The autonomous vehicle is meant to drive by itself without any driver intervention. The Autonomous Driving (AD) function is based on the Electric/Electronic architecture of the vehicle constituted of sensors, actuators, ECUs (Electronic Control Units) and communication networks. The focus of this study is on the different states of the AD function, implemented in different ECUs. Traditionally the system design process distinguishes between the systems engineering process and the safety process. In this application, the first process specifies the functional requirements for the AD function while, in the second one, three redundant sub-functions are considered to ensure a continuous service under failure. Each of the two processes might have its own constraints and planning. So, the safety requirements might come often too late to be taken into account in the systems engineering process without major impacts on the design of the vehicle. More than other functions, with respect to its complexity, the AD function imposes to consider the safety requirements at the beginning of the systems engineering process. To achieve this, a state model of the AD function has been built. It allows integrating functional and redundancy aspects, formalizing the approach and formally verifying requirements of interest. The built model will ensure the consistency between the two design processes, functional and safety.