iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO 21448:2022

(Main)

Road vehicles — Safety of the intended functionality

Road vehicles — Safety of the intended functionality

This document provides a general argument framework and guidance on measures to ensure the safety of the intended functionality (SOTIF), which is the absence of unreasonable risk due to a hazard caused by functional insufficiencies, i.e.: a) the insufficiencies of specification of the intended functionality at the vehicle level; or b) the insufficiencies of specification or performance insufficiencies in the implementation of electric and/or electronic (E/E) elements in the system. This document provides guidance on the applicable design, verification and validation measures, as well as activities during the operation phase, that are needed to achieve and maintain the SOTIF. This document is applicable to intended functionalities where proper situational awareness is essential to safety and where such situational awareness is derived from complex sensors and processing algorithms, especially functionalities of emergency intervention systems and systems having levels of driving automation from 1 to 5[2]. This document is applicable to intended functionalities that include one or more E/E systems installed in series production road vehicles, excluding mopeds. Reasonably foreseeable misuse is in the scope of this document. In addition, operation or assistance of a vehicle by a remote user or communication with a back office that can affect vehicle decision making is in scope of this document when it can lead to safety hazards. This document does not apply to: — faults covered by the ISO 26262 series; — cybersecurity threats; — hazards directly caused by the system technology (e.g. eye damage from the beam of a lidar); — hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, release of energy and similar hazards, unless directly caused by the intended functionality of E/E systems; and — deliberate actions that clearly violate the system’s intended use, (which are considered feature abuse). This document is not intended for functions of existing systems for which well-established and well-trusted design, verification and validation (V&V) measures exist (e.g. dynamic stability control systems, airbags).

Véhicules routiers — Sécurité de la fonction attendue

General Information

Status
Published
Publication Date
29-Jun-2022
ICS
43.040.10 - Electrical and electronic equipment
Technical Committee
ISO/TC 22/SC 32 - Electrical and electronic components and general system aspects
Drafting Committee
ISO/TC 22/SC 32/WG 8 - Functional safety
Current Stage
6060 - International Standard published
Start Date
30-Jun-2022
Due Date
21-Feb-2022
Completion Date
30-Jun-2022
Ref Project

Relations

Revises
ISO/PAS 21448:2019 - Road vehicles — Safety of the intended functionality
Effective Date
23-Apr-2020
ISO 21448:2022 - Road vehicles — Safety of the intended functionality Released:30. 06. 2022ISO 21448:2022 - Road vehicles — Safety of the intended functionality Released:30. 06. 2022
PreviousNext
Standard
ISO 21448:2022 - Road vehicles — Safety of the intended functionality Released:30. 06. 2022
English language
181 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO
STANDARD 21448
First edition
2022-06
Road vehicles — Safety of the intended
functionality
Véhicules routiers — Sécurité de la fonction attendue
Reference number
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Overview and organization of SOTIF activities .11
4.1 General . 11
4.2 SOTIF principles . 11
4.2.1 SOTIF-related hazardous event model . 11
4.2.2 The four scenario areas .12
4.2.3 Sense-Plan-Act model .15
4.3 Use of this document . 16
4.3.1 Flow chart and structure of this document . 16
4.3.2 Normative clauses . 19
4.3.3 Interpretation of tables . 19
4.4 Management of SOTIF activities and supporting processes . 19
4.4.1 Quality management, systems engineering and functional safety . 19
4.4.2 Distributed SOTIF development activities . 20
4.4.3 SOTIF-related element out of context . 20
5 Specification and design .21
5.1 Objectives . 21
5.2 Specification of the functionality and considerations for the design . 21
5.3 System design and architecture considerations . 22
5.4 Performance insufficiencies and countermeasures considerations .23
5.5 Work products . 25
6 Identification and evaluation of hazards .25
6.1 Objectives . 25
6.2 General . 26
6.3 Hazard identification . 26
6.4 Risk evaluation .29
6.5 Specification of acceptance criteria for the residual risk .30
6.6 Work products . 31
7 Identification and evaluation of potential functional insufficiencies and potential
triggering conditions .31
7.1 Objectives . 31
7.2 General . 31
7.3 Analysis of potential functional insufficiencies and triggering conditions . 32
7.3.1 General . 32
7.3.2 Potential functional insufficiencies and triggering conditions related to
planning algorithms .35
7.3.3 Potential functional insufficiencies and triggering conditions related to
sensors and actuators . 35
7.3.4 Analysis of reasonably foreseeable direct or indirect misuse.36
7.4 Estimation of the acceptability of the system's response to the triggering
conditions . 37
7.5 Work products .38
8 Functional modifications addressing SOTIF-related risks .38
8.1 Objectives .38
8.2 General .38
8.3 Measures to improve the SOTIF .38
8.3.1 Introduction .38
iii
8.3.2 System modification.39
8.3.3 Functional restrictions .40
8.3.4 Handing over authority . 41
8.3.5 Addressing reasonably foreseeable misuse . 41
8.3.6 Considerations to support the implementation of SOTIF measures . 42
8.4 Updating the input information for “Specification and design” . 42
8.5 Work products . 42
9 Definition of the verification and validation strategy .42
9.1 Objectives . 42
9.2 General . 42
9.3 Specification of integration and testing . 43
9.4 Work products . 45
10 Evaluation of known scenarios .46
10.1 Objectives .46
10.2 General .46
10.3 Sensing verification .46
10.4 Planning algorithm verification . 47
10.5 Actuation verification .48
10.6 Integrated system verification .48
10.7 Evaluation of the residual risk due to known hazardous scenarios .49
10.8 Work products . 50
11 Evaluation of unknown scenarios .50
11.1 Objectives . 50
11.2 General .50
11.3 Evaluation of residual risk due to unknown hazardous scenarios .50
11.4 Work products . 52
11.4.1 Validation results for unknown hazardous scenarios fulfilling objective 11.1 . 52
11.4.2 Evaluation of the residual risk fulfilling objective 11.1 .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 11452-1:2025(Main)
Road vehicles — Component test methods for electrical disturbances from narrowband radiated electromagnetic energy — Part 1: General principles and terminology

