chevron-down Created with Sketch Beta.

    Jurimetrics Journal

    Jurimetrics: Summer 2024

    Use of Industry Consensus Standards as a Soft Law Mechanism to Safely Deploy Automated Driving Systems

    Helen A.F. Gould and Jeffrey Gurney

    Jul 01, 2024

    31 min read

    Food, Cosmetics & Nutraceuticals Health Technology Law & Science Life Science Rights & Responsibilities of Scientists

    Summary

    • The automotive industry and the regulatory environment in the United States, with particular focus on automated driving systems (ADS). 
    • How industry consensus standards, a mechanism of soft law, are currently filling the hard law void and addressing aspects of ADS safety. 
    • Industry consensus standards have the advantage of leveraging experience and expertise across organizations, companies, regulators, countries, and borders and being flexible. 
    • The limitations of this approach are evaluated, and the authors conclude by making recommendations about the appropriate use of industry consensus standards for ADS.
    Use of Industry Consensus Standards as a Soft Law Mechanism to Safely Deploy Automated Driving Systems
    SimpleImages via Getty Images

    Jump to:

    Abstract: This Article discusses the evolution of the automotive industry and the regulatory environment in the United States, with particular focus on automated driving systems (ADS). The Article considers whether hard law—formal rulemaking or lawmak­ing—or soft law—informal, nonbinding guidance—should be used to safely deploy ADS. Given the state of the industry, the authors conclude that soft law is better situated for addressing the safe deployment of ADS at this time. The Article explores how indus­try consensus standards, a mechanism of soft law, are currently filling the hard law void and addressing aspects of ADS safety. Industry consensus standards have the advantage of leveraging experience and expertise across organizations, companies, regulators, countries, and borders and being flexible. The limitations of this approach are evaluated, and the authors conclude by making recommendations about the appropriate use of in­dustry consensus standards for ADS.

    Citation: Helen A.F. Gould & Jeffrey K. Gurney, Use of Industry Consensus Standards as a Soft Law Mechanism to Safely Deploy Automated Driving Systems, 64 Jurimetrics J. 425–53 (2024).

    Automotive vehicles have evolved from primarily mechanical machines to highly complex electronic systems run by sophisticated computers in an in­creasingly automated and autonomous fashion. This evolution accelerated rap­idly as a result of the Defense Advanced Research Projects Agency (DARPA) Grand Challenges in 2004, 2005, and 2007 with prizes awarded for American autonomous vehicle innovation. Universities partnered with industry actors to develop automated driving systems (ADS). The term ADS refers to the hardware and software systems that sense, plan, and act to perform the complete driving task.

    ADS also work on a sustained basis to mitigate and avoid crashes. ADS corresponds to the Society of Automotive Engineers (SAE) definitions for Levels 3 to 5 of automation. The main difference between ADS and other ve­hicle hardware and software components is that ADS are effectively replacing human drivers. The mass appeal of ADS is that human driving is an inherently dangerous endeavor. The World Health Organization estimates that 1.19 million people die annually worldwide by road traffic crashes, which equates to approx­imately 1 death every 26.5 seconds. The U.S. National Highway Traffic Safety Administration (NHTSA) estimates that approximately 42,795 people died in roadway crashes in the United States in 2022, a ten percent increase from 2020. According to a study conducted by NHTSA, the critical precrash events for ap­proximately ninety-four percent of crashes studied were attributable to human driver errors or mistakes. In the United States, there were 5,250,837 total po­lice-reported crashes resulting in 38,824 deaths in 2020. Drunk driving and speeding were two leading causes of fatal accidents, causing 11,654 and 11,258 road fatalities respectively during 2020. Distracted drivers were also a signif­icant cause of fatal collisions, with 3,142 fatal crashes attributed to drivers who failed to keep their focus on the roads. An ADS will not suffer from the same issues (such as intoxication, speeding, distraction, inattention, and drowsiness) that currently cause the majority of the crashes involving human drivers. As a result, ADS-equipped vehicles have the potential to greatly reduce the number and the severity of motor vehicle crashes. Preliminary data from Waymo and Swiss Reassurance indicates that Waymo ADS-operated vehicles have reduced the frequency of property damage claims by eighty-eight percent and reduced bodily injury claims by ninety-two percent as compared to the overall driving population.

    One of the key questions industry, regulators, insurers, academics, and the general public are wrestling with is “how safe is safe enough” to permit wide scale deployment of ADS-equipped vehicles. This is especially the case since humans are currently more accepting of vehicle crashes caused by humans than those resulting from the machines’ driving decisions. This Article does not explicitly focus in detail on the “how safe is safe enough” question, which is left to others such as Philip Koopman, Francesca Favaro, and Scott Schnelle.

    Instead, the Article explores the use of industry consensus standards—typ­ically voluntary standards developed by industry consortia groups and nongov­ernmental standards development organizations, such as the International Standards Organization (ISO) and the Institute of Electrical and Electronics En­gineers (IEEE)—as a soft law mechanism to safely deploy ADS. As back­ground, it is important to review what is meant by the terms hard law and soft law to provide context.

    Hard Law. Hard law is formal law or rulemaking done by government actors that is considered mandatory, legally binding, and enforceable. Hard law would include Congressional Acts or regulations that regulate specific con­duct. In the U.S. motor vehicle safety space, the most prominent are the Na­tional Traffic and Motor Vehicle Safety Act of 1966 and the Federal Motor Vehicle Safety Standards (FMVSS). Under this approach, a governmental body prospectively regulates new automotive technology. An ADS example is the European Union’s regulations governing ADS with uniform procedures and technical specifications for the type-approval of the ADS (Regulation 2019/2144 of the European Parliament). In the United States, individual states have various laws relating to ADS, some of which have been to merely remove barriers and to explicitly authorize ADS-operated vehicles (see Flor­ida), while others have been more restrictive (see California).

