated accompanied the approval process. automated driving to establish itself
vehicles will ensure that people will and continue to develop, step by
be able to experience tomorrow’s Vehicle safety, functional safety, step.
14 Automated driving requires international regulations | TÜV SÜDGLOSSARY OF ACRONYMS
ACSF – Automated Commanded Steering Function IWG –
Informal Working Group
ALKS – Automated Lane Keeping System NHTSA –
National Highway Traffic Safety Administration
AV – Automated Vehicle OICA –
International Organization of Motor Vehicle Manufacturers
CATARC – China Automotive Technology and Research Center OEM –
Original Equipment Manufacturer
CETRAN – Center of Excellence for Testing and Research of AVs OTA –
Over-the-air
CITA – International Motor Vehicle Inspection Committee PMO –
Project Management Officer
CLEPA – European Association of Automotive Suppliers SAE –
Society of Automotive Engineers
CS/OTA – Task Force on Cybersecurity and Over-the-Air Issues SOTIF –
Safety of the Intenden Function
DSSAD/EDR – Data Storage System for Automated Driving / Event Data Recorder STW –
Super Touren Wagen
DOT, or SUMS –
Software Update Management System
frequently USDOT – Department of Transportation UNECE –
United Nations, Economic Commission for Europe
FMVSS – Federal Motor Vehicle Safety Standards VMAD –
Validation Method for Automated Driving
FRAV – Functional Requirements for Automated and Autonomous Vehicles VVM –
Research Association for Verification/Validation of Autonomous
GRVA – Working Party on Automated/Autonomous and Connected Vehicles Driving Systems
IAMTS – International Alliance for Mobility Testing and Standardization WP – Working Paper
FOOTNOTES
[1] SAE J3016 [8] “TÜV SÜD entwickelt vorläufige nationale Standards in Singapur mit – zur Konstruktion
[2] Gnandt, Christian and Düser, Tobias, “Homologation and Validation of Automated und zum Einsatz autonomer Fahrzeuge,” TÜV SÜD, April 2019, URL: https://www.tuvsud.
Driving Functions: It’s all about an efficient method and process,” in Eighth International com/de-de/presse-und-medien/2019/april/tuev-sued-entwickelt-vorlaeufige-nationale-
Symposium on Development Methodology (Wiesbaden, 2019), standards-in-singapur-mit.
[3] UNECE, “Proposal for a new UN Regulation on Uniform provisions concerning the [9] IAMTS, LinkedIn, URL: https://www.linkedin.com/company/autonomous-vehicle-testing/,
approval of vehicles with regard to Automated Lane Keeping System,” GRVA-06-02- accessed May 18, 2020.
Rev.4, Sixth GRVA Session (March 2020). [10] UNECE, Proposal: Draft new UN Regulation on uniform provisions concerning the
[4] UNECE, “Revised Framework document on automated/autonomous vehicles,” ECE/ approval of vehicles with regard to cyber security and of their cybersecurity management
TRANS/WP.29/2019/34/Rev.2, in 180th Session of World Forum for Harmonization of systems, GRVA-06-19-Rev.1, Sixth GRVA Session (March 2020).
Vehicle Regula-tions (WP.29), (2019). [11] UNECE, Proposal: Draft new UN Regulation on uniform provisions concerning the
[5] Koller, Benjamin and Matawa, Robert, “Approval of automated driving functions: approval of software update processes, GRVA-05-06, Fifth GRVA Session (January 2020).
worldwide regulatory overview, proving ground testing, customer acceptance,” in 11th [12] Koller, Benjamin and Düser, Tobias, “Homologation und Validierung von automatisierten
ATZ chassi.tech plus 2020 (Virtual Conference Munich, 2020) Fahrfunktionen,” ATZextra, March 2020, pp. 22–26.
[6] Pegasus, URL: https://www.pegasusprojekt.de/en/, accessed May 18, 2020. [13] Düser, Tobias, Abdellatif, Houssem, Gutenkunst Christian, Gnandt Christian, “Ansätze
[7] “VVMethoden: Verifikations- und Validierungsmethoden automatisierter Fahrzeuge für die Homologation automatisierter Fahrfunktionen,” ATZelektronik 14, no. 10 (2019):
Level 4 und 5,” TÜV Rheinland Consulting, URL: http://www.tuvpt.de/index. 54–60.
php?id=vvmethoden, accessed May 18, 2020.
COPYRIGHT NOTICE
The information contained in this document represents the current view of TÜV SÜD on the issues discussed as of the date of publication. Because TÜV SÜD must respond to changing
market conditions, it should not be interpreted to be a commitment on the part of TÜV SÜD, and TÜV SÜD cannot guarantee the accuracy of any information presented after the date of
publication. This White Paper is for informational purposes only. TÜV SÜD makes no warranties, express, implied or statutory, as to the information in this document.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or
introduced into a retrieval system, or trans-mitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express
written permission of TÜV SÜD. TÜV SÜD may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document.
Except as expressly provided in any written license agreement from TÜV SÜD, the furnishing of this document does not give you any license to these patents, trademarks, copyrights,
or other intellectual property. ANY RE-PRODUCTION, ADAPTATION OR TRANSLATION OF THIS DOCUMENT WITHOUT PRIOR WRITTEN PERMISSION IS PROHIBITED, EXCEPT AS
ALLOWED UNDER THE COPYRIGHT LAWS. © TÜV SÜD Group – 2020 – All rights reserved – TÜV SÜD is a registered trademark of TÜV SÜD Group.
DISCLAIMER
All reasonable measures have been taken to ensure the quality, reliability, and accuracy of the information in the content. However, TÜV SÜD is not responsible for the third-party content
contained in this newsletter. TÜV SÜD makes no warranties or representations, expressed or implied, as to the accuracy or completeness of infor-mation contained in this newsletter.
This newsletter is intended to provide general information on a particular subject or subjects and is not an exhaustive treatment of such subject(s). Accordingly, the information in
this newsletter is not intended to constitute consulting or professional advice or services. If you are seeking advice on any matters relating to information in this newsletter, you
should – where appropriate – contact us directly with your specific query or seek advice from qualified professional people. TÜV SÜD ensures that the provision of its services meets
independence, impartiality and objectivity requirements. The information con-tained in this newsletter may not be copied, quoted, or referred to in any other publication or materials
without the prior written consent of TÜV SÜD. All rights reserved © 2020 TÜV SÜD.
TÜV SÜD | Automated driving requires international regulations 15Find out more about TÜV SÜD’s
services for autonomous driving
www.tuvsud.com/autonomous-driving
automotive@tuvsud.com
Add value. Inspire trust.
TÜV SÜD is a trusted partner of choice for safety, security and sustainability solutions. It specialises in testing,
certification, auditing and advisory services. Since 1866, the company has remained committed to its purpose of
enabling progress by protecting people, the environment and assets from technology-related risks. Through more than
24,000 employees across over 1,000 locations, it adds value to customers and partners by enabling market access
and managing risks. By anticipating technological developments and facilitating change, TÜV SÜD inspires trust in a
physical and digital world to create a safer and more sustainable future.
2020 © TÜV SÜD AG | MKG/AM/25.0/en/DE
TÜV SÜD AG
Westendstr. 199,
80686 Munich, Germany
+49 89 5791 0
www.tuvsud.com
16 Automated driving requires international regulations | TÜV SÜDYou can also read
