March 29, 2024

On May 28, 2019, NHTSA Published an Advanced Notice of Proposed Rulemaking (ANPRM) on Removing Regulatory Barriers for Vehicles with Automated Driving Systems

On May 28, 2019, NHTSA Published an Advanced Notice of Proposed Rulemaking (ANPRM) on Removing Regulatory Barriers for Vehicles with Automated Driving Systems

DATES:  Comments on this ANPRM are due no later than July 29, 2019

BACKGROUND: This ANPRM focuses on ADS–DVs without traditional manual controls and that may also lack other features intended to facilitate operation of a vehicle by a human driver. NHTSA reaffirms that, despite the use of the term ‘‘regulatory barrier’’ in its current and future documents, the existing FMVSSs neither have any provisions addressing the self-driving capability of an ADS nor prohibit inclusion of ADS components on a vehicle. NHTSA also states that nothing in the current standards poses testing or certification challenges for vehicles with ADSs so long as the vehicles have means of manual control and conventional seating, and otherwise meet the performance requirements of the FMVSSs.

DOT’s automation principles are to: (1) Prioritize safety; (2) Remain technology neutral; (3) Modernize regulations; (4) Encourage a consistent regulatory and operational environment; (5) Prepare proactively for automation; and (6) Protect and enhance the freedoms enjoyed by Americans.

NHTSA has also conducted research activities to help inform its decision-making with regard to identifying and resolving regulatory barriers. NHTSA, in collaboration with the Volpe National Transportation Systems Center, conducted a preliminary report identifying barriers to the compliance testing and self-certification of ADS– DVs without traditional manual controls. In March 2016, that report was published. The ‘‘Volpe Report’’ focused on FMVSS requirements that present barriers to the compliance testing and self-certification of ADS– DVs without traditional manual controls because they refer to a human driver.

Based on the Volpe Report findings, in 2017, NHTSA initiated work with Virginia Tech Transportation Institute (VTTI) to expand upon the work performed by Volpe by performing analysis and industry outreach to identify potential approaches for addressing compliance verification barriers.

Phase I of the VTTI project will include the technical translation of 30 FMVSSs and associated test procedures, and will conclude by the end of 2019. Phase II will focus on the remaining FMVSSs and associated test procedures, and is expected to start in 2019 and conclude in mid- 2021. These efforts are anticipated to inform NHTSA’s decisions on updates to the FMVSSs

In addition to these research efforts, NHTSA has also requested input from stakeholders through a January 2018 RFC to identify regulatory barriers in the FMVSS to the testing, compliance certification, and compliance verification of ADS–DVs without traditional manual controls.

NHTSA has determined that most of the potential regulatory barriers to the certification of ADS–DVs without traditional manual controls in the 100-series FMVSSs fall into three categories: (1) The standard requires a manual control; (2) the standard specifies how the agency will use manual controls in the regulatory description of how it will test for compliance; or (3) the definition or use of particular terms (e.g., ‘‘driver’’) become so unclear that clarification is necessary before certification and compliance verification testing is possible.

IV. Stakeholder Feedback

V. Addressing Barriers in the FMVSS A. Example #1 (FMVSS No. 135): Manual Control Required B. Example #2 (FMVSS No. 126): Existing Test Procedures That Cannot Be Executed Absent Manual Controls C. Additional Barrier Examples

VII. Public Participation

II. BACKGROUND:  This Advance Notice of Proposed Rulemaking (ANPRM) is a continuation of NHTSA’s efforts to gather input from stakeholders and the public regarding what approaches to propose to address potential challenges to the verification of the compliance with the Federal Motor Vehicle Safety Standards (FMVSSs) of Automated Driving System-Dedicated Vehicles (ADS–DVs)1 that lack traditional manual controls, but have traditional seating configurations.

NHTSA reaffirms its position that, despite the use of the term ‘‘regulatory barrier’’ in this and other future documents, the existing FMVSSs neither have any provisions addressing the self-driving capability of an ADS nor prohibit inclusion of ADS components on a vehicle. It states that nothing in those standards poses testing or certification challenges for vehicles with ADSs so long as the vehicles have means of manual control and conventional seating, and otherwise meet the performance requirements of the FMVSSs. However, the design of a motor vehicle without manual driving controls, design of a motor vehicle with novel seating configurations or orientations, or a covered party’s disabling of any part of a device or element of design of a motor vehicle or motor vehicle equipment that is currently in compliance with applicable FMVSSs could complicate the compliance of the vehicle to the existing FMVSSs

In the Notice, NHTSA discusses two potential types of regulatory barriers for ADS–DVs without traditional manual controls, describes a FMVSS that exemplifies each challenge, and presents a brief overview of comments on the request for comment (RFC).