    Soft Law. Soft laws are standards, guidance, or frameworks made by nongov­ernmental bodies such as IEEE and ISO, or, in the ADS space, by the Auto­mated Vehicle Safety Consortium. Soft laws are also generated by governmental bodies, such as NHTSA’s policies governing ADS or the Na­tional Institute of Standards and Technology (NIST). Soft law consists of “in­struments or arrangements that create substantive expectations that are not directly enforceable, unlike ‘hard law’ requirements such as treaties and stat­utes.” Under this model, governments complement self-regulation by adding compliance and hard law regulations as events occur, industries mature, un­knowns become known, public perception evolves with greater acceptance, and both industry and regulators gain cumulative experience with the technol­ogy.

    In general, there are hard law and soft law approaches to governing emerging technologies and nascent industries, like ADS-equipped vehicles.

    The Article begins with an overview of key factors transforming the auto­motive industry and how they will affect regulation. From there, the Article pro­vides a brief review of the current state of automotive safety regulation in the United States and the position of the U.S. Department of Transportation (USDOT) on current ADS regulation. The Article then addresses hard law and soft law approaches to regulation of ADS and concludes that soft law makes the most sense at this time. The Article then describes how industry consensus standards can be one of the mechanisms used to address ADS safety and de­scribes one such standard, IEEE 2846-2022. The Article also explores limita­tions on using industry consensus standards to address ADS safety. Finally, the Article makes recommendations to three principal groups: regulators, industry, and academia.

    I. Key Trends Affecting the Automotive Industry and Impacts On Regulation

    Part I outlines five key trends that are producing profound changes in the automotive industry and the resulting influence on the regulatory landscape.

    First, automakers are transitioning from primarily using internal combus­tion engines towards hybrid and electric powered vehicles. The vehicles are transitioning from being primarily mechanical in nature to becoming effectively electrical systems running sophisticated computer hardware, integrating com­plex software, and using artificial intelligence (AI) algorithms in an interde­pendent system of systems. Electronics have shifted from being eighteen percent of the total cost of a new car in 2000 to forty percent of a new car in 2020. Vehicles are also starting to become interconnected via in-vehicle wire­less or using smartphones to communicate to other vehicles (V2V), roadway infrastructure (V2I), and vehicle-to-everything (V2X). The interconnected­ness of vehicles creates new opportunities on roadways, but also creates new risks, such as opening pathways for cybersecurity threats or remote comman­deering of vehicles.

    Second, vehicle manufacturers are making advances in automotive safety related technology. Over the past twenty years, vehicle manufacturers have be­gun including advanced driver assistance systems (ADAS), such as automatic emergency braking, lane assist, forward collision warning, and blind spot detec­tion. ADAS has improved motor vehicle safety and is being incorporated in more vehicles as standard equipment. Recognizing the advances being made in vehicle safety, New Car Assessment Programs (NCAP) in the United States and Europe and in other countries, are expanding beyond providing safety star rat­ings for crash protection and rollover resistance to recommending specific ADAS technologies with demonstrated performance testing. Increased under­standing and growing acceptance of ADAS by regulators, insurers, and the pub­lic paves the way for more automated and autonomous vehicles such as ADS-equipped vehicles. Many of the ADAS sensor systems and features of today are effectively subsystems of the ADS-equipped vehicles of tomorrow.

    Third, the automotive ecosystem and supply chain are changing. In the past, the U.S. automotive industry consisted primarily of three major original equipment manufacturers (OEMs) and their Tier 1 suppliers (who supply di­rectly to the OEMs and often have a systems integration role) and supply chain partners, plus imported vehicles primarily from auto OEMs in Europe, Japan, and Korea. Today, the industries that incorporate or contribute to the develop­ment of ADS-equipped vehicles include (1) several traditional automotive com­panies such as GM and Ford via Latitude AI (largely staffed by former Argo AI employees); (2) Mobility as a Service (MaaS) providers such as Uber and Lyft; (3) large technology companies with transportation divisions such as Al­phabet’s Waymo and Amazon’s Zoox; (4) start-up entrants such as Aurora, May Mobility and Pony.ai; and (5) semiconductor companies such as In­tel/Mobileye and Nvidia. Additionally, myriad joint ventures exist between vehicle makers and ADS providers, such as Motional—a joint venture between Aptiv and Hyundai. The ADS ecosystem is now more complex with players having varying degrees of automotive, safety, and regulatory know-how and sophistication.

    Fourth, ride sharing, MaaS, and vehicle sharing models are disrupting the long-standing model of personal vehicle ownership. In a societal shift, young adults are delaying getting their driver’s licenses and many are opting not to buy personal vehicles. With the advent of ADS-operated vehicles, there will be a shift to more fleet vehicle ownership and less personal vehicle ownership. As a result of this shift, fewer vehicles will be sold but the vehicles that are sold will be used with much higher utilization and replaced much more frequently.

    Fifth, the nascent ADS industry is gaining traction. The ADS-equipped ve­hicle industry is slowly and steadily moving beyond the testing stage into rides­haring deployment. Residents and visitors to cities, such as Phoenix and San Francisco, can now download an app and travel in ADS-operated vehicles with­out a human driver. In the locations that were used for ADS testing and early deployment, there have been teething pains as ADS companies, municipalities, and the public learn how to adapt to having ADS-operated vehicles on public roadways, but there also is a sense that the streets are genuinely becoming safer as a result of the ADS-operated vehicles. Automated freight and goods deliv­ery vehicles are being deployed, initially with safety drivers, primarily in the southwestern United States. Because the ADS industry is so new, we don’t know what we don’t (yet) know. In recent years, for the first time, sizable fleets of ADS-operated vehicles are being deployed and sharing the roadways with human drivers, cyclists, pedestrians, motorcycles, and others. Industry, munici­palities, regulators, and road users are all learning how to interact with ADS-operated vehicles and adapting accordingly. Each incident is a learning expe­rience that provides important feedback on what is and is not working. This feedback will inform revisions that need to be made in vehicle hardware and software, testing, and simulations as well as contribute to the development of industry consensus standards and eventually in regulation.

