Certifying a vehicle was once a one-time process. A manufacturer would build the car, get it certified, and then it wouldn’t need certifying again until the next generation or refresh when significant changes were made. In the wake of the software-defined vehicle era, things get a little more complex as it’s easier than it’s ever been for manufacturers to update the core functionality of a vehicle via an over-the-air (OTA) update.
Take Tesla, for example, any Tesla owner can choose to add self-driving capabilities to their car. All they need to do is buy the update and the new functionality will be delivered wirelessly. This fundamentally changes the functionality of the vehicle.
The challenge with software-defined vehicles
Currently, ISO and other functional-safety certifications look at the software in a vehicle, taking into account cybersecurity and safety concerns; however, the existing process doesn’t match up to the complexities of modern cars. To provide new functionality and features, these vehicles go through potentially dozens of software updates during a single-vehicle generation. This has the potential to change how the vehicle works, as well as how different systems interact with one another.
While high-end electric brands such as Tesla lead the way with OTA updates, other manufacturers are catching up. These software releases are going to happen more and more frequently, especially as we move toward large-scale EV adoption. There’s a challenge in safely certifying vehicles that are updated so regularly. While many of the changes may be small, there’s no knowing how those small updates could affect other systems in the vehicle.
For example, a small change to the braking system doesn’t just affect how the car stops during normal driving, it’ll affect the ABS, the emergency braking, and even the adaptive cruise control; all these systems are intertwined. For example, Tesla rolled out an update for its Autopilot system, improving how it used regenerative braking — this had knock-on effects throughout the vehicle.
The importance of continual certification
While manufacturers are often able to show what elements of the code have changed when recertifying a vehicle, they lack deeper visibility into the impact the code has on different systems. So while an update to the braking system might need to be recertified, there needs to be a way to also look at how that affects advanced driver-assist features and other systems — especially those that could impact safety.
This is why, in this era of software-defined vehicles with dozens of systems that work together, we need to move to a process of continual certification. Running impact analysis on a change allows us to see much more deeply into what has been affected by an update. With this kind of insight, the items that need to be recertified can be, but the rest of the vehicle won’t need to go through that same lengthy process.
Continually recertifying vehicles within a model year, potentially after every core functionality update, will also increase safety. There’s even the potential to use technology to constantly run impact analyses and send these directly to the regulatory body. However, the current process of certifying a vehicle is lengthy and wouldn’t scale to support this kind of ongoing certification.
The challenges
Currently, different regulatory bodies have different certification processes but, typically, these involve manufacturers submitting documentation detailing all the changes. There’s no standard to these documents so every single OEM may submit something different. Following this, there are multiple rounds of comments, meetings, and questions to determine how significant the changes are to the vehicle and whether or not it needs to be retested. This works, to a point, but when considering continual certification for vehicles that are regularly updated, this method won’t work at scale.
AI can provide a solution
There is perhaps a solution to be found in artificial intelligence, specifically Vehicle Software Intelligence. Aurora Labs has developed a tool that runs continual impact analysis on a vehicle to understand the changes that have been made. This not only shows the affected interdependencies from an update but can also flag other issues that could impact recertification — such as superfluous code.
Aurora Labs’ Auto Validate allows both manufacturers and regulatory bodies to gain a deeper understanding of any functionality changes and how they affect other systems. This not only gives developers more insight but could drastically speed up the certification process.
The future
Innovating in this way and moving to a continuous certification process isn’t currently a priority for manufacturers but, as vehicles become yet more advanced, this is something that will need to be addressed. Vehicle Software Intelligence presents an opportunity to bridge the gap between OEMs and regulatory bodies while improving safety and compliance.
While the certification process is unlikely to go through any radical changes any time soon, there’s an opportunity here for technology to simplify a lengthy process. The regulatory process was designed for vehicles that only change once every few years — but things have changed. Vehicles are now complex computer systems on wheels that can be updated at the touch of a button with zero downtime for the driver. The fast-paced nature of this technology requires a new way of working that will only scale when supported by AI tools such as Vehicle Software Intelligence.