Simplified Proposal for Vehicle Automation Modes

InsuNews January 31, 2022
Simplified Proposal for Vehicle Automation Modes

 Vehicle Automation Modes emphasize the responsibilities of a self-driving vehicle user

Now that the AV industry has backed away from SAE Levels, especially the highly problematic Level 3, it’s time for a fresh look at operating modes of vehicle automation technology.

If you follow self-driving car technology it’s likely you’ve encountered the SAE Levels of automation. The SAE Levels range from 0 to 5, with higher numbers indicating more capable driving automation technology (but not necessarily higher levels of safety). Unfortunately, in public discussions there is significant confusion and misuse of that terminology. In large part that is because the SAE Levels are primarily based on an engineering view rather than the perspective of a person driving the car.

We need a different categorization approach. One that emphasizes how drivers and organizations will deploy these vehicles rather than the underlying technology. Such an approach needs to emphasize the practical aspects of the driver’s role in vehicle operation.

If you doubt that another set of terminology is needed, consider the common informal use of the term “Level 2+,” which is undefined by the underlying SAE J3016 standard that sets the SAE Levels. Consider also the fact that different companies mean significantly different things when they say “Level 3.” In some cases Level 3 follows SAE J3016, meaning that the driver is responsible for monitoring vehicle operation and being ready to jump in — even without any notice at all — to take over if something goes wrong. In other cases vehicles described as Level 3 are expected to safely bring themselves to a stop even if the driver does not notice a problem, which is more like a “Level 3+” concept (also undefined by SAE J3016).

Even more importantly, the SAE Levels say nothing about all the safety relevant tasks that a human driver does beyond actual driving. For example, someone has to make sure that the kids are buckled into their car seats. To actually deploy such vehicles, we need to cover the whole picture, in which driving is critical but only a piece of the safety puzzle.

With the recent removal of support for the SAE J3016 level system by the Autonomous Vehicle Industry Association, the time is ripe for revisiting how we talk about the different operational modes for vehicle automation. 

We start with the premise that for practical purposes all new vehicles will have some sort of active safety system such as Automated Emergency Braking (AEB) and so skip a category specifically for vehicles with no driver assistance. (One could use a “No Assistance” mode if desired, but it adds unnecessary clutter for most purposes.) We also include a distinct category for testing to help close the SAE Level 2 Loophole which let companies test immature technology without regulatory oversight simply by (improperly) claiming a safety driver made a vehicle SAE Level 2. There is no explicit mapping to the SAE Levels, because that would important baggage that could compromise safety.

The Four Operational Modes

In creating a driver-centric description of capabilities, the most important thing is not the details of the technology, but rather what role and responsibility the driver is assigned in overall vehicle operation. We propose four categories of vehicle operation: Driver Assistance, Supervised Automation, Autonomous Operation, and Vehicle Testing.

See also  Congress sat back and let trucks become heavier, taller, and deadlier. Now pedestrian fatalities are at a 40-year high.

Driver Assistance:

Woman driving with both hands on the wheel.

Driver Assistance: A licensed human driver drives, and the vehicle assists.

Human Role: DrivingVehicle Role: Active Safety, Driver Support, Driving Convenience

The technology’s job is to help the driver do better by improving the vehicle’s ability to execute the driver’s commands and reduce the severity of any impending crash. Convenience features might also be provided, excluding sustained automated steering.

This might include anti-lock brakes, stability control, cruise control, adaptive cruise control, and automatic emergency braking. The driver always remains in the steering loop, exerting at least some form of sustained control over lane keeping and turns to ensure engagement. 

Momentary intervention by active safety and driver support functions in the steering function such as a nudge at lane boundaries is considered driver support rather than steering automation. Active safety might momentarily intervene in steering in response to a specific high risk situation but should not permit itself to be used in lieu of continuous driver control of steering in non-emergency situations. Completely automated speed control is permitted (e.g., adaptive cruise control).

Supervised Automation

Woman hands off the steering wheel. Eyes on the road monitoring the vehicle

Supervised Automation: The vehicle controls speed and lane keeping. A human driver handles things the system is not designed to address.

Human Role: Eyes on road, monitors for and intervenes in situations vehicle is not designed to handle, executes turns and other tasks beyond ordinary lane-keeping.Vehicle Role: Provides steady cruise functions of lane-keeping and speed control.

Technology normally provides a speed and lane-keeping “cruise” capability when feature is activated. A licensed human driver is responsible for continuous monitoring of driving and intervening when a situation is encountered beyond the design scope of the system. Human driver is responsible for  situations outside the stated design capabilities of the system. The design capabilities exclude turning at intersections and other scenarios beyond traversing the current roadway. Automation might not be capable of handling situations outside its stated capability, which the driver is aware of and accounts for in supervision. Driver is able to take over full control when desired.

An effective driver monitoring system is required to ensure driver remains situationally aware and is capable of taking over when required for safety. (This does not have to mean hands on the wheel. Keeping hands on the wheel might be required for testing, and might be required in vehicles that do not have camera-based driver monitoring systems. But the requirement for Supervised Automation is simply that the driver must be able to respond when needed, and it is up to the feature developer to determine how to accomplish that.)

