Automated Driving Systems 2.0: A Vision for Safety (Draft Guidance)
What it does
Provides regulatory guidance for automated vehicle technology with respect to safety, innovation, and federal and state roles.
The National Highway Transportation Safety Administration (NHTSA) created Automated Driving Systems 2.0: Vision for Safety is an updated version of the Federal Automated Vehicle Policy (FAVP; SciPol Brief available) issued in 2016. Compared to its predecessor, A Vision for Safety is more concise, emphasizes the voluntary nature of the guidelines, and modifies the list of ADS Safety Elements, which manufacturers are encouraged to consider for system assessment, testing and validation. The guidance also clarifies the differences in federal and state authority and their roles in establishing safety practices.
The material provided in the guidance is entirely voluntary. The intent is to employ a non-regulatory approach to the development of automated vehicle technology that supports industry innovation by limiting regulations that may not be able to keep up with the pace of rapidly evolving automated vehicle technology.
The guidance applies to the design, construction and performance of automated driving systems (ADS) within NHTSA’s jurisdiction. This includes motor vehicles (i.e., low-speed vehicles, motorcycles, passenger vehicles, medium duty and heavy-duty CMVs) and motor vehicle equipment. ADS includes highly automated vehicles falling under SAE levels of automation 3 through 5 (further explained in the Background section), referred to as Conditional, High, and Full Automated Systems.
The guidance is divided into two main parts:
- Section 1: Voluntary Guidance for Automated Driving Systems (Voluntary Guidance), summarizing 12 safety elements to help automotive industry stakeholders (i.e., entities engaged in in ADS testing and deployment) identify and resolve safety issues prior to deployment; and
- Section 2: Technical Assistance to States: Best Practices for Legislatures Regarding Automated Driving Systems (Best Practices), to differentiate between federal and state roles in ADS regulation.
Section 1: Voluntary Guidance
While in the design stages, entities are encouraged to document the methods (e.g., industry standards, best practices, company policy) employed to address each of the 12 safety elements for equipment assessment, testing and validation. These elements include:
- System Safety: Entities are encouraged to implement a systems engineering approach to ensure ADSs are devoid of unreasonable safety risks. this may include following standards set by accredited standards-developing industry organizations such as International Standards Organization and SAE International where applicable.
- Operational Design Domain (ODD): Entities are encouraged to document the vehicle’s ODD, which describes the specific conditions under which a given ADS or feature is intended to function. This includes ADSs limits and boundaries for the following:
- Roadway types
- Geographic area
- Speed range
- Environmental conditions
- Object and Event Detection Response (OEDR): Entities are encouraged to consider the driver’s or ADS’ ability to notice and respond to relevant features of the driving environment, including normal driving and pre-crash scenarios.
- Fallback (Minimal Risk Condition): Entities are encouraged to develop “fallback” processes for when the ADS cannot operate safely (e.g., due to a malfunction or damage), such as stopping the vehicle or changing speed. The ADS should be able to detect malfunctions or determine when it is operating outside of the ODD. In some cases, the fallback may direct the system to assume a “minimal risk condition“, or having the vehicle respond in the safest manner given the driving conditions.
- Validation Methods: Entities should be able to validate how the ADS mitigates risk under normal conditions, crash avoidance situations, and fallback strategy scenarios. Methods of evaluation may include simulation, test track and on road safety.
- Human Machine Interface (HMI): Entities should consider the way that the ADS will pass on information or requests to the driver (e.g. to assist with a driving task) and vice versa. This is mainly pertinent to cases where drivers could be involved, such as in Level 3.
- Vehicle Cybersecurity: Entities should attempt to minimize cybersecurity threats and vulnerabilities. Entities should also disclose threatening incidents, exploits and vulnerabilities to the from internal testing, consumer reporting, or external security to the Auto-Information Sharing and Analysis Center (Auto-ISAC). The Auto-ISAC is an industry-operated platform that promotes cyber-security awareness and encourages open communication among the automotive industry.
- Crashworthiness: Entities should determine the best way to protect vehicle occupants in a crash scenario. Vehicles without occupants should provide geometric and energy absorption crash compatibility with existing vehicles on the road.