    These five trends have a significant influence on the regulatory landscape for ADS-equipped vehicles. For instance:

    • Regulators now need more extensive expertise in computer hardware, software, and AI systems, wired and wireless communications technol­ogy, cybersecurity, event data recorders and data storage systems for au­tomated driving, and computer simulations to understand what is happening, what can potentially go wrong, and how best to mitigate po­tential risks. In particular, regulators are required to understand how well ADAS and ADS technologies work, what their limitations are, and when these technologies should become part of standard vehicle fit­ment. At the same time, it can be difficult to ascertain what is causing ADAS-equipped vehicles to behave in unintended ways and then to as­sign responsibility and culpability, as there are well-documented reports of unintended vehicle acceleration and phantom braking.
    • Regulators now must work with a much broader range of industry players in addition to the traditional automotive supply chain. New entrants, like tech industry and MaaS companies, have varying levels of knowledge of safety-critical systems and automotive requirements and regulations. While new entrants have had to gain automotive and safety related exper­tise, regulators also have had to forge new relationships with these new companies. Building trust and demonstrating trustworthy behavior takes time.
    • Fleet operators are expected to have an increasingly important role in the era of ADS-operated vehicles, for transporting both goods and people. Fleet ownership and operation may present new regulatory, insurance, and risk management challenges.
    • Regulators are in effect guardians of the public good, especially with re­spect to saving lives and preventing injuries caused by roadway crashes. With the considerable expected safety benefits of ADS-operated vehicles, regulators have greater responsibilities to nurture the fledgling ADS in­dustry, to foster innovation, and to remove regulatory barriers as appro­priate. In the event ADAS and ADS-operated vehicles are proven to be significantly safer than human driven vehicles, regulators will be chal­lenged with facilitating widespread adoption that may or may not reflect public and political sentiment, especially if there is real or perceived mis­trust of the emerging ADS technology or job disruption as a result.

    II. Evolution of U.S. Motor Vehicle Safety Regulation

    As the automotive industry and motor vehicle technology has transformed, the regulatory approach to vehicle safety in the United States has also evolved over time. The first regulatory phase began with the introduction of the mass-produced automobile in the early 1900s and extended until the mid-1960s. During this time, Congress used a laissez-faire approach to motor vehicle safety, with most of the efforts implemented at the state level and focused on the driver. In the mid-1960s, following Ralph Nader’s influential book Unsafe at Any Speed, Congress enacted significant automobile regulation creating the predecessors to the federal agencies we know today.

    The second regulatory phase saw the newly appointed federal agencies at­tempt to impose FMVSS on the automakers. These federal agency imposi­tions resulted in a more adversarial relationship between USDOT and the automakers over the FMVSS and the requirement that certain safety features (such as seatbelts, airbags, and anti-lock brakes) become standard equipment.

    The third phase began in the 1990s and has taken on a new life in the age of automated features in automobiles. Instead of having an adversarial approach, NHTSA, the primary regulator of motor vehicle safety in the United States, be­gan collaborating with automakers to help foster the development of safety-critical features and to develop workable timelines for industry adoption and implementation. Over the past fifteen years, automakers have developed nu­merous safety features that reduce the likelihood and severity of crashes. These have included ADAS functionality, like automatic emergency braking, lane as­sist, forward collision warnings, and blind spot detection. NHTSA’s more col­laborative approach has largely been successful and has influenced federal policy on ADS.

    NHTSA has continued using a soft law approach in its initial governance of ADS. NHTSA began its official statements on ADS by issuing a preliminary policy statement in 2013, which was followed by additional USDOT policy statements on ADS safety and deployment. At the time of this Article’s writ­ing, NHTSA has not yet enacted any safety standards directly addressing “how safe is safe enough” for an ADS to be deployed. Instead, NHTSA has focused on removing regulatory barriers that exist to the deployment of ADSs, collab­orating with ADS manufacturers on the testing and deployment of their systems on roadways, and issuing guidance and policy statements to help shape the de­velopment and deployment of ADS. One significant example of this was the March 2022 NHTSA ruling relaxing the requirement to always have a human driver behind the wheel and to permit vehicles to be developed without steering wheels and pedals.

    III. Approaches for Regulating ADS Safety

    Various approaches to regulating ADS safety exist, which differ in the (1) degree of regulatory oversight; (2) type of relationship between regulators and those being regulated (based on level of trust, industry maturity, openness, and competency, which can influence whether a relationship is adversarial or col­laborative); and (3) real or perceived level of risk or potential for harm. Addi­tionally, regulations vary in the level of supportiveness offered to industry and in the approach to removing potential barriers. Some approaches take a proac­tive and proscriptive stance, while others prioritize watchful waiting and collec­tive learning before intervening. As described in the introductory section of this Article, the initial response to regulating a new automotive technology typically takes a hard law or soft law approach, or at times a hybrid combination of both. In the table below, the authors have outlined key factors that should be consid­ered when deciding whether to use hard law or soft law and have bolded the factors that they believe are most representative of the ADS industry at the time this paper was written in September 2023. The columns indicating factors that tend to favor soft or hard law governance were kept intentionally generic and may be applicable more broadly than to just the ADS industry.

    As described in Table 1, most of the factors for the ADS industry favor soft law over hard law at this time. The remainder of Part III will describe in detail the other challenges to using federal regulation to prospectively regulate the safety of ADS.

    The major challenge with any federal regulation is that “we don’t yet know what we don’t know” about ADS, so any such regulation would likely be prem­ature. As described in Part I, ADS deployment is occurring in the United States in a phased approach and is rolling out slowly and cautiously. As of June 2024, U.S. consumers can use ADS-operated ride sharing vehicles in select cities like Phoenix, San Francisco, Los Angeles, and Las Vegas, with testing underway in several other locations. There are also automated shuttles programmed to travel set routes in various locations throughout the United States and Europe, and testing is underway for commercial vehicles hauling freight, with backup human safety drivers. Private consumer ownership of ADS that completely removes the driver from the loop is not currently being considered. Most tra­ditional automakers are focusing on deploying vehicles with lower levels of ADAS for consumer use and considering commercial fleet deployments of ADS, which would be simpler to control and regulate because of the limited number of vehicle operators.