The agency also presents and seeks comment regarding the safety impacts of using alternative compliance test verification methods to conduct compliance verification testing for these types of vehicles, assuming that the standards and procedures could be revisited to appropriately ensure the existing standard of performance without requiring, directly or indirectly, manual controls.

III. NHTSA’s Efforts To Provide Guidance and Regulatory Certainty

VI. Possible Approaches To Revising Crash Avoidance Test Procedures

NHTSA’s General Questions for each of the proposed approaches:

1. What are the possible advantages and disadvantages of each approach?

2. Discuss whether each approach fits the requirements and criteria of the Safety Act and enables effective enforcement of the FMVSSs. Explain the basis for your answers.

3. Can more than one of these approaches be specified by the agency as alternative ways for the agency to determine compliance with the same requirement in the same FMVSS? If so, please describe how this could be done consistent with the Vehicle Safety Act, using one or more specific FMVSS requirements as illustrative examples. If more than one approach could be specified for the same requirement in the same FMVSS, do commenters believe that the agency, in assessing compliance with the same requirement in the same FMVSS, choose one approach for one vehicle model, but another approach for a different model? If so, explain why. 4. If only one of these approaches can be used to enforce a particular FMVSS requirement, what factors should be considered in selecting that approach? What policy or other considerations should guide the agency in choosing one alternative approach versus another for determining the compliance of a particular vehicle or item of equipment?

5. With respect to any single approach or combination of approaches, could it be ensured that the compliance of all makes and models across the industry is measured by the same yard stick, i.e., that all vehicles are held to the same standard of performance, in meeting the same FMVSS requirement?

6. What other potential revisions or additions to terms, in addition to ‘driver’, are necessary for crash avoidance standards that NHTSA should consider defining or modifying to better communicate how the agency intends to conduct compliance verification of ADS vehicle.

7. Should NHTSA consider an approach to establish new definitions that apply only to ADS–DVs without traditional manual controls?

8. For compliance testing methods involving adjusting current test procedures to allow alternative methods of controlling the test vehicle during the test (normal ADS–DV function, TMPE, TMEC), or to allow the use of a surrogate vehicle:

a. How could NHTSA ensure that the test vehicle’s performance using the compliance method is an accurate proxy for the ADS–DV’s performance during normal operation?

b. If NHTSA were to incorporate the test method into its test procedures, would NHTSA need to adjust the performance requirements for each standard (in addition to the test procedures) to adequately maintain the focus on safety for an ADS–DV?

9. For compliance testing methods that replace physical tests with non- physical requirements (simulation, documentation):

a. If the test method is used to determine compliance with a real-world test, how can NHTSA validate the accuracy of a simulation or documentation?

b. If NHTSA must run real-world tests to validate a simulation or documentation, what is the advantage of non-physical requirements over these other compliance methods?

10. Would non-physical requirements simply replicate the existing physical tests in a virtual world? If not, what would be the nature of the non-physical requirements (that is, what performance metrics would these requirements use, and how would NHTSA measure them)? Are there ways that NHTSA could amend the FMVSSs to remove barriers to ADS–DVs that would not require using the compliance test methods described in below?

a. Are there any barriers in the FMVSS or NHTSA’s test procedures that could be addressed by altering or removing references to manual controls in the test procedures without substantively changing the FMVSS performance requirement?

b. Are there any changes that NHTSA could make to the FMVSS test procedures that could incorporate basic ADS capabilities to demonstrate performance, such as using an ADS– DV’s capability to recognize and obey a stop sign to test service brake performance?

11. What research or data exists to show that the compliance test method would adequately maintain the focus on ADS–DV safety? What modifications of the safety standards would be necessary to enable the use of the test method?

