As automakers and their suppliers alike have been working through the issues confronting autonomous vehicles, they have been doing so with a giant blind spot: just how the federal government, which regulates almost every aspect of automotive design, was going to approach the question of standards for autonomous cars. Fortunately, we have now seen some first steps toward that approach—and the Department of Transportation (with President Obama’s enthusiastic backing) appears to be fully on board with autonomous vehicle development.
In its September 2016 Policy Guidance, DOT noted that over 35,000 people died on U.S. roads in 2015, and that 94% of crashes can be tied to human error. The report states that vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) technologies, in combination with automation systems, could reduce both the number and severity of crashes. Further, it could help populations that currently struggle with mobility—whether due to age, disability, expense or inconvenience of vehicle ownership, or otherwise—be able to retain their independence.
DOT’s policy guidance includes guidance for manufacturers themselves, as well as for states considering how to regulate autonomous vehicle technologies. Guidance to manufacturers covers the following fifteen items:
- Data Recording and Sharing: Manufacturers should have a written process for how their vehicles will record event, incident, and crash data, as well as for how that data can be collected and validated. The Policy Guidance suggests that such data should be retrieved for use by the manufacturer (or NHTSA) to investigate the cause of any accident where there is an injury or fatality, or whenever one of the vehicles involved is badly damaged enough that it can no longer drive away under its own power.
- Consumer Privacy: The Policy Guidance states that manufacturers should maintain privacy policies and practices that, among other things, ensure transparency and security to consumers regarding manufacturer use of their data.
- System Safety: While it should come as no surprise that safety of autonomous systems is a major concern, the Policy Guidance emphasizes a few aspects of the challenge facing manufacturers. In addition to existing vehicle safety standards and the need to ensure that autonomous systems can be safely integrated with the overall vehicle design, the Policy Guidance points out that any design and validation process should focus on software development and validation, and include considerations such as the impact of failures in the various components of the autonomous system, including sensors, software, actuators, or communication systems, as well as how the software will deal with events such as leaving the roadway or collisions.
- Vehicle Cybersecurity: The Policy Guidance states that a documented cybersecurity process should be implemented, with design choices, changes, and other updates rigorously documented. While less specific about exact steps that automakers can take, the Policy Guidance notes that the National Institute for Standards and Technology (or NIST), NHTSA, SAE International, and other agencies and organizations have released and continue to update guidance for vehicle cybersecurity.
- Human Machine Interface: DOT notes that this is particular an issue for intermediate-level autonomous driving systems, in which vehicles can operate autonomously, but can request that the driver take back control. For autonomous systems in general, the Policy Guidance states that autonomous driving systems must be able to communicate to the operator that the system is (1) functioning properly, (2) engaged, (3) unavailable to be engaged, (4) experiencing a malfunction, and (5) requesting that the driver take control. For more advanced autonomous systems—such as for completely unoccupied vehicles—a remote dispatcher or other authority should be able to monitor the vehicle at all times.
- Crashworthiness: The Policy Guidance notes that autonomous vehicles should meet existing crashworthiness standards—but also that non-occupied vehicles should be designed to a standard of due care for other road users, including standards for energy absorption and shape that are compatible with other vehicles on the road.
- Consumer Education and Training: DOT’s guidance here is that manufacturers should develop and document education and training systems for their consumers and their dealers, including regarding how autonomous systems are intended to be used, their operational parameters, capabilities and limitations, their controls, emergency situations, and user responsibilities.
- Registration and Certification: The Policy Guidance states that autonomous vehicle system manufacturers should submit to existing NHTSA regulations requiring submission of identifying information and a description of safety-sensitive equipment. Additionally, the guidance states that manufacturers should provide a way to communicate the capabilities of their autonomous systems to the user, such as by semi-permanent labeling, or by displays that the driver can see. That information may include the parameters in which the system should be engaged, or the system’s capabilities.
- Post-Crash Behavior: The guidance suggests that manufacturers should have a documented process for assessing, testing, and validating autonomous vehicle systems after a crash, to ensure that the vehicle can safely return to autonomous mode after systems have potentially been damages.
- Federal, State, and Local Laws: DOT also states that manufacturers should have documented plans for compliance with federal, state, and local laws. However, the guidance also states that DOT expects that autonomous vehicle software will have the capability to “temporarily violate certain State motor vehicle driving laws” in safety-sensitive situations—the same way that a human driver might briefly cross a double-yellow line to safely navigate around a broken-down car on the shoulder.
- Ethical Considerations: Autonomous vehicle systems will be forced to make a variety of decisions that could have an ethical dimension—for example, it is not hard to think of a scenario where the vehicle might have to make a choice between two alternatives, one of which presents more risk of injury to the vehicle’s own occupants, and another that presents more risk of harm to the occupants of another vehicle (or to a pedestrian). Again, there is little concrete guidance on this point, except that decision rules should be made “transparently using input from Federal and State regulators,” as well as from road users.
- Operational Design Domain: The Policy Guidance suggests that manufacturers define and document the operational design domain—meaning the conditions in which each system is designed to function—for each of its autonomous systems, including: roadway types, geographic areas, speed range, and environmental conditions. These conditions should be communicated to operators in “summary form and in plain language” in the owner’s manual.
- Object and Event Detection and Response: Manufacturers should have a documented assessment, testing, and validation process for detecting and responding to obstacles, which include other vehicles, cyclists, pedestrians, animals, and other objects that pose a safety issue. Other potential issues that autonomous systems should be able to recognize and deal with include work zones, police or others temporarily directing traffic, or emergency vehicles.
- Fall Backs: The Policy Guidance states that manufacturers should document how their systems will transition to a minimal risk condition when a malfunction or other problem (such as a change in driving conditions) is confronted. What a minimal risk condition looks like, and how a vehicle gets there, may change based on circumstance—it may involve automatically stopping the vehicle on the shoulder, or alerting the driver to resume control.
- Validation Methods: Here, again, DOT stresses the need for testing and validation of autonomous vehicle systems, to ensure that the systems work safely both in normal operating conditions, during crash avoidance maneuvers, or while performing fall back functions. DOT suggests that independent third-party testing may be appropriate, and manufacturers are encouraged to work with NHTSA, SAE, and NIST to develop testing approaches for these systems.
The Policy Guidance, while not a regulation, provides DOT’s interpretation and guidance under existing regulations and laws, and should be closely monitored by manufacturers, or by other businesses playing a role in the development of autonomous vehicles. These policy statements are not set in stone—interested parties can submit public comments, and DOT will update the Policy Guidance based on these comments, and on lessons that continue to be learned about this new area of technology.
In our next post, we will look at some of the DOT’s suggestions to states on how to approach autonomous vehicle regulation.