Autonomous Driving Systems in Mobility as a Service: Identifying Operational Safety Responsibilities

Date:

Authors: Marilia Ramos, Camila Correa-Jullian, John McCullough, Jiaqi Ma, and Ali Mosleh.

About

Automated Driving Systems (ADS) can be defined as the hardware and software that are collectively capable of performing Dynamic Driving Tasks (DDT) on a sustained basis. Vehicle automation is categorized under six levels (levels 0 to 5). While Levels 5 and 4 can perform the entire DDT without user intervention, Level 4 (L4) operates under a limited Operational Design Domain (ODD). In addition to personal use, L4 ADS vehicles with no safety driver on board are expected to be deployed for Mobility as a Service (MaaS).

The deployment of L4 ADS vehicles is promising for reducing road accidents. Yet, they present complexities inherent to autonomous and automated systems. On top of software and hardware reliability, the deployment of these vehicles as MaaS introduces safety concerns related to passengers’ behavior, fleet operators’ responsibilities, and communication between fleet operators, ADS developers, and vehicle manufacturers. The expected mass deployment of L4 ADS vehicles for MaaS in the medium future requires thus a thorough operational safety analysis.

We assess the L4 ADS MaaS operational safety and agents’ responsibilities by applying risk assessment methods. First, we identify the sub-systems involved in the operation. Second, we identify the operational phases of MaaS and each agent’s responsibilities during these phases. Third, we develop risk scenarios for each operational phase through Event Sequence Diagrams (ESDs). The ESDs provide a complete picture of the expected behavior of the agents involved, the potential recoveries should an undesired event happen, and the consequences of the different sequences of events. Finally, we adopt the Concurrent Task Analysis (CoTA) method for modeling the agents’ tasks. The CoTA models, using the same level of analysis, the tasks the agents should perform to ensure a safe operation within ESD scenarios. It establishes necessary inputs (data, information, and commands) for the tasks, allowing the identification of not only agents’ possible failures but also the emergent failures deriving from unsafe interactions. Because the CoTA is developed with a reference to the ESD events, the failures are identified and analyzed within a context. As a result, it is possible to determine the potential consequences of agents’ failures and identify the most critical ones.

Policies concerning L4 ADS as MaaS operation must be risk-informed and establish clear roles and responsibilities for the fleet operators, ADS manufacturers, and ADS developers. This work provides a methodology and essential input to extending existing policies and standards and developing new ones concerning L4 ADS MaaS.

Presentation slides can be found here:SRA Annual Meeting 2022

Recommended citation: Marilia Ramos, Camila Correa-Jullian, John McCullough, Jiaqi Ma, and Ali Mosleh. Autonomous Driving Systems in Mobility as a Service: Identifying Operational Safety Responsibilities. Presented at the Society for Risk Analysis (SRA) Annual Meeting, Tampa, Florida, USA, 2022.