Advances in Road Vehicle Safety of Automated Driving: A Comprehensive Review of Recent ISO Standards

In the rapidly evolving landscape of automated driving, ISO standards stand as pillars of road safety. From ensuring secure communications to delineating test scenarios and ethical considerations, these standards play a vital role in fostering safer transportation networks in an increasingly automated world.

March 6, 2024 – Reading time: 10 minutes

Monitoring and tracking the changes and improvements in road vehicle safety is critical, especially when it comes to automated driving and the continual advancements in Artificial Intelligence (AI). As a technology consulting company, it is INVENSITY’s recommendation to our partners to always stay well-informed of the newly developed standards so that they can align their developments with best safety practices and regulatory requirements.

The International Organization for Standardization (ISO) introduced a set of new standards in 2023 to address the growing challenges in the context of Automated Driving and Intelligent Transport Systems:

  • ISO/TR 5255-2: Intelligent Transport Systems / Low-Speed Automated Driving System (LSADS) Service
  • ISO 21177: Intelligent Transport Systems / ITS Station Security Services for Secure Session Establishment and Authentication Between Trusted Devices
  • ISO 34503: Road Vehicles – Test Scenarios for Automated Driving Systems / Specification for Operational Design Domain
  • ISO 39003: Road Traffic Safety (RTS) / Guidance on Ethical Considerations Relating to Safety for Autonomous Vehicles

This article offers a review of these standards which contribute to the improvement of safety measures for road vehicles.

1. ISO/TR 5255-2: Intelligent Transport Systems / Low-Speed Automated Driving System (LSADS) Service (Published: February 2023):

Low-speed scenarios get more relevant as autonomous vehicles become more integrated into urban environments. In a first effort, the ISO published the ISO/ TS 5255-1 which addresses the requirements of the basic role and functional model of applications for the services of LSADS. It includes infrastructure facilities for supporting mobility in urban and rural areas. As part of the continuation of part 1 of the standard (published in 2022), the ISO/TR 5255-2 is a Technical Report (TR) that analyzes the safety environment for LSADS and focuses on safety operation gap analysis. The TR serves as a baseline document describing which supplemental roles need to be considered to take a safe operation lead beyond the roles described in ISO/TS 5255-1. The information presented in this standard is valuable for formulating future safety requirements in Automated Driving System Services. It is important to note that this document applies specifically to services used in LSADS vehicles and does not apply to the in-vehicle control systems.

In detail, the standard provides information on the safety support functions of LSADS in clause 4 with a focus on Artificial Intelligence (AI) for enhanced safety – including safety operational concepts and LSADS safety environment using Artificial Intelligence (AI). In clause 5, supplemental safety support functions and the role of humans in supporting safety functions within the LSADS are discussed.

Clause 6 describes the connected vehicle environment, addresses concerns related to latency in said environment, and discusses the concept of network slicing for effective communication. Finally, Annex A provides specific use cases detailing scenarios where in-vehicle AI requires supplemental support for the safe operation of LSADS service fleets.

Applicability Example: Imagine a university campus that implements an LSADS, a fleet of automated driving shuttles, to provide convenient and safe transportation for students, faculty, and staff. The fleet uses radio signals or road markings as input to be able to navigate precisely. A potentially hazardous situation can occur in case of an interruption in the signals or a lack of marking. The standard can assist with defining the functional model of the LSADS application and establish communication protocols between the automated shuttles, campus infrastructure, and a centralized control system to ensure coordinated and safe operations.

Example image of an Automated Driving Vehicle in the HafenCity of Hamburg, Germany

2. ISO 21177: Intelligent Transport Systems / ITS Station Security Services for Secure Session Establishment and Authentication Between Trusted Devices: (The status of the standard is “Published (To be revised),” and it will be replaced by ISO/FDIS 21177)

ISO 21177 provides specifications regarding security for Intelligent Transport Systems (ITS) stations. This ensures that information exchanged between trusted entities remains authentic and intact. The document describes the security measures needed for communication between specific devices, namely “ITS Station Communication Units” (ITS-SCU) and “ITS station units” (ITS-SU), as defined in another standard, ISO 21217. It also covers communication between ITS-SUs (comprising one or more ITS-SCUs) and external trusted entities, such as sensor and control networks. These security services include authentication, secure sessions, and play a significant role in various ITS applications. These include time-critical safety applications, automated driving, remote management of ITS stations (addressed in ISO 24102-2), and services related to roadside infrastructure.

The normative part of the standard begins with a comprehensive overview in clause 5, covering various aspects related to the secure session layer. It explores the relationships between Transport Layer Security (TLS) and application specifications and outlines the goals in the architecture and functional entities. Clause 6 provides insight into process flows and sequence diagrams, followed by exploring the security subsystem in clause 7, where the standard provides details on interfaces and data types. It covers access control policy and state, enhanced authentication, extended authentication, Security Management Information Request, data types, the App-Sec Interface, and the security subsystem internal interface. Clause 8 focuses on the adaptor layer and covers general considerations, data types, and the AL Interfaces. Lastly, clause 9 discusses the Secure Session Services and offers a general perspective on interfaces.

Applicability Example: In an Intelligent Transport System (ITS), vehicles communicate with each other and with infrastructure, such as traffic lights and road signs. ISO 21177 ensures the security of these communications. For instance, the standard can help develop cryptographic protocols for secure communication between a connected vehicle and a smart traffic signal to prevent unauthorized entities from manipulating traffic signals or sending false information to vehicles.