     

    Table 1. Soft and Hard Law Governance and the State of the ADS Industry

    Category

    Regulatory Characteristics
    Factors that tend to favor Soft Law Governance  Factors that tend to favor Hard Law Governance

    Authors assessment of ADS status in the United States (as of September 2023)

    Industry

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Industry

    Industry not well defined and relatively immature

    Industry stable, well defined, and relatively mature

    The industry is not well defined and is relatively immature, because some companies are in the testing phase, while other companies are deploying their technology commercially in limited geographic regions.

    New players to the industry, varying levels of experience

    Established, highly experienced industry players

    Industry consists of players with varying levels of experience, from traditional automotive OEMs and suppliers to ride sharing companies, new entrants, ADS manufacturers, and new component manufacturers.

    Industry demonstrates the ability and willingness to self-regulate

    Industry
    does not demonstrate the ability and willingness to self-regulate

    Industry is seeking to self-regulate, with the exception that industry desires federal preemption to prevent patchwork of state laws and to have regulatory barriers removed.

    Industry is taking a slow, steady, considered, and measured approach in a responsible fashion

    Industry
    is proceeding with implementation quickly, and misleading the public and regulators, requiring strict enforcement

    Industry, for the most part, is taking a slow, steady, considered, and measured approach in a responsible fashion with extensive vehicle testing and simulation. There is at least one industry player, at times, not following industry best practices, pushing limits, and potentially misleading the public.

    Industry cooperates to develop standards and to share best practices

    Industry does not cooperate to share best practices among competitors

    Industry is developing standards (ISO, IEEE, SAE, etc.) and sharing best practices.

    Industry cooperates to share data

    Industry does not cooperate to share data

    Mixed. Certain players are openly sharing aspects of information publicly and with municipalities and other players are not.

    Uncertainty

    More unknowns than knowns

    More knowns than unknowns

    More unknowns than knowns exist with respect to ADS safety, deployment, and efficacy relative to human drivers.

    Able to tolerate ambiguity and lack of precision

    Not able to tolerate ambiguity and lack of precision

    Industry can tolerate a certain amount of ambiguity while ADS are being tested, but there may be a need for federal preemption of state law if patchwork of laws arises.

    Technology

    Technology changing rapidly, innovation needs to be fostered

    Technology is relatively stable, technical specifications are well understood, regulation of technical performance is feasible

    Technology is changing rapidly in the vehicles through frequent upgrades and updates to hardware and software, as well as real-time ADS learning by driving and by simulation.

    Technology relatively immature

    Technology relatively mature

    The ADS technology is still evolving, and companies are still refining their ADS systems and the hardware and software components.

    High need for flexibility

    Low need for flexibility

    The ADS industry has a high need for flexibility to accommodate both ADS and human-driven vehicles, shared roadway infrastructure, and unforeseen or unanticipated scenarios.

     

    Federal safety regulations will also suffer from a pacing problem. ADS de­velopment and deployment is occurring at a relatively fast pace. The systems themselves are changing every day as new data is collected, new situations are encountered, software is updated, and hardware is tweaked. The ADS software systems are machine learning systems and are constantly improving and evolv­ing. In contrast to the rapid speed of technological advancement, regulation and Congressional action takes time. The Administrative Procedures Act re­quires administrative agencies to follow a set process to develop and issue reg­ulations, which can take years and can be difficult to modify to keep pace with fast-changing technology. Once a regulation has been promulgated, the pro­cess of changing the existing regulation is lengthy and time-consuming. There is a real risk of regulations becoming outdated as technology changes through­out the regulatory process. Even if a regulation does not become outdated during the promulgation process, there is a significant risk that it would become out­dated as the industry further matures, and the ADS are updated and enhanced.

    For these reasons, we do not recommend at this time that federal regulators prospectively regulate the safety of ADS through exclusively hard law mecha­nisms (such as an Act of Congress or promulgation of regulations). However, this observation does not mean that hard law and government do not have a role in shaping the safety of ADS. One benefit of using industry standards and other soft law mechanisms such as frameworks and best practices to address ADS safety is that there are still opportunities for NHTSA, safety advocates, and the judicial system to influence the safety of ADS through recalls, litigation, or pu­nitive fines/damages. NHTSA has the power to recall a component of a motor vehicle if the component does not comply with the FMVSS or, more relevant, if there are defects related to motor vehicle safety (regardless of whether the part complies with the FMVSS). NHTSA has stated that it intends to use the notice and recall mechanism to regulate ADS and is routinely investigating crashes involving ADS-equipped vehicles. Litigation or punitive fines/dam­ages can also serve to rectify problems either through judgments or courts find­ing that a certain component is defective because of a design or manufacturing defect.

    Although recalls, punitive fines/damages, and lawsuits are retrospective regulations that require “harm” to have occurred, they act as deterrents because they can be financially and reputationally costly. The recall power, in and of itself, can enable NHTSA to have leverage to police compliance with safety standards and to ensure that components are relatively safe through cooperation and information requests.

    IV. Use of Industry Consensus Standards as Soft Law Mechanisms to Address Ads Safety

    ADS safety is a complex, multifaceted problem to solve for industry and regulators and for acceptance of this new technology by the public. Determining “how safe is safe enough” is not a simple task, and no one company, regulator, or organization has all the answers or expertise. The ADS environment and eco­system are rapidly changing and the evaluation of how safe is safe enough is also changing based on real-time information and experience. Representatives from Waymo created the following wheel to help assess “how safe is safe enough” and to explain the challenges being addressed.

     

    Figure 1. Schnelle & Favaro’s ADS Safety Standards Organization Wheel. Diagram modified for use in this publication with permission from Francesca F. Favaro.

    Figure 1. Schnelle & Favaro’s ADS Safety Standards Organization Wheel.

    Figure 1. Schnelle & Favaro’s ADS Safety Standards Organization Wheel.