This document specifies general conditions, defines terms, gives practical guidelines, and establishes the basic principles of the component tests used in the other parts of the ISO 11452 series for determining the immunity of electronic components of passenger cars and commercial vehicles to electrical disturbances from narrowband radiated electromagnetic energy, regardless of the vehicle propulsion system (e.g. spark-ignition engine, diesel engine, electric motor). The electromagnetic disturbances considered are limited to continuous narrowband electromagnetic fields. A wide frequency range (d.c. and 15 Hz to 18 GHz) is allowed for the immunity testing of the components in the ISO 11452 series.

  • Standard
    47 pages
    English language
    sale 15% off
ISO
ISO/TR 17716:2025(Main)
Road vehicles — Electrical disturbances from narrowband radiated electromagnetic energy — Radiated immunity for V2X

This document describes the introduction of radiated immunity testing for the components and vehicles equipped with V2X communications. The link communication connection and V2X scenario simulation are considered to make the V2X functions and their communications operate normally during the immunity testing. Examples of monitoring are also discussed to show the electromagnetic interference reactions of the device with V2X under test. In addition, test hints are described to provide information on radiated immunity for V2X. Technical specifications are not within the scope of this document.

  • Technical report
    47 pages
    English language
    sale 15% off
ISO
ISO 11451-2:2025(Main)
Road vehicles — Vehicle test methods for electrical disturbances from narrowband radiated electromagnetic energy — Part 2: Off-vehicle radiation sources

This document specifies a method for testing the immunity of passenger cars and commercial vehicles to electrical disturbances from off-vehicle radiation sources, regardless of the vehicle propulsion system (e.g. spark ignition engine, diesel engine, electric motor). The electromagnetic disturbances considered are limited to continuous narrowband electromagnetic fields. While this document refers specifically to passenger cars and commercial vehicles, generalized as “vehicle(s)”, it can readily be applied to other types of vehicles. ISO 11451-1 specifies general test conditions, definitions, practical use, and basic principles of the test procedure. Function performance status classification guidelines for immunity to electromagnetic radiation from an off-vehicle radiation source are given in Annex A.

  • Standard
    42 pages
    English language
    sale 15% off
  • Standard
    42 pages
    English language
    sale 15% off
ISO
ISO 11451-1:2025(Main)
Road vehicles — Vehicle test methods for electrical disturbances from narrowband radiated electromagnetic energy — Part 1: General principles and terminology

This document specifies general conditions, defines terms, gives practical guidelines and establishes the basic principles of the vehicle tests used in the ISO 11451 series, for determining the immunity of passenger cars and commercial vehicles to electrical disturbances from narrowband radiated electromagnetic energy, regardless of the vehicle propulsion system (e.g. spark-ignition engine, diesel engine, electric motor). The electromagnetic disturbances considered are limited to continuous narrowband electromagnetic fields. A wide frequency range (0,01 MHz to 18 000 MHz) is allowed for the immunity testing in the ISO 11451 series.

  • Standard
    39 pages
    English language
    sale 15% off
ISO
ISO 10924-3:2025(Main)
Road vehicles — Circuit breakers — Part 3: Miniature circuit breakers with tabs (Blade type), Form CB11

This document specifies miniature circuit breakers with tabs (blade-type), Form CB11 for use in road vehicles. It establishes, for this circuit breaker form, the rated current, test procedures, performance requirements and dimensions. This document is intended to be used in conjunction with ISO 10924-1 and ISO 10924-2. The numbering of its clauses corresponds to that of ISO 10924-1, whose requirements are applicable, except where modified by requirements particular to this document. This document is applicable to circuit breakers with a rated voltage of 14 V and/or 28 V, a current rating of ≤30 A and a breaking capacity of 2 000 A intended for use in road vehicles with a nominal voltage of 12 V and/or 24 V. The circuit breakers are different in dimensions and functions, such as electric reset, automatic reset, manual reset and switchable. NOTE This type of circuit breaker is intended to be used in similar applications as miniature fuse-links according to ISO 8820-3. While the tab dimensions and current ratings can be the same, there can be differences in performance which the user of these products is advised to consider.

