Page - (000622) - in Autonomes Fahren - Technische, rechtliche und gesellschaftliche Aspekte
Image of the Page - (000622) -
Text of the Page - (000622) -
60127.3
Force Information-Sharing
for an automated vehicle or for the human-machine system to which it may belong [25].
Moreover, the kind of regulation that is appropriate for an established automaker may
differ considerably from the kind that is appropriate for a small startup or an individual
tinkerer [22].
Although state vehicle agencies generally lack NHTSA’s technical resources, they may
have more regulatory flexibility. Federal motor vehicle safety standards (FMVSSs) are
restricted to objective measures and to tests “capable of producing identical results when
test conditions are exactly duplicated” [7], quoted in [35].
In contrast, state agencies may be bound by less demanding requirements of adminis-
trative process, which may afford them the discretion needed to gradually develop consis-
tent practice. This flexibility could enable state regulators to address specific technologies
without entrenching rules that are likely to become anachronistic and irreconcilable with
those of other states.
To this end, “delegating the safety case” would mean requiring the developer of a vehi-
cle automation system to publicly make and defend arguments about how well its system
should perform and how well its system actually performs. In short:
1. A manufacturer documents its actual and planned product design, testing, and
monitoring.
2. The manufacturer publicly presents this documentation in the form of a safety case.
3. The regulatory agency and interested parties comment on this safety case.
4. The manufacturer publicly addresses these comments.
5. The agency determines that the manufacturer has presented a reasonable safety case.
6. The manufacturer certifies that its product adheres to its safety case.
7. The manufacturer sells that product.
This process draws on several existing models, including the type approval (or homologa-
tion) typical in the European Union and the self-certification prescribed by US law. It could
accommodate the kind of process standards used in ISO 26262, the kind of alternatives
discussion characteristic of environmental impact statements, and the kind of public dia-
logue foundational to notice-and-comment rulemaking.
By encouraging companies to disclose information necessary to their safety case, such
an approach could help educate regulators and the broader public about the capabilities and
limitations of these emerging technologies. Although disclosure could justifiably concern
some developers, this process would not require the disclosure of all information, only that
which is necessary to demonstrate a reasonable safety case. What is reasonable will likely
evolve, and this approach could afford companies greater flexibility to make nontradition-
al arguments for the safety of their systems and regulators greater flexibility to adapt to
changing capabilities.
Because flexibility can also mean uncertainty, early collaboration between regulators and
developers may be necessary to avoid all-or-nothing approval decisions at the end of product
development. Regardless, uncertainty is not a new concern: Whatever clarity that the current
Autonomes Fahren
Technische, rechtliche und gesellschaftliche Aspekte
Gefördert durch die Daimler und Benz Stiftung