     

    Because assessing and ensuring ADS safety is complex, industry consensus standards can address and improve ADS safety by focusing on specific safety considerations in a technology agnostic manner. For over a decade, several in­ternational standards organizations, such as IEEE, ISO, and SAE, have been systematically addressing the various challenges of ADS safety as shown in Fig­ure 2.

    Figure 2. Automated Vehicle Safety Assurance Standards. Diagram adapted from an IEEE P2846 overview presentation made by Jack Weast in January 2022. A summary of each of these acronyms, industry consensus standards and best practices are included in the Appendix.

    Figure 2. Automated Vehicle Safety Assurance Standards.

    Figure 2. Automated Vehicle Safety Assurance Standards.

     

    Industry consensus standards and their processes engage key global stake­holders, including automotive OEMs and Tier 1s, technology companies, MaaS providers, semiconductor and supply chain providers, regulators, and university researchers. This collaborative process allows for the sharing of ideas, lessons learned, and best practices among these expert groups in a constructive way and ensures the standards are technically viable and relevant. The standards devel­opment process assesses (1) what should be done, (2) what can be done, and (3) how best to do it. When standards are adopted, they require consensus among the varying stakeholders and generally result in a uniform, tech neutral, objec­tive standard with the potential to greatly accelerate tech adoption and shared industry learning, while reducing the potential for harm.

    Having industry players involved in developing industry consensus stand­ards provides two salient benefits. First, industry consensus standards can be more readily implemented as there is “buy-in” from industry. Second, industry consensus standards do not suffer from a pacing problem like federal regulation, because they are being set by industry (which can evolve the standard in real-time to the technology and amend existing standards faster than governments can amend regulations) and by having the ability to move faster than regulations.

    The benefits of using industry consensus standards can be seen in the suc­cess of IEEE 2846-2022, the IEEE standard for Assumptions in Safety-Related Models for Automated Driving Systems, which was approved in March 2022. The standard was developed in a relatively short period of time, less than two years, with broad geographic and multi-stakeholder representation from the traditional automotive supply chain including MaaS providers and fleet opera­tors; academic and government researchers; test and validation providers; large and small tech companies; semiconductor/ADS suppliers; and adjacent indus­tries using robotics and vehicles for agriculture, mining, and construction appli­cations. The global geographic representation helped guarantee that the industry consensus standard would be informed by collective real-world expe­rience in diverse driving conditions and with differing driving styles, cultures, and regulations, as well as ensuring that the standard is applicable globally.

    There was open sharing of expertise, information, and best-known methods, such as Intel/Mobileye’s “Responsibility Sensitive Safety” (RSS) model, Nvidia’s “Safety Force Field,” and Aptiv/Motional’s “Rulebooks” approach. This provided a constructive starting point and facilitated developing a transpar­ent, explainable, noncompetitive, nonproprietary, tech agnostic solution and set of defensible assumptions that could be validated, verified, and adopted by in­dustry. The IEEE 2846 work group surveyed related industry standards (see Fig­ure 2) to delineate the scope for IEEE 2846. The resulting IEEE 2846-2022 complements existing standards and provides a safety assurance framework for acceptable risk, with guidance for evaluating the performance of an ADS, and providing a “minimum set of assumptions about reasonably foreseeable behav­iors of other road users” in the development of safety-related models.

    Members of the IEEE 2846 work group have been “[e]ngaging with policy makers and regulators around the world [to discuss] how IEEE 2846 can help in the creation of regulatory framework’s [sic] for Automated Vehicles.” The National Institute of Standards and Technology (NIST) participated in the stand­ards development process of IEEE 2846 and NHTSA provided information and monitored progress. The standard was shared and reviewed in public fo­rums in early 2022 to solicit additional feedback, concerns, and insights.

    In summary, use of industry consensus standards for ADS has multiple ben­efits. The standard-setting process leverages technical expertise and experience of multiple companies and organizations with specialized knowledge in auto­motive, transportation, computing, software, simulation, artificial intelligence, and so forth. In a nascent industry like ADS, where there is potential harm in deploying ADS-operated vehicles, collective learning and sharing of best prac­tices can help mitigate risks. Collective learning can also foster relationships among industry participants, academia, regulators, and others, which can create sounding boards and result in improved outcomes. These companies and organ­izations effectively augment the regulators’ expertise regarding what can and should be done in a technically feasible manner to make ADS safer, more relia­ble, and trustworthy.

    Industry consensus standards can also be efficient and flexible tools to keep pace with the fast-moving ADS industry and can be updated more rapidly than traditional regulations. Standards can provide industry guidelines and frame­works, enable innovation, facilitate public/private partnerships, and increase trust between regulators and those being regulated. This, in turn, fosters public trust and confidence in ADS safety and reliability when companies adhere to the established standards and guidelines. Industry consensus standards can be referenced in regulations as an acceptable solution or means of compliance. Transportation is a global industry and industry-wide ADS consensus standards can promote global harmonization of regulations, and better enable transport of people and goods across borders. Finally, industry consensus standards, when done right, can be more readily and efficiently adopted and implemented.

    V. Potential Limitations of Using Industry Consensus Standards

    The use of industry consensus standards for ADS safety assurance does have certain limitations. Standards compliance is typically voluntary, and an in­dustry player is not legally obligated to follow all or portions of a standard un­less a regulatory body such as NHTSA mandates compliance. This can create significant potential for harm in an industry, like ADS, where errors can result in serious bodily harm or property damage. To the extent the public relies on industry consensus safety standards, the voluntary nature of these standards can create gaps in ADS safety. This risk can be somewhat mitigated when industry consensus standards are used in lawsuits to show negligence or failure to comply with industry best practices.

    Industry consensus standards can, at times, be ambiguously drafted, which leaves its implementation up to the interpretation of industry players. For ex­ample, although specifically not a safety standard, SAE J3016’s taxonomy def­inition on the levels of automation have been misinterpreted, and there is confusion in both industry and the public about the realistic expectation of the ADAS and ADS. Some industry players describe their systems as a level X “plus” or “full self-driving” while the industry taxonomy does not include any such terms.