Specific questions relating to each proposed approach:

A. Normal ADS–DV Operation

One possible approach for vehicle manufacturers to use for self- certification, and the agency to use for compliance verification, is the ‘‘Normal ADS–DV Operation’’ approach. This approach involves operating the ADS– DV without traditional manual controls ‘‘as-is’’ with no extra programming and/ or installation of any kind of manual controls for test maneuver execution. The ADS would be in control of the vehicle during compliance testing with all of its operational restrictions and decision-making capabilities in place. In its most basic form, compliance verification using Normal ADS–DV Operation would require the engineer performing the compliance test to input an appropriate destination using the same input method indicated by the ADS–DV’s manufacturer for real-world operation. Vehicle performance would be observed and assessed during the period of normal on-road vehicle operation.

Analysis The Normal ADS–DV Operation approach may provide the most ‘‘realistic’’ representation of how the vehicle would perform during normal use. This approach could allow NHTSA to continue acquiring vehicles in the same way that U.S. consumers do, from commercial dealerships, and testing actual vehicles to verify they meet the FMVSS requirements. NHTSA is interested in maintaining its policy to buy and test new production vehicles from dealership lots, to the extent possible.

NHTSA believes that there are several test requirements in the FMVSSs for which Normal ADS–DV Operation may be a feasible compliance option if certain assumptions are correct. For example, the FMVSS No. 138 procedure for testing a vehicle’s tire pressure monitoring system requires that the test vehicle is driven on a specific public roadway for a specified distance at the posted roadway speeds. During the test, the vehicle is stopped along the way to reduce tire inflation pressure and then driven again until a low inflation pressure indication is obtained. This test procedure could be modified to permit use of the Normal ADS–DV Operation approach for ADS–DVs by allowing the driving portion of the test to be performed by the ADS, which would be commanded by the test engineer using the ADS–DV’s normal input method to select a destination.

The primary drawback to the Normal ADS–DV Operation approach for ADS– DVs that lack manual controls is that its application is limited to test procedure requirements capable of being performed within the Operational Design Domain (ODD) of the ADS. As such, tests involving vehicle maneuvers or operation at speeds, locations, or other operating conditions not experienced within the vehicle’s ODD could not be performed using this method. For example, a vehicle whose ODD does not include the specified test track for the above TPMS test, whether for geographic or road-type restrictions, could not use this approach to conduct the test. Another drawback of this approach, which several of the alternatives below attempt to correct, is that, even if a vehicle’s ODD could allow it to perform a test, the vehicle may not be equipped with the controls necessary to allow NHTSA to actually conduct the test.

For NHTSA to evaluate the feasibility of the Normal ADS–DV Operation approach for compliance verification, the agency would need more information about the extent to which an ADS–DV can be controlled under normal operation. In addition, it is possible that normal control could be used on some vehicles but not on others, since manufacturers may implement different methods for vehicle operators to communicate with and command the vehicle to accomplish on- road driving.

To the extent that some but not all ADS–DVs could be designed to allow for this type of testing, at least for certain standards, it may be challenging for NHTSA to design appropriately objective standards to cover all ADS–DVs. To address these issues, NHTSA believes it is essential to better understand how operators will interface with and operate these ADS– DVs without traditional manual controls under normal conditions. To better understand the ‘‘Normal ADS–DV Operation’’ approach and its possible applications, the agency asks the following questions.

Questions Specific to This Testing Method:

12. What design concepts are vehicle manufacturers considering relating to how an ADS–DV passenger/operator will interface with, or command (e.g., via verbal or manual input), the ADS to accomplish any driving task within its ODD? Please explain each design concept and exactly how each would be commanded to execute on-road trips.

13. Are there specific challenges that will be encountered with this kind of approach for vehicle compliance verification? Please be specific and explain each challenge.

14. Will all ADS–DVs without traditional manual controls be capable of receiving and acting upon simple commands not consisting of a street address based destination, such as ‘‘drive forward or backwards a distance of 10 feet and stop’’; ‘‘shift from park to drive and accelerate to 25 mph’’; ‘‘drive up onto a car hauler truck trailer’’; etc.? Please explain projected challenges for ADS–DVs without traditional manual controls to complete discrete driving commands and tasks.

15. How would NHTSA ensure that the performance of the ADS–DV during testing is consistent with how the vehicle would perform during actual normal use?

