ISO 26262 vs. SOTIF (ISO/PAS 21448): What's the Difference?

While personal self-driving cars are probably still a few years or decades down the road, the future of the automotive industry is moving quickly towards autonomous vehicles (AV). From advanced driver-assistance systems to robotaxis, cars are getting increasingly better at driving themselves, although they still require some level of supervision. With the huge amount of investment in the space, we can expect to see many more use cases of autonomous vehicles developing over the next few years, making compliance with functional safety regulations like ISO 26262 and SOTIF (ISO PAS 21448) more vital than ever.

With more autonomous driving technology on the road, it becomes increasingly important to ensure the safety of these vehicles. Until now, ISO 26262 has been the automotive industry’s de facto regulation for ensuring that engineering and development teams address functional safety hazards in cars, like software bugs and hardware failures. ISO 26262 focuses on possible hazards caused by malfunctioning electronic and electrical systems in vehicles. 

Over time, it became clear that the detection and mitigation of faults addressed in ISO 26262 were no longer sufficient to cover all the engineering challenges that autonomous vehicles present. That’s why the automotive industry decided to bridge the gap with a new regulation by the name of the Safety of the Intended Functionality (SOTIF) also known as ISO 21448:2021. Read on to learn more about these key regulations and the main differences between them.

What is ISO 26262?

ISO 26262:2018 “Road vehicles – Functional safety” is an internationally recognized risk-based safety standard that regulates the functional safety of automotive electrical and electronic systems, like driver assistance and propulsion for example.

Derived from parent standard IEC 61508, the purpose of ISO 26262 is to address and mitigate possible hazards caused by malfunctioning systems in vehicles. It also serves to:

• Provide guidelines to automakers on how to ensure safety throughout the product life cycle
• Cover functional safety aspects throughout the entire development and production process
• Promote a risk-based approach (ASILs) to evaluating and determining levels or risk as well as how to achieve acceptable residual risk
• Lay down requirements for validation and verification processes that best ensure vehicle safety

In other words, complying with this standard helps automakers detect, manage, and/or mitigate the effects of system and hardware failures.

Originally published in November 2011, the most recent edition (ISO 26262:2018) was published in December 2018. The 2018 edition notably extended the scope of the regulation from passenger cars to all road vehicles, excluding mopeds.

What is Safety Of The Intended Functionality (SOTIF) ISO 21448:2021?

What if car sensors and perception algorithms perform as they were designed to, yet fail to cope in real-world situations?

In some cases, car components get confused by weather conditions, changing light, and unexpected objects and human behavior. These engineering challenges prompted the automotive industry to introduce ISO 21448 “Road Vehicles – Safety of the Intended Functionality” (SOTIF) in 2021. 

The standard defines SOTIF as follows:

– ISO/PAS 21448:2019 Road vehicles — Safety of the intended functionality

SOTIF provides guidance for automotive engineering teams on design, verification, and validation measures. Unlike traditional functional safety, which focuses on mitigating risks that happen because of system failures, SOTIF examines whether required safety functionalities can be ensured in unknown conditions and without a failure occurring. 

This includes aspects such as the performance limitations of car components like sensors and systems, as well as unexpected changes in the road environment. In order to comply with SOTIF, carmakers must run through a huge amount of simulations and use machine learning and AI to process vast amounts of data that help them predict how vehicles will react to complex, real-world scenarios.

The difference between SOTIF and ISO 26262

Interestingly, (SOTIF) ISO 21448:2021 was originally meant to be ISO 26262: Part 14. But since ensuring the safety of autonomous vehicles in unknown situations (without system failure) is incredibly complex, it became an entirely separate standard.

Simply put, ISO 26262 provides guidance to automakers on how to ensure functional safety in case there is a system failure. Some examples of system failures are: loss of steering assist, electronic park brake failure, a fault in collision avoidance, and unintended airbag deployment. These are all malfunctions caused by electrical or electronic systems failure.

SOTIF builds on ISO 26262, acting as a complementary standard. It lays out how to best prevent, control, and/or mitigate safety hazards that can occur without a system failure taking place. SOTIF applies to systems like advanced driver assistance systems, which can face safety hazards without failing themselves.

How SOTIF helps ensure functional safety in autonomous vehicles

Complying with SOTIF is key for ensuring autonomous vehicle safety and is critical in automotive software development. In terms of practical implications for automakers, this means a much bigger emphasis on testing, verification, and validation, as well as increased statistical analysis when it comes to running virtual simulations.

Start Your Free Trial of Codebeamer

Simplify complex product and software engineering at scale. Start your free trial of the Codebeamer open platform that extends ALM functionalities with product line configuration capabilities and provides unique configurations for complex processes.

Get Started