  • Standard
    11 pages
    English language
    sale 15% off
ISO
ISO 10924-2:2025(Main)
Road vehicles — Circuit breakers — Part 2: Guidance for users

This document provides guidance for the choice and application of automotive circuit breakers. It describes the various parameters that are taken into account when selecting circuit breakers.

  • Standard
    26 pages
    English language
    sale 15% off
ISO
ISO 10924-4:2025(Main)
Road vehicles — Circuit breakers — Part 4: Medium circuit breakers with tabs (Blade type), Form CB15

This document specifies medium circuit breakers with tabs (blade type), Form CB15, for use in road vehicles. It establishes, for this circuit breaker form, the rated current, test procedures, performance requirements and dimensions. This document is intended to be used in conjunction with ISO 10924-1 and ISO 10924-2. The numbering of its clauses corresponds to that of ISO 10924-1, whose requirements are applicable, except where modified by requirements particular to this document. This document is applicable to circuit breakers with a rated voltage of 14 V (DC) or 28 V (DC) or 58 V (DC), a current rating of no greater than 40 A and a breaking capacity of 2 000 A, intended for use in road vehicles with a nominal voltage of 12 V (DC) or 24 V (DC) or 48 V (DC). The circuit breakers are different in dimensions and functions, such as electric reset, automatic reset, manual reset and switchable. NOTE This type of circuit breaker is intended to be used in applications such as medium fuse-links in accordance with ISO 8820-3. While the tab dimensions and current ratings can be the same, there can be differences in performance which the user of these products is advised to consider.

  • Standard
    13 pages
    English language
    sale 15% off
ISO
ISO 10924-5:2025(Main)
Road vehicles — Circuit breakers — Part 5: Circuit breakers with bolt with rated voltage of 450 V

This document specifies circuit breakers with a rated voltage of 450 V for use in road vehicles. It establishes, for this circuit breaker type, the rated current, test procedures, performance requirements and dimensions. This document is intended to be used in conjunction with ISO 10924-1 and with ISO 10924-2. The numbering of its clauses corresponds to that of ISO 10924-1 whose requirements are applicable, except where modified by requirements particular to this document. This document is applicable to circuit breakers with a rated voltage of 450 V (DC), a current rating of no greater than 300 A and a breaking capacity of 6 000 A.

  • Standard
    9 pages
    English language
    sale 15% off
ISO
ISO 10924-1:2025(Main)
Road vehicles — Circuit breakers — Part 1: Definitions and general test requirements

This document defines terms and specifies general test requirements for circuit breakers for use in road vehicles with a nominal voltage of 12 V (DC), 24 V (DC), 48 V (DC) and 450 V (DC). This document is intended to be used in conjunction with ISO 10924-2, ISO 10924-3, ISO 10924-4 and ISO 10924-5. The numbering of its clauses corresponds to that of the document whose requirements are applicable, except where modified by requirements particular to this document. This document is not applicable to circuit breaker holders (electrical centres or fuse-holders) used in vehicles.

  • Standard
    19 pages
    English language
    sale 15% off
ISO
ISO/PAS 8800:2024(Main)
Road vehicles — Safety and artificial intelligence

This document applies to safety-related systems that include one or more electrical and/or electronic (E/E) systems that use AI technology and that is installed in series production road vehicles, excluding mopeds. It does not address unique E/E systems in special vehicles, such as E/E systems designed for drivers with disabilities. This document addresses the risk of undesired safety-related behaviour at the vehicle level due to output insufficiencies, systematic errors and random hardware errors of AI elements within the vehicle. This includes interactions with AI elements that are not part of the vehicle itself but that can have a direct or indirect impact on vehicle safety. EXAMPLE 1 Examples of AI elements within the vehicle include the trained AI model and AI system. EXAMPLE 2 Direct impact on safety can be due to object detection by elements external to the vehicle. EXAMPLE 3 Indirect impact on safety can be due to field monitoring by elements external to the vehicle. The development of AI elements that are not part of the vehicle is not within the scope of this document. These elements can conform to domain-specific safety guidance. This document can be used as a reference where such domain-specific guidance does not exist. This document describes safety-related properties of AI systems that can be used to construct a convincing safety assurance claim for the absence of unreasonable risk. This document does not provide specific guidelines for software tools that use AI methods. This document focuses primarily on a subclass of AI methods defined as machine learning (ML). Although it covers the principles of established and well-understood classes of ML, it does not focus on the details of any specific AI methods e.g. deep neural networks.

  • Technical specification
    172 pages
    English language
    sale 15% off