- Post-Crash ADS Behaviour: Entities should take into account methods of returning ADSs to a safe state post-crash, and what maintenance and repair procedures are needed to return a damaged vehicle into service.
- Data Recording: Entities should document processes (for testing, validation, and data collection) related to malfunctions, degradations or failures that can be used to establish the cause of any crash.
- Consumer Education and Training: Entities should develop, document and maintain employee dealer, distributor and consumer education and training programs to address anticipated differences in use and operation of ADSs from conventional vehicles. This may include its functions, operational parameters, system structure, HMI, as well as ODD framework.
- Federal, State and Local Laws: Entities are encouraged to document how they intend to account for all applicable federal, state and local laws in the design of their vehicles and ADSs.
NHTSA recommends that entities publish a Voluntary Safety Self-Assessment, which covers the 12 safety components. The intent of the report is to demonstrate to the public that the various entities are considering safety in their designs in cooperation with the Department of Transportation (DOT). As the name suggests, the entities are not required to submit a report. NHTSA has provided an illustrative template as a guide.
Section 2: Technical Assistance to States
As vehicles are regulated under both federal and state jurisdictions, this section seeks to clarify federal and state regulatory roles regarding testing and deployment of ADSs and recommend best practices for state legislatures on developing their own regulatory frameworks. The roles of each are made explicit to foster consistency between the two bodies and guide them in creating compatible laws. This section is divided into three parts, including (1) a clarification of federal and state regulatory roles, (2) best practices for legislatures, and (3) best practices for state highway safety officials.
1. Federal and State Regulatory Roles:
NHTSA would continue to oversee safety design and performance of motor vehicles and equipment; while the states would be responsible for the human driver and vehicle operations. The states should also follow the Manual on Uniform Traffic Control Devices (MUTCD) for designing traffic control equipment (e.g., road signs, signals) to maintain infrastructure that supports autonomous vehicle navigation. Roles for NHTSA and the states would include:
- Setting Federal Motor Vehicle Safety Standards (FMVSSS) for new motor vehicles and equipment and enforcing compliance with those standards
- Issuing recalls for safety-related defects and for vehicles that do not meet federal safety standards
- Engaging with the public about motor vehicle safety issues
- Licensing for human drivers and registration for motor vehicles
- Traffic laws and regulations
- Safety inspections
- Motor vehicle insurance and liability
2. Best Practices for State Legislatures:
NHTSA recommends the following practices, based on common components of existing state regulations:
- A “technology-neutral” environment that allows all entities meeting federal and state law prerequisites for testing and deployment of ADS to operate in the state (independent of previous experience);
- Licensing and registration procedures that include ADS in the legal definition of “motor vehicle;” licensing ADS entities and the staff who perform field tests; and registering vehicles with ADSs.
- Reporting and communications methods for Public Safety Officials for reporting vehicle incidents and crashes to public safety agencies, such as first responders and law enforcement.
- A review of traffic laws and regulations that may serve as barriers to testing and deployment of ADS
3. Best Practices for State Highway Safety Officials:
The last part of the Technical Assistance for States provides a framework to states for developing procedures and conditions for ADSs’ introduction onto public roadways. It includes recommendations intended to address the concerns of state stakeholders and clarify their roles, dividing the recommendations into seven categories, based on the Model State Policy:
- Administrative: States may want to consider new administrative oversight support for states’ roles and activities as they pertain to ADSs. For example, states could incorporate:
- A lead agency that oversees testing and assembles a committee that includes representatives from a variety of government stakeholders. The lead agency could act as a communication liaison between states and entities regarding requests and statuses. ‘
- An internal process to provide permits to entities interested in testing ADS technology.
- Application for Entities to Test ADSs on Public Roadways: The guidance recommends that the application for testing stays at the state level and provides recommendations for the information provided by the entities during the application process, such as insurance, training procedures, and safety plan.
- Permission for Entities to Test ADSs on Public Roadways: The guidance recommends that permission to test stays at the state level, that state law enforcement be involved in the application process and that permission can be suspended if entities don’t adhere to requirements
- Specific Considerations for ADS Test Drivers and Operators: States should require licensing for test drivers of vehicles of SAE automation levels of 3 and lower and request summaries of additional training provided to operators of all automation levels.
- Considerations for Registration and Titling: Identification that highlights ADS capabilities on vehicle registration records.