    Even when these stakeholders claim to comply with an industry-consensus standard, there may be “standards washing” (akin to greenwashing) whereby companies may allege that they are complying with the spirit and intent of the standard, or selectively using concepts from standards, without a hard commit­ment to follow the standard in its entirety. This can lead to misunderstandings with regulators and the public when an industry player partially adopts a stand­ard or selectively complies with portions of a standard without full disclosure.

    In certain situations, the voluntary nature of industry consensus standards could also be an advantage if portions of an industry standard become outdated, irrelevant, or otherwise inadvisable. Unlike a federal law or regulation that be­comes outdated yet must still be complied with, industry could disregard—by making a safety case—an industry standard for ADS safety. This could be done in conjunction with amending the standard or creating a new standard. This is helpful because of the rapidly changing nature of ADS technology and the real-world learning taking place as ADS-equipped vehicles are deployed.

    A concern with relying upon industry safety standards to address ADS safety is that there are several ADS related industry standards from different standards bodies, as illustrated in Figure 2. The standards described in Figure 2 and detailed in the Appendix are complementary and are generally not compet­ing standards. For example, ISO 5083 and SAE J3131 center on Safety by De­sign Architectures and SAE J3237 deals with Safety Metrics. Consensus based industry standards are usually developed by industry players to address a specific concern or to help advance the entire industry. IEEE 2846 came about because individual companies did not want to make independent interpretations of how safe is safe enough for ADS-equipped vehicles. By pooling best practice approaches, much of the ADS industry was able to come together, debate the merits and shortcomings of potential standards and come up with a viable set of standards that make sense to the industry, regulators, and members of the public. For a nascent industry like ADS, the number of ADS related standards is less concerning. Collective industry and regulatory knowledge continue to evolve over time and the standards can organically adapt as needed. Standards are also being updated with the newer versions superseding the previous standards. For example, ISO/PAS 21448:2019 was withdrawn when ISO 21448:2022 was pub­lished.

    Many companies in the ADS industry are members of multiple standards bodies and actively participate in multiple efforts such as ISO, IEEE, and SAE. This synergy focuses efforts in different areas and reduces the potential for competing standards or for an inordinate influence of one company over the standards development process, in which this company could favor its own tech­nology, corporate interests, or approach. Consensus building standards efforts are time consuming and it is in everyone’s best interests to not duplicate efforts across standards bodies. With the development of IEEE P2846, for example, IEEE had a liaison agreement with ISO and SAE-ITC, which served to coordi­nate efforts.

    One of the concerns of entrusting industry with the power to self-regulate ADS is a real or perceived lack of government oversight, which could result in insufficient protection of public safety or societal interests. This can lead to a lack of legal enforcement mechanisms and an inability to hold companies and organizations accountable with consequences for noncompliance. As described in Part II, the government can enforce compliance through mechanisms such as recalls, litigation, or fines, even in the absence of specific legal enforcement mechanisms for ADS.

    Industry consensus standards are predicated on the logic that the industry will willingly and voluntarily follow the standards and implement the frame­works, guidelines, test procedures, and best-known methods. This assumes the industry players are behaving in a trustworthy manner. A single industry player who is acting in a rogue fashion and not complying with industry consensus standards or who is otherwise taking advantage of soft law can create problems for the entire industry, undermine public and regulator trust and confidence, and delay adoption of the ADS technology, which could result in a higher incidence of injuries and loss of life.

    VI. Concluding Remarks and Recommendations

    To summarize, the automotive industry, especially in relation to ADS, is undergoing a transformative shift in how vehicles operate. This shift creates challenges in regulating ADS, and the use of hard law to regulate safety seems premature at this time. Industry consensus standards and the process to adopt those standards can partially fill the void for ADS safety and may, in many re­spects, provide better standards than a regulatory body. Based on our findings, we have the following recommendations for new initiatives or in support of on­going efforts:

    Recommendations for Federal Regulators

    • Invest in and quickly build ADS-related federal technical expertise, capa­bilities, and competency, to better understand, regulate, and monitor tech­nology and to become a resource to states, municipalities, and the public. For example, the Federal Aviation Administration (FAA) is using the Na­tional Aeronautics and Space Administration (NASA) to provide research and development (R&D) for advanced aerial mobility (AAM). A simi­lar investment in R&D will likely be needed for ADS.
    • Educate the public on what is being done to safely deploy ADS-equipped vehicles.
    • Closely monitor/participate in setting of global ADS industry consensus standards.
    • Review and harmonize existing federal and state regulation and monitor global governance. For example, it will not be desirable to have different states enacting conflicting laws or regulations for requiring, or not requir­ing, a human driver to be behind the wheel of a commercial truck.
    • · Foster innovation and appropriate experimentation in low-risk environ­ments and remove regulatory barriers as needed.
    • Use regulatory tools, mechanisms, and increased oversight (such as in­vestigations and threat of and actual recalls) to address industry players who do not proactively or sufficiently prioritize safety.

    Recommendations for Industry

    • Collaborate in forums such as the AVSC, an industry program of the SAE Industry Technologies Consortia (SAE ITC), to establish ADS-related safety principles and best practices that can inform and lead to standards development.
    • Actively engage in creating industry consensus standards, sharing in­sights, experience, concerns, and key learnings.
    • Comply with and support industry consensus standards or identify spe­cific reasons or rationale for why an industry player does not follow all or portions of industry consensus standards.
    • Share, inform, and educate the public on how the industry player is ad­dressing ADS safety (including its involvement or proactive engagement in the industry consensus standard setting process).
    • Openly share data with municipalities and regulators—and potentially the media—to show how well its ADS testing and deployments are perform­ing and how well its compliance follows industry consensus standards and best practices.
    • Potentially exert peer pressure on industry players who are not proactively prioritizing safety or who are engaging in unethical behavior or deceptive advertising—because a bad actor can greatly inhibit adoption of a lifesav­ing technology or result in over regulation and overly negative public per­ceptions.

