Federal regulators have announced their first safety checklist ever for semiautonomous and driverless cars. In the guidelines, the United States Department of Transportation urged automakers and tech companies to prove that their semi-autonomous and autonomous vehicles could meet a 15-point list of safety expectations before the autos hit the road.
The 15 points:
DATA SHARING These giant computers on wheels collect piles of driving data. Carmakers should store that data and share it with regulators who can use the information to reconstruct what went wrong in a crash or system breakdown.
PRIVACY Car owners should have a clear understanding of what kind of data is being collected by the vehicles. They should also be able to reject any collection of personal information such as on biometrics or driver behavior.
SYSTEM SAFETY The cars must be engineered to respond safely to software malfunctions, near crashes, loss of traction and other risks. Carmakers should get outside validation of their safety systems and prove their cars can operate safely even when technology problems are encountered.
DIGITAL SECURITY The vehicles should be engineered with safeguards to prevent online attacks. Automakers should record all programming decisions and testing around security and share that information with others in the industry.
HUMAN-MACHINE INTERFACE Carmakers must show how their vehicles can safely switch between autopilot and human control. Human drivers should be able to easily find basic information about issues such as when automated driving is not available. Automakers should also consider ways to communicate to pedestrians and other cars when the car is in autopilot mode. Fully autonomous vehicle controls should be designed for people with disabilities.
CRASHWORTHINESS Driverless cars must meet the National Highway Traffic Safety Administration’s regular standards for “crashworthiness,” or prove that the vehicles are built to best protect occupants in a crash. If an autonomous vehicle crashes, the crash damage should not be any different from the damage to any other car of the same type.
CONSUMER EDUCATION Automakers must train their sales representatives and other staff members on how autopilot works so they can educate car dealers and distributors. The carmakers and sellers should also provide consumers with training on the capabilities and limitations of autonomous vehicles and on emergency fallback scenarios.
CERTIFICATION Any software updates or new driverless features must be submitted to the N.H.T.S.A.
POST-CRASH BEHAVIOR Automakers should prove their cars are safe to use again after a crash. For example, a car should not be able to go into driverless mode unless damaged sensors or critical safety control systems have been repaired.
LAWS AND PRACTICES The vehicles should follow various state and local laws and practices that apply to drivers. For example, the cars must be able to recognize different speed limits in different cities and states, and whether a state allows U-turns or right turns at red lights. To avoid a crash, the cars should be able to respond in a way that may violate a law — such as crossing over a double yellow line.
ETHICAL CONSIDERATIONS Many human driving decisions carry ethical considerations, so the way a car is programmed also carries ethical consequences. For example, should a car be programmed to better protect its occupants or other drivers in a crash? Or in heavy traffic, should a car be able to violate the traffic rule of crossing double lines at the risk of running into oncoming traffic? These programming decisions should be clearly disclosed to the N.H.T.S.A.
OPERATIONAL DESIGN This is similar to a manual that describes where, when and under what conditions a driverless system works. The carmakers have to prove their vehicles have been tested and validated to fulfill these descriptions, which include how fast a car can travel and whether it’s capable of driving at night and on rocky dirt roads.
DETECTION AND RESPONSE How will a car respond to other cars, pedestrians, animals and falling trees? The automaker must show the car has been programmed to respond to normal driving situations like changing lanes and heeding traffic signals. They must also prove that their cars can avoid big surprises and crashes.
FALLBACK The car should be able to change modes safely when there is a technological malfunction. But the switch from automated driving to human control should also take into account the condition of the driver and recognize if the driver is under the influence of alcohol or drowsy and unable to take control safely.
VALIDATION Automakers need to develop testing and validation methods that account for the wide range of technologies used in driverless cars. Their tests should include simulation, test track and on-road testing.