AV Safety: ISO 26262 + SotIF + ML in Practice
12 chapters An end-to-end handbook for autonomous-vehicle safety that integrates ISO 26262, ISO 21448 (SotIF), ISO/PAS 8800 and UL 4600. ODD, fail-operational architectures, scenario-based V&V, ML safety, and a joint safety case applied to AEB, lane keeping and SAE L3/L4 highway pilot.
How You Learn
Video and text stay in sync. As you scroll through the chapter, the video jumps to the matching explanation automatically.
Learning Objectives
Route Hazards to the Right Standard
Apply the handoff rule to assign every hazardous event to ISO 26262, ISO 21448 or ISO/PAS 8800 without leaving structural gaps in the safety argument.
Specify ODD and MRC for an L3/L4 Function
Build an ODD using BSI PAS 1883 or ISO 34503 attributes, design runtime monitors that detect violations, and define MRC reachable within FTTI.
Run an Integrated HARA + SotIF + TARA
Conduct hazard analysis on the same functional architecture across safety, SotIF and cybersecurity with a single three-axis matrix per hazardous event.
Engineer ML Safety per ISO/PAS 8800
Treat ML weights as versioned artifacts, design the six-step data lifecycle, and add runtime OoD detectors plus cross-modal monitors as functional modifications.
Chapters
The AV/ML Safety Gap
Why ISO 26262 alone cannot cover autonomous and AI-driven systems.
AV Levels, ODD & MRC
SAE J3016 levels, ODD attribute recipes and Minimal Risk Condition as the DDT-fallback target.
SotIF (ISO 21448) in Practice
The 4-area model, triggering-condition catalogs and the cause-effect chain.
Insufficiency vs Random Fault
The handoff rule that routes hazards between ISO 26262, ISO 21448 and ISO/PAS 8800.
ML Component Safety (ISO/PAS 8800)
ML weights as versioned artifacts, ten AI properties and the six-step data lifecycle.
Perception Pipeline Safety
Sensor-set design, fusion architectures and eight runtime perception monitors.
Fail-Operational Architecture
Fail-passive, fail-silent and fail-operational patterns from single-path to 3-path fall-over.
Scenario-Based V&V
Logical vs concrete scenarios, OpenSCENARIO 2.0 and eight V&V methods.
Safety Case (UL 4600)
Goal-based safety case with GSN notation and a four-sub-claim decomposition.
Cybersecurity (ISO 21434)
TARA, Cybersecurity Assurance Level, and a three-axis hazard matrix with HARA and SotIF.
Process Integration
Integrated V-model, a 12-item safety plan and release gates G0-G7.
Real-World Pitfalls
Public-incident anti-patterns: disabled safety nets, handover blind-spots, dataset/ODD mismatch.
Interactive Diagrams & Worked Examples
Three-Standard Landscape Map
Reference cards for ISO 26262, ISO 21448, ISO/PAS 8800 and UL 4600 with scope, trigger criteria, and the decision rule that routes a hazard to the right standard.
SotIF 4-Area Model & Cause-Effect Chain
The 2x2 known/unknown by safe/unsafe matrix with each area's goal, plus the TC -> functional insufficiency -> output insufficiency -> hazardous behaviour flow.
AV Levels, ODD & MRC Diagram
SAE J3016 L0-L5 with DDT, monitoring and fallback responsibility, the six ODD attribute categories, and runtime monitors that trigger MRC entry.
Fusion Architectures & Runtime Monitors
Low/mid/high-level fusion topology cards with ASIL reachability, plus eight runtime monitors (freshness, cross-modal, temporal, calibration, occlusion, weather, ODD attribute, free-space).
3-Path Fail-Operational Architecture
Nominal, redundant and limp-home paths with independent compute, sensor and power domains, CCF matrix, watchdog cross-checks, and FTTI/EOTTI timing analysis for MRC reachability.
OpenSCENARIO 2.0 Cut-In Scenario
Annotated DSL fragment for a parameterized cut-in (rel_speed, TTC, gap_rear), V&V method comparison across SiL, HiL, track and shadow mode with realism-vs-scalability trade-offs.
L3 Highway Pilot AEB Across All Four Standards
An SAE L3 highway pilot AEB carried from ODD specification through fail-operational architecture, scenario V&V and the joint UL 4600 safety case.
- ODD specification with HD-map geofence
- 3-path fail-operational sensor and compute architecture
- Scenario V&V across SiL, closed course and field trials
- Quantitative acceptance criteria with MRC reachability
- UL 4600 safety case mapped to all four standards
AEB Acceptance Criteria
Ready to Build Safety Cases for Autonomous Vehicles?
Walk through 12 chapters integrating ISO 26262, ISO 21448, ISO/PAS 8800 and UL 4600 with an L3 highway pilot AEB example.
Start Learning Now