B. Test Mode With Pre-Programmed Execution (TMPE)

Questions Specific to This Testing Method:

16. How could engineers responsible for performing FMVSS compliance assessments of an ADS–DV without manual controls be expected to access and interface with the compliance test library menu?

17. Would the FMVSS need to specify the libraries available to NHTSA to test the vehicle?

18. Is it practical to expect that an ADS–DV without any traditional manually-operated controls can be safely and efficiently operated within the confines of a test track with only a pre-programmed test menu (i.e., without some form of external controller or other means of vehicle control input)?

19. Can an ADS–DV be expected to perform within tight tolerance levels using the regular on-board sensors?

20. How much variation in test results across various test locations (i.e., proving grounds) is expected to result from testing an ADS–DV equipped with the same FMVSS compliance library at different locations? Could the ability to satisfy FMVSS performance requirements depend on the location the tests are performed?

21. Is it reasonable to assume any geofence-based operating restrictions could be suspended while the ADS–DV is operating in a ‘‘test mode’’ intended to assess FMVSS compliance?

22. How could vehicle-based electronically accessible libraries for conducting FMVSS testing be developed in a way that would allow NHTSA to access the system for compliance testing but not allow unauthorized access that could present a security or safety risk to an ADS–DV?

23. Are there other considerations NHTSA should be aware of when contemplating the viability of programmed execution-based vehicle compliance verification?

24. When changes or updates are made to the ADS, how will the TMPE content be updated to reflect the changes and how often would it be updated?

C. Test Mode With External Control (TMEC)

Questions Specific to This Testing Method:

25. Is it reasonable to assume a common (universal) interface, translator, and/or communication protocol between an external controller and any ADS–DV will be developed?

26. What is the most viable method for securely interfacing an external controller with the ADS–DV (e.g., wireless or physical access)?

27. Could a means of manual control be developed that would allow NHTSA to access the system for compliance testing but not allow unauthorized access that could present a security or safety risk to an ADS–DV?

28. Is it reasonable to assume any geofence-based operating restrictions could be suspended while an external controller intended to assess FMVSS compliance is connected to the ADS– DV? 29. Are there other considerations NHTSA should be aware of when contemplating the viability of using an external controller-based vehicle certification?

D. Simulation

Questions Specific to This Testing Method:

30. How can simulations be used to assess FMVSS compliance?

31. Are there objective, practicable ways for the agency to validate simulation models to ensure their accuracy and repeatability?

32. Is it feasible to perform hardware- in-the-loop simulations to conduct FMVSS compliance verification testing for current FMVSS?

33. Is it feasible to perform software- in-the-loop simulations to conduct FMVSS compliance verification testing?

E. Technical Documentation for System Design and/or Performance Approach F. Use of Surrogate Vehicle With Human Controls

Questions Specific to This Testing Method:

34. How can the documentation- focused approach ensure compliance with FMVSS, considering it neither verifies that the vehicles on the road match the documentation nor confirms that the vehicles on the road comply with the FMVSSs?

35. If technical documentation were acceptable for compliance verification, how would the manufacturer assure the agency that the documentation accurately represents the ADS–DV and that the system is safe?

36. Exactly what kind of documentation could be submitted for each kind of FMVSS requirement? Provide specific examples with detailed explanation of the documentation required.

F.  Use of a Surrogate Vehicle with Human Controls

Questions Specific to This Testing Method:

37. To what extent could equivalence of the vehicle components used for conventional and ADS–DVs be demonstrated to assure that surrogate vehicle performance would be indicative of that of a surrogate ADS– DV?

38. How can the agency confirm that the maneuver severity performed by a surrogate manually-drivable vehicle, during FMVSS compliance tests, is equal to that of the subject ADS–DV? For example, how can the characterization maneuvers and subsequent scaling factors in the FMVSS No. 126 ESC test on the surrogate vehicle be confirmed as equivalent on the ADS–DV?

39. If results from FMVSS compliance tests of a conventional vehicle performed by its manufacturer differ from the results of NHTSA tests of an equivalent ADS–DV (particularly if the conventional vehicle complies with the agency’s standards, but the ADS–DV does not), can the conflicting results be reconciled? If so, how?