- Working with Public Safety Officials: Ensuring that public safety officials work with ADS deployments to understand vehicles and their needs.
- Training public safety officials to prepare for encounters with ADSs
- Coordination among states to review human operator behavior
- Liability and insurance: States should consider how to allocate liability when a car crash occurs, determine who must carry motor vehicle insurance and consider tort liability and other laws.
The guidance includes a repository of relevant references to this and other NHTSA ADS resources.
<p>Vision for Safety observes the <a href="http://www.sae.org/automotive/">SAE International</a> (SAE) definitions for levels of automation to define ADS SAE is a global professional association of over 128,000 aerospace, automotive, and commercial-vehicle engineers and technical experts, and is recognized as the world's largest developer of standards for the automotive and aerospace industries. The SAE definitions for automation divides vehicles into six levels ranging from no automation to full automation based on “who” does what:</p>
<li>0: <em>No Automation</em> - the vehicle depends on the driver for all driving tasks</li>
<li>1: <em>Driver assistance</em> - driver is primarily operating the vehicle, apart from some vehicle-design features (e.g. steering or acceleration/deceleration) </li>
<li>2: Partial automation - vehicle can assist with automated functions, like acceleration and steering, but the driver is predominantly in control and must be aware of the environment</li>
<p>The guidance applies to the following levels:</p>
<li>3: <em>Conditional Automation</em>: driver does not need to monitor the environment, but should be available to take over as needed</li>
<li>4: <em>High Automation: </em>the vehicle can function under certain conditions; the driver may be able to take over</li>
<li>5: <em>Full Automation</em>: the vehicle is fully capable functioning independently in all circumstance; it may be possible for the driver to take control</li>
<p>NHSTA supports entities developing ADSs for use on public roadways. “Entities,” as it is used in the Guidance, can range from traditional vehicle manufacturers, to equipment designers and suppliers at multiple stages, such as “manufacturing, designing, supplying, testing, selling, operating, or deploying ADSs.” Entities are also those that provide vehicles with automated capabilities or equipment for testing, commercial sale and/or public roadways, transit companies, automated fleet operators, taxi companies and other individuals or organizations, companies or agencies that use ADS technology as part of their services.</p>
<p>Entities do not include interstate motor carrier operations and commercial motor vehicle (CMV) drivers, as they are exclusively regulated by the <a href="http://www.fmcsa.dot.gov/">Federal Motor Carrier Safety Administration (FMCSA)</a>. Despite the presence of automated driving technologies, at present, the FMCSA regulations require that a trained commercial driver be behind the wheel.</p>
<p>To effectively address safety concerns, <a href="http://www.trb.org/Main/Home.aspx">The Transportation Research Board (TRB),</a> universities, and NHTSA carried out the research that informed the 12 chosen safety design elements listed in the Voluntary Guidance section.</p>
<p>NHTSA also collaborates with the following federal agencies to help facilitate the safe deployment of ADS technology:</p>
<li>The <a href="http://www.transportation.gov/policy">Office of the Under Secretary for Policy (OST-P)</a>: Secretary’s main advisor regarding policies for the DOT, including proposals for regulations regarding modes of transportation.</li>
<li>The<a href="http://www.transportation.gov/research-technology"> Office of the Assistant Secretary for Research and Technology (OST-R)</a>: Primary office that manages the <a href="http://www.its.dot.gov/">DOT’s research</a> and disseminating advanced technologies with the transportation system. See</li>
<li>The <a href="http://www.fmcsa.dot.gov/">Federal Motor Carrier Safety Administration (FMCSA)</a>: Primary federal Government agency in charge of operational safety oversight for motor carriers operating CMVs. The FMCSA collaborates with industry, safety advocates and state and local governments to address CMV safety.</li>
<li>The <a href="http://www.fhwa.dot.gov/">Federal Highway Administration (FHWA)</a>: Provides financial and technical aid to state and local governments in its design construction and maintenance of highway systems.</li>
<p>The <a href="http://www.transit.dot.gov/">Federal Transit Administration (FTA)</a>: Gives financial and technical support to local public transit systems. The FTA also oversees safety and supports technology research.</p>
ADSs use different mechanisms to interpret and map their environments. They require sensors to collect visual and location data. Visual sensors can include light imaging detection and ranging (LIDAR), radio detection and ranging (RADAR), or cameras, or a combination of all three. Each technology has its own advantages and disadvantages, so multi-sensor systems are often used so the strengths of one sensor offsets the weakness of another. LIDAR can produce a 3D map 100 meters around a vehicle, but they produce large amounts of data and do not perform well in rain or snow. RADAR is effective at detecting object distance and motion. It does not have the detail of LIDAR, but it is effective in a variety of weather conditions. Cameras can see in color, and therefore are potentially the best at object recognition, but they require the most data of the three types of sensors.
