Safety of the Intended Function – SOTIF

The safety of road vehicles during their operation phase is of paramount concern for the road vehicles industry. Recent years have seen a large increase in the number of advanced functionalities included in vehicles. These rely on sensing, processing of complex algorithms and actuation implemented by electrical and/or electronic (E/E) systems.

SGS-TÜV therefore offers its customers SOTIF assistance with a high level of expertise, which results from many years of experience in functional safety and participation in research projects on autonomous driving.

For some systems, which rely on sensing the external or internal environment, there can be potentially hazardous behavior caused by the intended functionality or performance limitation of a system that is free from the faults addressed in the ISO 26262 series. Examples of such limitations include:

  • The inability of the function to correctly comprehend the situation and operate safely; this also includes functions that use machine learning algorithms;
  • Insufficient robustness of the function with respect to sensor input variations or diverse environmental conditions.

The absence of unreasonable risk due to these potentially hazardous behaviours related to such limitations is defined as the safety of the intended functionality (SOTIF). Functional safety (addressed by the ISO 26262 series) and SOTIF are distinct and complementary aspects of safety.

Since January 2021, ISO DIS 21448 has been available as an international guideline that describes a structured recommendation on the subject of SOTIF. Especially with regard to the introduction of autonomous driving in several stages, this ISO DIS is a valuable guide for a responsible procedural and technical implementation of the new challenges. It is currently planned that the valid standard ISO 21448 will be published in the first half of 2022. It is to be expected that there will be no more significant changes to the content of the ISO DIS.