“FASTER, SMARTER, GREENER–THE FUTURE OF THE CAR AND URBAN MOBILITY”

October 11, 2017, I attended Next Energy for the book launch of “Faster, Smarter, Greener—THE FUTURE OF THE CAR AND URBAN MOBILITY” by Dr. Venkat Sumantran, Chairman of Celeris Technologies and formerly with General Motors.  Dr Sumantran stated that the mobility system of the future must be:

  • Connected;
  • Heterogeneous;
  • Intelligent; and
  • Personalized

Dr Sumantran discussed the above areas which he called CHIP mobility. It was a very interesting presentation.  After the presentation, there was a panel discussion and questions from the audience.  Members of the panel were:

  • Sue Zielinski, former Director of Ann Arbor SMART, and now an independent consultant
  • Mark Schulz, Founder and Special Venture Partner of Fontinalis Partners; and
  • Jean Redfield, President and CEO of Next Energy

I obtained a copy of the book and can’t wait to read it.

On January 12, 2017, NHTSA Published a Notice of Proposed Rulemaking on a Safety Standard for Vehicle to Vehicle Communications (49 CFR 571.150 or FMVSS 150)

DATES:  Comments must be received on or before April 12, 2017

The 166 Page rule can be found at https://www.gpo.gov/fdsys/pkg/FR-2017-01-12/pdf/2016-31059.pdf

Here is my outline of the Executive Summary:

 Executive Summary

  1. The proposal contains V2V communication performance requirements predicated on the use of on-board dedicated short-range radio communication (DSRC) devices to transmit Basic Safety Messages (BSM) about a vehicle’s speed, heading, brake status, and other vehicle information to surrounding vehicles, and receive the same information from them.
  2. The proposal also provides a path for vehicles to comply by deploying other technologies that meet performance and interoperability requirements, including interoperability with DSRC.
  3. V2V would employ omnidirectional radio signals that provide 360 degree coverage along with offering the ability to “see” around corners and “see” through other vehicles. V2V is not restricted by the same line-of-sight limitations as technologies that rely on vehicle-resident sensors.
  4. V2V technology will not be limited by weather, sunlight, shadows, or cleanliness
  5. V2V would enable surrounding vehicles to help each other by conveying safety information about themselves to other vehicles.
  6. V2V can provide information on the operational status (e.g., brake pedal status, transmission state, stability control status, vehicle at rest versus moving, etc.) of other V2V-equipped vehicles.
  7. Vehicle-resident systems can augment V2V systems by providing the information necessary to address crash scenarios not covered by V2V communications, such as lane and road departure.
  8. Overview of the Proposed Rule
    1. A V2V system as currently envisioned would be a combination of many elements. This includes a radio technology for the transmission and reception of messages, the structure and contents of “basic safety messages” (BSMs), the authentication of incoming messages by receivers, and, depending on a vehicle’s behavior, the triggering of one or more safety warnings to drivers.
    2. The agency is also proposing to require that vehicles be capable of receiving over-the-air (OTA) security and software updates (and to seek consumer consent for such updates where appropriate). In addition, NHTSA is also proposing that vehicles contain “firewalls” between V2V modules and other vehicle modules connected to the data bus to help isolate V2V modules being used as a potential conduit into other vehicle systems.
    3. The NPRM presents a comprehensive proposal for mandating DSRC-based V2V communications. That proposal includes a pathway for vehicles to comply using non-DSRC technologies that meet certain performance and interoperability standards. A key component of interoperability is a “common language” regardless of the communication technology used. Therefore, the agency’s proposal includes a common specification for basic safety message (BSM) content regardless of the potential communication technology. The proposal also provides potential performance-based approaches for two security functions in an effort to obtain reaction and comment from industry and the public. Following is a more comprehensive discussion of the proposal and potential alternatives for different aspects of V2V security:
  9. Communication Technology
    1. Proposal: NHTSA proposes to mandate DSRC technology – A DSRC unit in a vehicle sends out and receives “basic safety messages” (BSMs). DSRC communications within the 5.850 to 5.925 MHz band are governed by FCC 47 CFR Parts 0, 1, 2 and 95 for onboard equipment and Part 90 for road side units. In reference to the OSI model, the physical and data link layers (layers 1and 2) are addressed primarily by IEEE 802.11p as well as P1609.4; network, transport, and session layers (3,4 and 5) are addressed primarily by P1609.3; security communications are addressed by P1609.2; and additional session and prioritization related protocols are addressed by P1609.12. This mandate could also be satisfied using non-DSRC technologies that meet certain performance and interoperability standards.
  10. Message Format and Information
    1. NHTSA proposes to standardize the content, initialization time, and transmission characteristics of the Basic Safety Message (BSM) regardless of the V2V communication technology potentially used. The agency’s proposed content requirements for BSMs are largely consistent with voluntary consensus standards SAE 2735 and SAE 2945 which contains data elements such as speed, heading, trajectory, and other information, although NHTSA purposely does not require some elements to alleviate potential privacy concerns. Standardizing the message will facilitate V2V devices “speaking the same language,” to ensure interoperability.
  11. Message Authentication
    1. Public Key Infrastructure Proposal: NHTSA proposes V2V devices sign and verify their basic safety messages using a Public Key Infrastructure (PKI) digital signature algorithm in accordance with performance requirements and test procedures for BSM transmission and the signing of BSMs.
    2. Alternative Approach – Performance-based Only:  This performance only approach simply states that a receiver of a BSM message must be able to validate the contents of a message such that it can reasonably confirm that the message originated from a single valid V2V device, and the message was not altered during transmission. THE AGENCY SEEKS COMMENTS ON THIS POTENTIAL ALTERNATIVE.
    3. Alternative Approach — No Message Authentication: This second alternative stays silent on a specific message authentication requirement. BSM messages would still be validated with a checksum, or other integrity check, and be passed through a misbehavior detection system to attempt to filter malicious or misconfigured messages. Implementers would be free to include message authentication as an optional function. THE AGENCY SEEKS COMMENTS ON THIS POTENTIAL ALTERNATIVE.
  12. Misbehavior Detection and Reporting
    1. Primary Misbehavior Detection and Reporting Proposal: NHTSA proposes to mandate requirements that would establish procedures for communicating with a Security Credential Management System to report misbehavior; and learn of misbehavior by other participants. This includes detection methods for a device hardware and software to ensure that the device has not been altered or tampered with from intended behavior. This approach enhances the ability of V2V devices to identify and block messages from other misbehaving or malfunctioning V2V devices.
    2. Misbehavior Detection Alternative Approach: An alternative for misbehavior detection imposes no requirement to report misbehavior or implement device blocking based to an authority. However, implementers would need to identify methods that check a devices’ functionality, including hardware and software, e to ensure that the device has not been altered or tampered with from intended behavior. Implementers would be free to include misbehavior detection and reporting and as optional functions. THE AGENCY SEEKS COMMENTS ON THIS POTENTIAL ALTERNATIVE.
  13. Hardware Security
    1. NHTSA proposes that V2V equipment be “hardened” against intrusion (FIPS-140 Level 3) by entities attempting to steal its security credentials.
  14. Effective Date
    1. The agency is proposing that the effective date for manufacturers to begin implementing these new requirements would be two model years after the final rule is adopted, with a three year phase-in period to accommodate vehicle manufacturers’ product cycles. Assuming a final rule is issued in 2019, this would mean that the phase-in period would begin in 2021, and all vehicles subject to that final rule would be required to comply in 2023.
  15. Safety Applications
    1. The agency is not proposing to require specific V2V safety applications at this time. It believes the V2V communications it is proposing will create the standardized information environment that will, in turn, allow innovation and market competition to develop improved safety and other applications.
  16. Authority
  17. Privacy and Security
    1. V2V systems would be required to be designed from the outset to minimize risks to consumer privacy. The NPRM proposes to exclude from V2V transmitting information that directly identifies a specific vehicle or individual regularly associated with a vehicle, such as owner’s or driver’s name, address, or vehicle identification numbers, as well as data “reasonably linkable”3 to an individual. Additionally, the proposal contains specific privacy and security requirements with which manufacturers would be required to comply
    2. The Draft Privacy Impact Assessment that accompanies this proposal contains detailed information on the potential privacy risks posed by the V2V communications system, as well as the controls designed into that system to minimize risks to consumer privacy
  18. Estimated costs and benefits
    1. In this NPRM, the agency proposes that all light vehicles be equipped with technology that allows for V2V communications, but has decided not to propose to mandate any specific safety applications at this time, instead allowing them to be developed and adopted as determined by the market. The Agency believes that this market-based approach to application development and deployment makes estimating the potential costs and benefits of V2V quite difficult.
  19. Regulatory Alternatives
    1. First, the agency considered an “if-equipped” standard, which would entail simply setting a conditional standard stating that “if a new vehicle is equipped with devices capable of V2V communications, then it is required to meet the following requirements.” However, the agency did not adopt this alternative as the proposal because the agency believes that anything short of a mandate for universal V2V capability on all new vehicles would not lead a sufficient fraction of the vehicle fleet to be equipped with V2V to enable full realization of the technology’s potential safety benefits.
    2. Second, the agency considered a regulatory alternative of requiring that V2V-capable vehicles also be equipped with the two safety applications analyzed in this proposed rule – Intersection Movement Assist (IMA) and Left Turn Assist (LTA) – in addition to V2V capability. This alternative would speed the introduction and increase the certainty of safety benefits. However, because performance requirements and test procedures for these safety applications are still nascent, the Agency did not propose this alternative.

