Challenges in applying the ISO 26262 for driver assistance systems

The development of electronic, electric and programmable electronic (E/E/PE) systems is amongst other things subject to the IEC 61508 for the consideration of functional safety. In this, functional safety aims for the correct functioning of a technical system with the goal of avoiding potential safety critical situations caused by HW and SW failures. What generally is not considered in the safety standards is the prevention and restriction of safety critical situations based on the functional insufficiency of the driver assistance systems (DAS). The automobile specific characteristic of the IEC 61508, the ISO 26262, is no exception in this regard. However especially radar-, video-, or ultrasound-based functions can additionally cause potential safety critical situations coming from weaknesses in the estimation, interpretation and prediction steps necessary to realize driver assistance behavior. In this case the consequences are comparable to those of HW and SW failures and may also be safety critical. From our understanding these weaknesses are fundamental and not avoidable – no matter what future developments in sensor technology and computing power we will see. Especially the necessary interpretation of other traffic participants’ actions and the prediction of their future behavior will never be sufficiently complete to avoid misbehavior under all circumstances.