    Recommendations for Academia

    • Study the industry and real-world data on the safety of ADS and the im­plications for human-machine interactions, job disruption, and retraining of the labor force.
    • Actively participate in the industry consensus standard creation process to exchange knowledge and real-time learnings between industry and ac­ademic experts and to influence industry, standards, and best practices.
    • Serve as a watchdog for industry players who do not fully comply with appropriate industry consensus standards.

    Miscellaneous Recommendations

    • Courts: Consider the industry consensus standards in cases to determine the reasonableness of actions taken.
    • Insurance: Consider the industry consensus standards and an insured’s compliance or lack thereof in determining risk and liability in this nascent industry.

    Appendix. Brief Summary of Existing Industry Consensus Standards as of September 2023

    Terminology Standards

    SAE J3016 is the Society of Automotive Engineers International’s (SAE Inter­national) terminology standards document jointly prepared by the SAE On-road Automated Driving Committee (ORAD) and the ISO TC204 Working Group 14 and last updated in April 2021. Although not a safety standard, SAE J3016 is widely used to explain the levels of driving automation ranging from Level 0 with no driving automation to Level 5 with full driving automation and to clarify the role of the human driver and the ADS at each automation level.

    Taxonomy and Definitions for Terms Related to On-Road Motor Vehicle Automated Driving Systems: J3016 (SAE Int’l, June 2018), https://www.sae.org/standards/content/j3016_201806/.

    Systematic Process Standards

    ISO 26262 is the International Standards Organization (ISO) functional safety standard for development of electrical and electronic systems in road vehicles and was originally released in 2011 and updated in 2018. ISO 26262 provides industry guidelines and requirements for the development and production of au­tomotive systems to ensure their safety and reliability and to minimize risk. The standard encompasses the entire lifecycle of the vehicle from concept develop­ment to decommissioning. ISO 26262 uses a risk-based approach to safety with emphasis on hazard analysis, risk assessments, and determining safety goals for each system. Automotive Safety Integrity Levels (ASILs) are used to quantify the required safety measures based on the severity of potential hazards and con­sider the likelihood of an incident, the severity of an incident, and level of con­trollability. Guidance is provided on safety related hardware and software and the processes to be used such as requirements engineering, and verification and validation. Additionally, the standard emphasizes the need for having an effec­tive safety management system with clear responsibilities, documentation, pro­cess, and measures to ensure accountability with the organization.

    Int’l Org. for Standardization, ISO 26262-1:2018, Road Vehicles—Functional Safety (2018).

    ISO 21448 is the International Standards Organization (ISO) standard for Safety of the Intended Functionality (SOTIF) for Road Vehicles. The standard provides guidelines for addressing potential hazards and risks associated with the perfor­mance and limitations of ADAS and ADS-operated vehicles. The standard fo­cuses on addressing risks that could arise from the system behaving and functioning as expected and yet still possibly resulting in accidents or harm. ISO 21448 provides a framework for managing risk and enhancing safety of ADAS- or ADS-equipped vehicles by using systematic approaches for hazard analysis considering both foreseeable and unforeseeable events, risk assessment and mit­igation, scenario analysis including the use of simulation, and system validation, verification and use of best practices such as fail-safe mechanisms, redundan­cies, and appropriate human-machine interfaces. Originally published in 2019, the standard was last updated in June 2022.

    Int’l Org. for Standardization, ISO 21448:2022, Road Vehicles—Safety of The Intended Functionality (2022), https://www.iso.org/ standard/77490.html.

    Safety By Design Architectures

    ISO 5083 is the International Standards Organization (ISO) standard being drafted for addressing “Safety for Automated Driving Systems.” This standard is expected to provide guidance for developing and validating a vehicle equipped with an ADS. The standard focuses on safety by design architecture, as well as verification and validation, and intends to have a positive risk balance and avoidance of unreasonable risk. Over 120 experts from 14 countries are registered at ISO TC22/SC32/WG13 and are actively involved in developing this standard.

    Int’l Org. for Standardization, Updated Presentation on ISO TC22-SC32-WG13 and ISO TS 5083 at the U.N. Econ. Comm’n for Eur. WP.29 GRVA 11th Session (Sept. 28, 2021), https://unece.org/transport/documents/2021/09/ informal-documents/iso-iso-ts-5083-road-vehicles-safety-automated.

    SAE J3131 is the Society of Automotive Engineers International (SAE Interna­tional) recommended practice providing a reference functional architecture for a typical on-road ADS, primarily dealing with SAE Level 4 and Level 5 ADS.

    Definitions for Terms Related to Automated Driving System Reference Architecture: J3131 (SAE Int’l, Mar. 2022), https://www.sae.org /standards/content/j3131_202203/.

    Safety Assurance Frameworks

    IEEE P2846 is the Institute of Electrical and Electronics Engineers (IEEE) standard for Assumptions in Safety-Related Models for Automated Driving Systems and was approved in March 2022. IEEE P2846 builds upon the Re­sponsibility-Sensitive Safety (RSS) model originally developed by Mobileye and Intel for ADS-operated vehicles and published in 2017. RSS effectively translated the rules of the road that humans can agree upon into mathematical formulations that follow the laws of physics. IEEE P2846 expands on the RSS concepts by incorporating assumptions of “reasonably foreseeable” (defined as technically possible with a credible or measurable rate of occurrence) behaviors and considers other road users such as pedestrians, cyclists, and both manned and unmanned vehicles. The IEEE P2846 Working Group also considered the “Safety Force Field” approach from Nvidia and the “Rulebooks” approach from Aptiv/Motional. The intent of using these industry best practices is to help the ADS-operated vehicle navigate through the real world more intelligently and safely without unnecessarily constraining its behavior on the road.

    Intel. Transp. Sys. Comm., Ieee Vehicular Tech. Soc’y, Ieee Std 2846™‐2022, Ieee Standard For Assumptions In Safety-Related Models For Automated Driving Systems (2022).

