It is widely agreed that the automotive industry needs to shift towards fail-operational functions and control units. For higher levels of automation (levels 4 and 5), a human driver fall-back cannot be assumed, and many functionalities that today would be seen as “fail-silent” (shutting down in case a serious error is detected) – such as adaptive cruise control – will be critical for maintaining driving ability. Moreover, entirely new functionalities for perception, situation assessment, planning and control are required. The key questions to be debated at this world-café is how to come up with cost-efficient architectural designs, including but not limited to the following questions:
- What are suitable requirements for such architectures and how to elicit them?
- What about existing best practices and highly fault-tolerant systems?
- What levels of redundancy and diversity will be required, and how to ensure independence and minimize the risk of common mode failures in redundant/diverse systems?
- How to incorporate learning and reconcile this with safety standards?
- How to utilize platforms for different settings (ODD’s, varying requirements)?