Tuesday, May 28, 2019

NHTSA Publishes Automated Driving Systems ANPRM

Today the DOT’s National Highway and Traffic Safety Administration (NHTSA) published an advance notice of proposed rulemaking (ANPRM) in the Federal Register (84 FR 24433-24449) concerning possible changes to the Federal Motor Vehicle Safety Standards (FMVSS) that would be necessary to support the introduction of automated driving systems (ADS-DV). This rulemaking would specifically address changes to the 100-series (crash avoidance) FMVSS.

Barriers in FMVSS

The current rulemaking will seek to address barriers in the current crash avoidance FMVSS that would impede the introduction of ADS-DV designed without traditional manual controls. NHTSA has identified three categories of such impedances:

The standard requires a manual control.
The standard specifies how the agency will use manual controls in the regulatory description of how it will test.
The definition or use of terms (e.g., “driver”) in the FMVSS that assume human control of vehicles.

The first two categories are addressed in this rulemaking. The last will be common to other sections of the FMVSS (which will be covered in separate rulemakings), so NHTSA is considering a completely separate rulemaking for the definitions problem.

Manual Control

After a brief discussion of one of the potential barriers in the FMVSS to ADS-DV introduction, NHTSA proposes four possible solutions to the manual control issue:

First, if the required control is necessary for motor vehicle safety on all vehicles, NHTSA would retain the requirement for all vehicles, even if that requires potentially redundant technologies for certain ADS-DVs without traditional manual controls.
Second, if the required control is no longer necessary for motor vehicle safety for any vehicle, NHTSA could remove or otherwise modify the requirement, if permitted to by law.
Third, if the required control is still necessary for motor vehicle safety for traditional vehicles, but not necessary for the safety of ADS-DVs without traditional manual controls, NHTSA could retain the requirement only for traditional vehicles and, if permitted by law, exclude ADS-DVs without manual controls.
Fourth, if the required control is necessary for motor vehicle safety, but a different control (i.e., a non-human-actuated control) would be necessary for an ADS-DV to perform the same function, NHTSA may retain the existing requirement for traditional vehicles, but have a separate, different control or equipment requirement for ADS-DVs without traditional manual controls.


Currently, the FMVSS “outline performance requirements that must be met under certain test procedures and NHTSA will conduct compliance verification tests in accordance with these procedures”. Where the existing language requires the use of manual controls that may not exist in ADS-DV these requirements would impede the introduction of ADS-DV. Removing these impedances will almost certainly require the development of new testing methods.

NHTSA has identified the following potential approaches to this testing dilemma:

Normal ADS-DV operation;
Test Mode with Pre-Programmed Execution (TMPE);
Test Mode with External Control (TMEC);
Technical Documentation for System Design and/or Performance Approach; and
Use of Surrogate Vehicle with Human Controls


The ANPRM provides a table that lists the current crash prevention FMVSS provisions that may impeded the introduction of ADS-DV. NHTSA is requesting comments on the general approaches to the manual control and testing problems identified above. It also proposes a series of questions (here, here, here, here, here, here, and here)   that it would like commenters to address.

The list of questions includes only two that address (even broadly) cybersecurity issues. They are:

22. How could vehicle-based electronically accessible libraries for conducting FMVSS testing be developed in a way that would allow NHTSA to access the system for compliance testing but not allow unauthorized access that could present a security or safety risk to an ADS-DV?

27. Could a means of manual control be developed that would allow NHTSA to access the system for compliance testing but not allow unauthorized access that could present a security or safety risk to an ADS-DV?

Comments on this rulemaking are due by July 29th, 2019. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # NHTSA-2019-0036).


There is a lot of interesting problems identified in this rulemaking that are going to have a profound impact on the introduction of automated driving systems. To add to the complexity, the fact that NHTSA is considering at least two (probably 3) more rulemakings addressing FMVSS compliance issues and it becomes clear that engineering for these ADS-DV systems is much further along that the regulatory scheme. Inevitably, these regulatory changes are going to cause additional problems for the engineers.

I continue to be concerned with how NHTSA is apparently glossing over the cybersecurity issue in their regulatory schema. Acknowledging that there are effectively no current cybersecurity requirements in the FMVSS, NHTSA needs to start the public comment process on how such requirements should be addressed in any modified  FMVSS requirements supporting ADS-DV introduction. Since automated controls are not going to have driver backup in vehicles designed without manual controls, security systems and requirements for those automated controls is going to be even more important than in existing cyber-augmented vehicles.

I applaud NHTSA for learning the lesson from the Volkswagen diesel mileage testing fiasco and recognizing that any automated testing program needs to be protected from on-board gaming of the test. I just wish that it could be as forward thinking in identifying potential requirements in the FMVSS for general cybersecurity protections for the vehicle.

No comments:

/* Use this with templates/template-twocol.html */