    IEEE VT/ITS/AV Decision Making Working Grp., Example Applications of IEEE Std 2846-2022 to Formal Safety-Related Models (2023).

    Jack Weast, Overview of IEEE 2846, IEEE 7–8 (Jan. 18, 2022), https://sagroups. ieee.org/2846/wp-content/uploads/sites/124/2022/01/Overview-of-P2846_20220 117.pdf.

    Scenario Definitions

    PEGASUS is the Project for the Establishment of Generally Accepted quality criteria, tools, and methods as well as Scenarios and Situations for release of highly automated driving functions. The PEGASUS Project is an effort of the German Federal Ministry for Economic Affairs and Energy to define scenarios for automated driving. PEGASUS uses a 6 Layer scheme that considers Road Level, Traffic Infrastructure, Temporary Changes, Objects, Environment, and Digital Information.

    Udo Steininger, TÜV Süd Grp., How Safe is Safe Enough? PEGASUS Delivers the Standards for Highly Automated Driving, Presentation at 1st NDS Public Conference (June 13, 2019), https://nds-association.org/wp-content/uploads/ 2019/06/NDS-Conference-2019__PEGASUS-TUEV-SUED.pdf.

    ISO WG 9 is the International Standards Organization (ISO) Work Group (WG), which has been formed to address Test Scenarios for ADS. The work group has developed the following set of standards:

    • ISO 34501:2022 Road Vehicles—Test Scenarios for Automated Driving Systems—Vocabulary
    • ISO 34502:2022 Road Vehicles—Test Scenarios for Automated Driving Systems—Scenario Based Safety Evaluation Framework
    • ISO 34503:2023 Road Vehicles—Test Scenarios for Automated Driving Systems—Specification for Operational Design Domain
    • ISO 34504:2023 Road Vehicles—Test Scenarios for Automated Driving Systems—Scenario Categorization
    • ISO 34505 Draft Road Vehicles—Test Scenarios for Automated Driving Systems—Scenario Evaluation and Test Case Generation

    Int’l Org. for Standardization, TC22/SC33/WG9 Test Scenarios of Automated Driving Systems: General Status Report, Made to U.N. Econ. Comm’n for Eur. at the GRVA 16th Session (May 2023), https://unece.org/sites/default/files/20 23-05/GRVA-16-24e_1.pdf.

    Safety Metrics

    SAE J3237 (WIP) is the Society of Automotive Engineers International (SAE International) Recommended Practice currently under development providing Driving Assessment (DA) Metrics for Automated Driving Systems. This rec­ommended practice provides a set of safety related DA metrics for the industry to use to quantify the driving performance of ADS-operated vehicles. These safety metrics can be used, for example, to facilitate verification and validation (V&V) activities and test methodology documentation.

    Driving Assessment (DA) Metrics for Automated Driving Systems (ADS) J3237, SAE Int’l (Mar. 13, 2024), https://www.sae.org/standards/content/j3237/.

    IAM is Arizona’s Institute for Automated Mobility and has developed a safety assessment methodology using real-time metrics to measure safety efficiently and effectively for both human driven vehicles and ADS-operated vehicles. Since Arizona has been an early test bed for evaluating automated vehicles and was one of the first to offer robotaxis services, there is much information that can be harvested and shared.

    Work in Motion, Inst. for Automated Mobility, https://www.azcommerce. com/iam/work-in-motion#blocklink-1 (last visited Mar. 28, 2024) (click on “Safety Assessment Methodology”).

    Test Methodologies

    UN VMAD is the United Nations Working Party that addresses Validation Methods for Automated Driving. The group is working on New Assess­ment/Test Methods for Automated Driving—Guidelines for Validating Auto­mated Driving Systems and is assessing Track and Real-World testing as well as Simulation and Virtual Testing.

    Validation Method for Automated Driving (VMAD), U.N. Econ. Comm’n for Eur., https://wiki.unece.org/pages/viewpage.action?pageId=60361611.

    The University of Michigan ABC Test is a development of the University of Michigan’s MCity researchers. The Mcity ABC Test provides an independent safety assessment for highly automated vehicles using a closed test track to demonstrate vehicle “roadmanship” before ADS-equipped vehicles are de­ployed on public roadways.

    Huei Peng & Roger L. McCarthy, Mcity ABC Test: A Concept to Assess the Safety Performance of Highly Automated Vehicles (2019), https:// mcity.umich.edu/wp-content/uploads/2019/01/mcity-whitepaper-ABC-test.pdf.

    Safety Assessment Reports

    ANSI/UL 4600 is the American National Standards Institute and Underwriters Laboratories Standards and Engagement standard for highly automated vehicle safety, applying to vehicles in which human drivers can take their eyes off the road. This standard requires a claim-based safety case that includes a structured set of claims, arguments, and evidence supporting the assertion that a vehicle operating with ADS is acceptably safe for deployment. The focus of this stand­ard is to provide assessment criteria to determine the acceptability of a safety case and covers public road ADS safety for both urban and highway use cases. The second edition of the standard was released in March 2022.

    Underwriters Laboratories, ANSI/UL 4600 Standard for the Evaluation of Autonomous Products (Dec. 13, 2019) (voting draft version).

    DOT VSSA is the U.S. Department of Transportation Voluntary Safety Self-Assessment, which companies use to describe their safety programs to NHTSA and the public. NHTSA maintains a VSSA Disclosure Index at https://www.nhtsa.gov/automated-driving-systems/voluntary-safety-self-assessment.

    Nat’l Highway Traffic Safety Admin., U.S. Dep’t of Transp., DOT HS 812 442, Automated Driving Systems 2.0: A Vision for Safety (2017), https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/13069a-ads2.0_090617_ v9a_tag.pdf.

    Cybersecurity

    ISO/SAE 21434 specifies the engineering requirements for Automotive Cyber­security risk management in road vehicles and was published in August 2021.

    Int’l Org. for Standardization, ISO/SAE 21434:2021, Road Vehicles—Cybersecurity Engineering https://www.iso.org/standard/70918.html.

      Author