 

On November 29, 2016, NHTSA Announced a Public Meeting on the Federal Automated Vehicle Policy

DATES: Registration must be completed on or before December 9, 2016.  The meeting will be held December 12, 2016 in Arlington Virginia.

PURPOSE: The morning portion of the meeting will be to look at the Section II of the Federal Automated Vehicles Policy–Model State Policy.  The afternoon session will discuss Section IV of the Policy—Modern Regulatory Tools.  The meeting will be available by webcast  at http:// www.nhtsa.gov/nhtsa/av/index.html.

 

On April 1, 2016, NHTSA Published a Request for Public Comments on NHTSA Enforcement Guidance Bulletin 2016–02: Safety-Related Defects and Emerging Automotive Technologies

DATES: Comments must be received on or before May 2, 2016

HIGHLIGHTS: The proposed Enforcement Guidance Bulletin set forth in this notice contains NHTSA’s current views on emerging automotive technologies—including its view that when vulnerabilities of such technology or equipment pose an unreasonable risk to safety, those vulnerabilities constitute safety-related defect—and suggests guiding principles and best practices for motor vehicle and equipment manufacturers in this context.

Part III of the notice sets forth the “Guidance and Recommended Best Practices: Safety-Related Defects, Unreasonable Risk, and Emerging Technologies”. 

 To avoid violating Safety Act requirements and standards, manufacturers of emerging technology and the motor vehicles on which such technology is installed are strongly encouraged to take steps to proactively identify and resolve safety concerns before their products are available for use on public roadways.

In the case of cybersecurity vulnerabilities, NHTSA will weigh several factors in determining whether a vulnerability poses an unreasonable risk to safety (and thus constitutes a safety related defect), including: (i) the amount of time elapsed since the vulnerability was discovered (e.g., less than one day, three months, or more than six months); (ii) the level of expertise needed to exploit the vulnerability (e.g., whether a layman can exploit the vulnerability or whether it takes experts to do so); (iii) the accessibility of knowledge of the underlying system (e.g., whether how the system works is public knowledge or whether it is sensitive and restricted); (iv) the necessary window of opportunity to exploit the vulnerability (e.g., an unlimited window or a very narrow window); and, (v) the level of equipment needed to exploit the vulnerability (e.g., standard or highly specialized). NHTSA uses those factors, and others, to help assess the overall probability of a malicious cybersecurity attack.

Manufacturers should consider adopting a life-cycle approach to safety risks when developing automated vehicles, other innovative automotive technologies, and safety compliance programs and other business practices in connection with such technologies. A life-cycle approach would include elements of assessment, design, implementation, and operations as well as an effective testing and certification program.

Considering hardware, software, and network and cloud security, manufacturers should consider developing a simulator, using case scenarios and threat modeling on all systems, sub-systems, and devices, to test for safety risks, including cybersecurity vulnerabilities, at all steps in the manufacturing process for the entire supply chain, to implement an effective risk mitigation plan.

This Bulletin is not intended, nor can it be relied upon, to create any rights enforceable by any party against NHTSA, the U.S. Department of Transportation, or the United States. These recommended practices do not establish any defense to any violations of the Safety Act, or regulations thereunder, or violation of any statutes or regulations that NHTSA administers. This Bulletin may be revised in writing without notice to reflect changes in the Agency’s views and analysis, or to clarify and update text