• Automated vehicle validation is still the big unsolved puzzle. We don't yet have a single method, metric, or standard that can prove an automated car is safe enough for the open road. Just piling on test miles won't cut it. Rare events are too rare, the real world is too messy, and software – and the world keeps changing after vehicles are deployed.  

    The keynote will unpack why this problem remains open — from statistical limits and simulation credibility to shifting operational design domains, machine learning brittleness, and the headaches of over-the-air updates and cyber threats.  

    Instead of pretending there's a silver bullet, the talk lays out a layered approach: combine scenario-based testing, credible simulation, safety cases, and continuous monitoring once cars are in the wild.  

    Most importantly, it will challenge the community with the open tasks — practical things we can actually work on together: building ODD schemas, creating rare-event testing benchmarks, stress-testing perception, agreeing on sim-to-real playbooks, and designing transparent reporting after deployment.  

  • BMW's SIFAD—Safety Integrity Framework for Automated Driving—supports the safe deployment of one of the first SAE Level 3 Automated Highway Driving Systems. Central to this is a probabilistic risk assessment combining Bayesian analysis, designed experiments, and large-scale field data to quantify uncertainties, model residual risks, and demonstrate a Positive Risk Balance within the V-Model. The talk will conclude with insights on extending this approach to the complexities of urban automated driving scenarios.

  • There is a broad consensus that the safety approvals for automated driving systems will be done through safety case development and assessment. The UN Regulation and the Global Technical Regulation for Automated Driving that is being developed currently have taken a Claims, Argument and Evidence (CAE) based approach to safety cases. Variety of national and international standards provide guidance on different aspects of safety case making it a “golden bullet” of safety. However, no standards or guidance documents provides engineering level guidance on both structure and content of a safety case. Most remain at a high level leaving subjective expert judgement as a means of interpretation.

    This talk will uncover the safety case fallacy. While the safety case concept is sound it is not robust enough as a high level safety case will enable organizations to gloss over nuances critical to ensuring safety of automated driving. This talk will introduce a CAE based structure for safety case called Assurance 2.0 will a detailed decomposition frameworks providing detailed guidance to both developers as well as authorities assessing the safety case.

    It is easy to do a safety case. It is relatively challenging to do a “good” and “robust” safety case. The ecosystem needs to the latter!