Download: Autonomous Vehicles: A Public Regulatory Policy Guide, published March 2018.
NSPE represents licensed professional engineers who, under state licensure laws and rules, have a responsibility for protecting the health, safety, and welfare of the public, above all other considerations. With the introduction of autonomous vehicles, automation is poised to become a much larger part of our transportation environment. Much of the discussion to date has been on the technology, its capabilities, and the perceived public benefits. However, many questions remain unanswered by industry, which has led to uncertainty within the public regulatory environment. To address this uncertainty, NSPE proposes the outcome-based standards below, based on careful consideration and deliberation, as a starting point for adopting standards that protect public safety. This document provides public policy decision makers, regulators, manufacturers, and others with guidelines to measure the safety readiness of autonomous vehicles under consideration for deployment.
Licensed professional engineers should play a critical role as part of the autonomous vehicle design and manufacturing process because of the breadth and depth of the professional engineers’ understanding of engineering issues as well as their obligation to hold paramount the public health, safety and welfare.
Public Safety First
Accidents will still occur even with autonomous vehicles on the road. Regardless of who is at fault, the overall goal should be to continuously decrease the total number and severity of accidents.
Autonomous vehicles for all levels of autonomy, as defined by the SAE International taxonomy for levels of autonomy, should be assessed for risk in the following categories pertaining to dynamic-driving tasks:
- Autonomous vehicles vs. the environment;
- Autonomous vehicles vs. pedestrians;
- Autonomous vehicles vs. non-autonomous traffic; and
- Autonomous vehicles vs. autonomous vehicles.
NSPE makes the following 12 safety recommendations for autonomous vehicles:
Recommendation 1: Risk Assessment
Autonomous vehicle manufacturers should adopt a risk assessment and/or hazard severity model.
What is an acceptable amount of risk? NSPE recommends that risk assessment be defined in a manner similar to the risk assessment table from the American Society of Civil Engineers’ Automated People Mover Standards, ASCE 21-13:
Hazard severity definitions:
I. Catastrophic: Death, system loss, or severe environmental damage.
II. Critical: Severe injury, severe occupational illness, or major system/environmental damage.
III. Marginal: Minor injury, minor occupational illness, or minor system/environmental damage.
IV. Negligible: Less than minor injury, occupational illness, or less than minor system/environmental loss.
A description of what is acceptable, unacceptable, or undesirable by the authority of jurisdiction should be explained, as in this example:
Unacceptable: Events in these categories must not happen. All safeguards to prevent these events must be proven, verified, and tamper-proof.
Undesirable: Events in these categories will be investigated by the authority possessing jurisdiction. Decisions as to when to go back into operation should belong to this authority.
Notification: It is up to the authority possessing jurisdiction to accept this risk.
Acceptable: Acceptable to the public. Authority of jurisdiction and litigation processes may still want to investigate. Cooperation from manufacturers is expected.
In order for both industry and the public to properly assess risk, manufacturers should be required to report all incidents involving autonomous vehicles. An industry standard for risk assessment needs to be established.
Recommendation 2: Ethics Compliance
Disclosure Autonomous vehicle manufacturers’ safety concerns cannot, nor should, be limited solely to the vehicle’s occupants. A human driver will assess the immediate environs while driving to determine the best possible outcome for a specific given operating action. Similarly, the risk assessment process should also evaluate those situations that can be reasonably expected.
Recommendation 3: Self-Sufficiency
Autonomous vehicles should be able to operate safely and correctly without the support of additional public infrastructure and investment, such as dedicated AV lanes and vehicle-to-infrastructure investments. Additionally, owners of public infrastructure should not be held liable for any perceived deficiencies in public assets and infrastructure that autonomous vehicles may rely upon for wayfinding.
Recommendation 4: Accountability
Autonomous vehicle manufacturers should be required to maintain an expanded “black box” (event data recorder) of data inputs for post-incident evaluation. The additional requirements should include the following:
There should be a reference to a time standard so that all the events recorded refer to a known point-in-time. This is useful when dealing with multiple vehicles or some other outside influence. This time standard is available through broadcast radio signals and cell-phone signals.
The service brake data event should also include braking intensity from 0 to 100%, not just ON/ OFF.
There should be a series of recordings from the outside object detection sensors, both forward and lateral looking. These would capture the sensing of objects in the vehicle’s path and the resultant reaction. This is invaluable information for accident reconstruction.
Outside conditions should also be recorded. These might include temperature, weather conditions (rain, snow, ice,), posted speed limits, and relative traffic intensity (light, medium, heavy).
Any received driving condition alerts that may have been broadcast via the GPS or traffic control signals. Examples include reduced speed warning, accident ahead, construction zone, and lane closure.
Recommendation 5: Third-Party Verification
Autonomous vehicle manufacturers should be required to demonstrate capability for safe driving before further expansion and rollout. The third-party verification should be performed by a licensed professional engineer or others who are appropriately qualified to perform such evaluations. Such demonstrations should test a variety of probable case scenarios as might be reasonably expected as shown in the risk assessment table discussed herein.
Recommendation 6: Redundancy
Autonomous vehicle manufacturers should provide back-up operating systems. Redundancy can ensure that critical operating systems will function while maintaining passenger and occupant safety.
Recommendation 7: Map Standardization
Autonomous vehicle manufacturers should work toward a standardized mapping system that ensures the correct location of the vehicle. A standardized mapping system can potentially ensure necessary and timely changes to the system’s maps.
Recommendation 8: Security
Autonomous vehicle manufacturers should demonstrate, before widespread deployment, a certain level of security to prevent jamming and hacking.
Recommendation 9: Training/Operational Licensing
Autonomous vehicle manufacturers should provide training and operational support beyond the regular driver’s license for levels of autonomy 1, 2 and 3. Drivers should be provided training to introduce and educate them about the limitations of various self-guiding features. For levels 4 and 5, manufacturers shall provide a means for occupants or passengers to get to a position of safety if necessary.
Recommendation 10: Maintain Manual Controls
Manual driver controls should be maintained for autonomous vehicles for all levels of autonomy. Scenarios in which a vehicle experiences a failure that requires the driver to move the vehicle can be reasonably expected. Eliminating the ability of vehicle occupants to move the vehicle to a position of safety is counterintuitive to safety principles.
Recommendation 11: Safety Features
The current level of automotive safety devices/features should be maintained. Some in industry believe that autonomous vehicles will have significantly less risk and thus weight reduction could be achieved by eliminating some current safety features. Others have hypothesized that while the overall number of accidents may decrease, the severity of the accidents may actually increase. Vehicle safety devices and features should remain until sufficient historical data is compiled on the accident history and safety record of autonomous vehicles and can justify otherwise.
Recommendation 12: Vehicle to Vehicle Connectivity
As part of autonomous vehicle operation and to enhance safety, vehicle to vehicle connectivity should be included as part of autonomous vehicle operation.