3. ISO 34503: Road Vehicles – Test Scenarios for Automated driving Systems / Specification for Operational Design Domain (Published: July 2023):

ISO 34503 describes the rules for organizing information about how Automated Driving Systems (ADS) function under different conditions. It establishes a structured classification system to define the Operational Design Domain (ODD) of an ADS, including the format for describing this domain. The ODD consists of specific conditions including both static and dynamic attributes, within which an ADS is designed to operate. This standard is primarily designed for level 3 and level 4 ADS (according to SAE J3016:2022). For level 5 ADS, the ODD is unrestricted which allows operation anywhere.

Users of this document include organizations involved in developing safety cases for automated vehicles, especially those engaged in trials, testing, and commercial deployment. Manufacturers of level 3/4 ADS can also use this document to specify their system’s operational capabilities and it can support other stakeholders in comprehending potential ADS deployments and capabilities. However, it is important to note that this document does not address the fundamental testing procedures for ODD attributes or the monitoring requirements associated with them. For more information on the requirements for the minimum hierarchical taxonomy for specifying an ODD for level 3 and level 4 ADS, refer to PAS 1883:2020 published under license from The British Standards Institution.

Diving deeper, in clause 5 of ISO 34503, the ODD and its correlation with the Target Operational Domain are defined, followed by clause 6, in which further information on the relationship between ODD and specific scenarios is provided. The focus shifts to ODD requirements and applications in clause 7 which covers aspects such as the abstraction of ODD definitions, monitoring ODD attributes, and the implications for scenario-based testing methodologies.

Clause 8 introduces the ODD taxonomy and provides a general overview, as well as discusses the top-level classification within the taxonomy. Clause 9 of the document outlines various scenery elements relevant to the ODD and in clause 10, the environmental conditions within the ODD are addressed. Clauses 11 and 12 of the standard collectively analyze the dynamic elements within the ODD and provide a detailed examination of traffic agents, the subject vehicle, and the structure and considerations involved in defining the ODD.

Applicability Example: Consider a highway scenario where an automated vehicle is transitioning from autonomous to manual mode due to adverse weather conditions. The weather starts getting worse quickly as dark clouds gather, and rain begins to pour. The vehicle’s sensors detect the decreasing visibility and the slippery road. The AI system receives real-time weather updates and predicts the storm. The interface notifies the driver about the worsening conditions and recommends transitioning to manual mode for enhanced control. ISO 34503 will help with defining specific test scenarios to ensure that the ADS vehicle is evaluated in such a weather condition.

4. ISO 39003: Road Traffic Safety (RTS) / Guidance on Ethical Considerations Relating to Safety for Autonomous Vehicles (Published: July 2023):

The acceptance of automated vehicles among customers depends heavily on ensuring safety and security for passengers, other vehicles, and vulnerable road users. Despite high expectations for technology, humans possess a unique skill – ethical decision-making and judgment – which is often instinctive due to the limited time frame in real traffic situations. To succeed, automated vehicles must be equipped with driving action policies aligned with global ethical beliefs, needs, and desires. It is crucial to establish a framework that involves various stakeholders for integrating global and local ethical considerations into automated vehicle design. This includes the development of ethical standards for automated vehicle behavior to address both engineering aspects and driving policies with positive or potentially negative impacts on road users and public spaces.

ISO 39003 provides guidance on ethical considerations that are important to ensuring the safety of innovative Automated Driving Systems. It describes the framework for addressing ethical challenges related to autonomous vehicles and covers aspects such as decision-making algorithms, emergency scenarios, and the prioritization of safety.

The standard is specifically applicable to vehicles in SAE level 5 mode but does not explore the technical methods for the decision-making process or offers guidance on desired decision results. Instead, it focuses on ethical aspects related to the design of the decision-making process.

Notably, the standard neither sets requirements for the outcomes of ethical decisions nor offers specific methodological guidance. Rather, it describes key aspects of automated vehicle behavior and encourages designers and manufacturers to consider these factors to prevent oversight or neglect. Although the standard does not provide technical precision for prescribing required controls, it presents a set of “protocol guidelines.” Decision makers in automated driving can choose to self-certify against these guidelines to ensure that necessary ethical considerations are addressed during design and are effectively controlled.

After introducing the different parties involved in the design and operations of autonomous vehicles in clause 5, the standard offers an overview of governance aspects pertaining to the ethical considerations of autonomous vehicles and discusses the ethical framework with a focus on driving action policies in clauses 6 and 7. Clauses 8 to 11 present a more detailed breakdown of the framework for rule construction and management. This section covers various types of rules, goal settings, design considerations, sustainability, and the necessity for periodic review and re-evaluation.

The annexes offer supplementary information and in-depth discussions on various aspects, such as ethical philosophy, sustainability issues, and specific ethical dilemmas related to automated vehicle decision-making.

Applicability Example: Imagine a scenario where an autonomous vehicle encounters a potential collision situation, for example traveling on a busy road during rush hour. The vehicle approaches a point where there is limited visibility due to a curve ahead in the road. As it navigates the curve, the vehicle’s sensors detect a disabled car stopped in the middle of the lane with no hazard lights. Simultaneously, the vehicle observes a cyclist in the adjacent bike lane. The vehicle must decide between colliding with the disabled car or attempting to swerve into the bike lane to avoid it. Both options pose risks of collisions; one with a stationary vehicle and the other with a vulnerable road user, the cyclist. Should the vehicle prioritize protecting its occupants or the vulnerable road user? ISO 39003 provides guidance on the ethical considerations involved in the vehicle’s decision-making process.

Author

  • Mehdi Tavakoli

    Consultant

Contact Person

  • Sascha Hackmann

    Head of Automated Driving Safety
    Principal Consultant

How can we accelerate your development?
Let’s start

Resources

Learn more