See also  The Safety of Technology

Supervised autonomation should make it reasonable to expect a civilian driver without specialized training to achieve at least as good a safety record as would be the case without steering automation given comparable other vehicle capabilities and operational conditions. As a practical matter, this limits use to highway cruise-control style applications where the vehicle does both lane keeping and speed/separation control. If the vehicle can make turns at intersections, with current technology it is beyond what is reasonably safe for civilian driver supervision, and instead is likely to be a road test vehicle.

Autonomous Operation

Man reading with eyes off the road as vehicle performs driving tasksNo human behind the wheel.

Autonomous Operation: The whole vehicle is completely capable of operation with no human monitoring.

Human Role: No Human DriverVehicle Role: Responsible for all aspects of driving and safety, completely replacing the role of a taxi driver, truck driver, etc. with regard to performing driving and ensuring safety while driving.

The vehicle can complete an entire driving mission under normal circumstances without human supervision. If something goes wrong, the vehicle is entirely responsible for alerting humans that it needs assistance, and for operating safely until that assistance is available. Things that might go wrong include not only encountering unforeseen situations and technology failures, but also flat tires, a battery fire, being hit by another vehicle, or all of these things at once. People in the vehicle, if there are any, might not be licensed drivers, and might not be capable of assuming the role of “captain of the ship.” 

Examples of Autonomous vehicles might include uncrewed robo-taxis, driverless last mile delivery vehicles, and heavy trucks in which the driver is permitted to be asleep. Achieving safety will depend on the autonomous vehicle being able to handle everything that comes its way, for example according to the UL 4600 safety standard.

Vehicle Testing

Photo by Alena Darmel from Pexels

Vehicle Testing: A trained safety driver supervises the operation of an automation testing platform.

Human Role: Trained safety driverVehicle Role: Automation being tested is expected to exhibit dangerous behaviorsThe vehicle is a test bed for vehicle automation features. Because it is immature technology, the driver must have specialized training and operating procedures to ensure public safety, for example according to the SAE J3018 road testing operator safety standard in accordance with a suitable Safety Management System (SMS).

See also  BMW issues recall after Takata airbags blow apart, hurl shrapnel at drivers

Any vehicle which might exhibit dangerous behavior beyond the capability of an ordinary licensed driver, or that requires special qualification and care due to potentially dangerous behavior is an automation test platform, and anyone operating such a vehicle is doing Vehicle Testing. (Alternately, such a platform is a defective Supervised Automation platform which should not be operating on public roads.)

Driver Liability:

An advantage of this classification is that it provides a straightforward way to address driver liability.

Driver Assistance: As with conventional vehicles.Supervised Automation: Absent vehicle defects, the driver is responsible for safe operation. Vehicle defects are activated when the automation does not perform as described to the driver, including incorrect responses to scenarios said to be handled automatically and also failure to respond to a situation the driver has been told is covered automatically.Autonomous Operation: the vehicle automation is responsible for safety.Vehicle Testing: The organization performing testing is responsible for safety in accordance with a Safety Management System that includes driver qualification, driver training, and testing protocols.

Other Considerations:

A single vehicle can operate in multiple modes across its trip. For example a single trip can start in Driver Assistance mode on local roads, switch to Supervised Automation on a limited access highway, and then switch to Autonomous Operation on a designated portion of roads (federal highway, urban downtown, parking garage) as is compatible with its design restrictions.

All modes must have provisions for mitigating risk from foreseeable misuse and abuse. That includes ensuring operation of modes within their intended restrictions (e.g., enforcing the J3016 concept of an Operational Design Domain (ODD)).

Mode changes must be done safely. The principle should be that a human driver can take control in a situation for which that can be safely done, but a human driver can never be forced to assume control involuntarily. Automation must make a best effort to ensure the highest level of safety it is capable of even without human intervention, but nonetheless is not responsible beyond best effort for dealing with aspects of vehicle and control beyond its currently active mode. The one exception is Vehicle Testing mode, which because it involves immature technology cannot be counted on to provide any automation function beyond a high integrity mechanism for the human test driver to assert vehicle control.

Mode confusion is a critical issue with system safety. There must be an effective scheme for ensuring that any driver is aware of the current vehicle mode. Changes in modes are not permitted without unambiguous determination that any human driver that might be involved has shifted their mental model of current mode to match the actual vehicle mode in effect after the transition.

Tags: , ,

More Stories

The Importance of Internal Steering Linkage: How It Affects Vehicle Handling and Safety

The Importance of Internal Steering Linkage: How It Affects Vehicle Handling and Safety

InsuNews May 23, 2024
Car Seats For The Littles

Safety 1st TriMate Multimode Car Seat Review

InsuNews May 23, 2024
Car Seats For The Littles

Graco TurboBooster 2.0 LX Booster Seat Review

InsuNews May 22, 2024

You may have missed

Please help me figure out individual out of pocket max and family.

InsuNews May 28, 2024
2025 Acura MDX prices rise thanks to new tech and audio

2025 Acura MDX prices rise thanks to new tech and audio

InsuNews May 28, 2024
12 Reasons to Be Proud of Your Career Choice

12 Reasons to Be Proud of Your Career Choice

InsuNews May 28, 2024
Digital is critical for auto insurance shopping: JD Power

Digital is critical for auto insurance shopping: JD Power

InsuNews May 28, 2024

Unusual disclaimer in employer provided health insurance? Employer pays health care bills not insurance?

InsuNews May 28, 2024