Computer vision entails collecting the visual sensor data, processing it using a computer, and interpreting it in a way that is useful to the vehicle, such as ignoring background scenery or recognizing a road hazard before applying the brakes.
For location data, ADSs use powerful on-board computers to produce local maps using sensor data. Local maps give the location of the vehicle relative to the objects in the environment. Global Positioning Sensor (GPS) equipment can provide a vehicle’s absolute location, but local maps are required when GPS data are not available, such as inside a parking garage
Vehicles may susceptible to hacking, which is when someone tries to infiltrate vehicle systems to extract driver data or manipulate the vehicle’s functioning capabilities. Hackers may be able to access these systems through wireless communications operations or third- party devices. NHTSA suggests that vehicles use a multi-layered solution. The multi-layered system should include risk-based prioritized identification, protection of critical vehicle systems and users’ personal data, fast responses and recovery to possible cyberattacks and constant supervision for possible unauthorized access.
Michael Clamann, PhD, CHFP, SciPol Lead Editor Robotics and Artificial Intelligence, Senior Research Scientist, Duke Robotics
Endorsements & Opposition
Many companies have endorsed the new guidance and commended its support of innovation, standards of safety, and delineation of federal and state responsibilities.
The Alliance of Automobile Manufacturers applauded the guidance for its ability to balance safety, progress, and federal and state responsibilities. On behalf of the AAM, the Vice President of Communications and Public Affairs Gloria Bergquist stated: “This federal guidance is helpful in advancing road safety and safe testing, while also providing more clarity on the role of states,” and that “The guidance provides the right balance, allowing emerging innovations to thrive while government still keeps a watchful eye over new developments.”
The Self-Driving Coalition for Safer Streets, which was formed by Ford, Lyft, Uber, Volvo Cars and Waymo, also expressed its approval. David Strickland, the General Counsel and Spokesperson stated, "We look forward to continued collaboration with NHTSA and other federal and state policymakers to further develop the national framework for safe and timely deployment that avoids a patchwork of requirements that could inhibit self-driving vehicle development and operations."
Doug Davis, the senior vice president of Intel’s Automated Driving Group endorsed the new guidance: “To get ready for our autonomous future, we need to prepare our roads, cities, towns, and, more importantly, tomorrow's passengers. A policy framework that prioritizes safety, innovation and U.S. leadership will play a critical role. To this end, I applaud the leadership of Secretary of Transportation Elaine Chao for her focused work to revise the nation¹s Automated Vehicle Guidelines for the safe testing and deployment of self-driving vehicles.”
Consumer groups have been reluctant to adopt the proposed guidelines and have expressed concern about safety and federal oversight.
David Friedman, who is currently the director of cars and product policy for Consumers Union stated: “This is a clear step backward for consumer safety that sends a troubling message about the Transportation Department’s priorities under the new administration”. He also went on to say, “Self-driving cars have enormous potential to improve mobility and safety on our roads. But innovation must be accompanied by sensible, strong federal oversight” and that the DOT “should be asking more of automakers, not less.
Consumer Watchdog released a statement that without meaningful enforceable safety regulations or oversight, ADS developers have started using public highways as their private laboratories. John M. Simpson, the Privacy and Technology Project Director for Consumer Watchdog, stated, “We are their human guinea pigs and there is no federal regulation to ensure our safety.” Simpson went on to point out that automakers were choosing not to release voluntary reports addressing the 12 safety elements. “The guidance stressed that it was completely voluntary, “So far, only Google's spinoff, Waymo, has published a safety report. You would think others would have published a document just for the PR value, but apparently they can't even be bothered with that.”