Understanding ISO/PAS 8800 for AI in Automotive Safety

With the rise of AI use in vehicle software development, concerns arise around its presence in safety-critical applications, especially when it comes to functional safety and regulatory compliance. 

ISO 26262, the essential standard for automotive development that requires processes for managing, designing, and verifying safety-critical systems, still applies. However, it can fall short when applied to AI models, which are inherently non-deterministic and continuously evolving. In a vehicle, this presents obvious safety concerns, so a new approach for AI and automotive functional safety is needed. 

ISO/PAS 8800 is a more recent standard for road vehicles that addresses the safety-related risks associated with AI. In this blog, we'll explore key principles of ISO 8800 for mitigating risk and how using a static analysis tool can help fulfill ISO 8800 requirements. 

Meet AI Safety Requirements: Free Trial Static Analysis

What Is ISO/PAS 8800?

ISO/PAS 8800, "Road vehicles — safety and artificial intelligence," provides a framework for ensuring the safety of road vehicles that incorporate artificial intelligence. It covers the full AI development lifecycle, from design to monitoring its behavior post-deployment.

Developed in late 2024, the standard's primary purpose is to offer guidance on achieving functional safety when AI-based systems are part of a vehicle's design.

Unlike traditional software, AI and ML systems are non-deterministic and capable of learning, which presents new safety challenges. ISO/PAS 8800 was developed to address the risks AI may introduce in vehicle software, creating a bridge between the principles of functional safety and the unique characteristics of AI. The standard serves as a vital tool for engineers, developers, and manufacturers, helping them navigate the complexities of integrating intelligent systems into safety-critical automotive functions. The standard complements the foundational automotive functional safety standards ISO 26262 and SOTIF (ISO 21448) by providing specific considerations for AI. 

How ISO/IEC TR 5469, ISO 26262, and SOTIF 21448 Complement ISO/PAS 8800

ISO/PAS 8800 extends several established standards into AI. Let's look at how ISO 8800 relates to other safety standards. 

ISO/IEC TR 5469

"Artificial Intelligence—Functional safety and AI systems," is no specific to automotive, but rather a broad set of guidelines for integrating AI into functional safety systems across multiple industries. It acknowledges that special considerations for safety are likely to arise when AI is used and that the risks and challenges of an AI system need to be identified. TR 5469 also examines how AI algorithms might be evaluated according to the IEC 61508 functional safety standard and how existing techniques available in the field could be applied. 

However, it is also challenging to identify these problems when AI can be used in many software areas: 

• In the field
• In development
• In tools

Which TR 5469 classifies according to usage levels and classes.

TR 5469 is used as a general framework that can be adapted to road vehicles on safety properties, virtual testing, and physical testing. 

ISO 26262

As the essential functional safety standard for the automotive industry, ISO 26262 covers all of the functional safety aspects of the development process, and identifies four Automotive Safety Integrity Levels (ASIL) which range from A (lowest risk) to D (highest risk) for automotive components. 

AI systems still must meet ISO 26262 requirements, but some are tailored to be specific to AI, which is where the recent ISO/PAS 8800 comes in — as an extension of ISO 26262. 

SOTIF (ISO 21448)

Functional safety standards are intended to help eliminate risk of malfunction in automotive systems. ISO 21448 goes further in that it concentrates on the safety of the intended functionality (SOTIF) in the absence of an identified fault, with the aim of reducing potential unknown, unsafe conditions. 

Similarly, when considering AI and safety, it's the requirements that are essential in these systems over the implementation, because there are so many unknowns — a developer will know the desired effect but does not need to know how the AI achieves it. 

ISO/PAS 8800

The more recent standard does not replace the established safety standards but rather builds upon them. It describes how the methods in ISO 26262 should be tailored for use with AI systems, extends the concepts and guidance provided by SOTIF, and bears in mind the evaluations and considerations presented in TR 5469. 

ISO 8800 provides specific guidance for the non-determinism of AI and ML systems and proposes risk reduction measures during the design and operation phases using an iterative approach. 

In practice, a team developing an AI-based safety feature would use ISO 26262 as its base framework and apply the additional guidance from ISO 8800 to address the AI-specific aspects. 

What Does ISO/PAS 8800 Cover? 

ISO/PAS 8800 addresses the risk of undesired safety-related behavior at the vehicle level due to output insufficiencies, systematic errors, and random hardware errors of AI elements within the vehicle. This includes interactions with AI elements that are not part of the vehicle itself but that can have a direct or indirect impact on vehicle safety.

The scope of ISO/PAS 8800 focuses on the safe application of machine learning.

The standard is relevant across the entire vehicle lifecycle, including: 

• Concept and design
• Development and testing
• Operation and in-field monitoring
• Decommissioning

This comprehensive lifecycle approach ensures that safety considerations for AI are maintained from the initial concept through to the vehicle's retirement. It covers various types of AI systems, especially those based on machine learning, and applies to the AI components within those systems. 

Core Principles of ISO/PAS 8800

ISO/PAS 8800 is founded on several core principles that extend traditional functional safety concepts to AI.

Risk assessment and hazard analysis. Emphasizes a rigorous process for identifying potential hazards related to AI functionality. This includes analyzing risks stemming from model inaccuracies, data biases, or unexpected environmental interactions. 

Functional safety requirements. Guides the derivation of specific safety requirements for AI-based systems. These requirements must account for the probabilistic and adaptive nature of AI, ensuring the system performs safely even under uncertainty. 

Verification and validation processes. Involves new techniques beyond traditional software testing, such as evaluating the quality and coverage of training data, testing model performance against extensive simulation scenarios, and ensuring robustness against adversarial attacks. 

Continuous monitoring and improvement. Recognizes the need for continuous monitoring of system performance after deployment, allowing for the detection of performance degradation or unexpected behaviors, enabling updates and improvements to maintain safety over the vehicle's lifetime. 

How Static Analysis Helps Address ISO/PAS 8800 Requirements

One highly effective approach to fulfilling ISO/PAS 8800 requirements is the use of static analysis. Static analysis helps teams easily meet coding standards compliance, regardless of whether AI is used (but it helps to better control the AI aspects). Static analysis tools, like Perforce QAC and Klocwork, help identify risks and vulnerabilities early in development. For systems integrating AI, static analysis can help: 

• Identify potential risks in AI algorithms. By thoroughly examining source code and model implementation, static analysis uncovers vulnerabilities, logic errors, and unintended behaviors that could compromise safety. 
• Ensure code quality. Static analysis enforces strict adherence to coding standards and best practices, which are crucial for safety-critical software as they help prevent defects that might otherwise go undetected until later stages. 
• Validating safety-critical software components. Static analysis helps to validate interface integrity, data handling, and compliance with specified safety requirements, providing documentation and traceability throughout the software lifecycle. 

Using static analysis within the ISO/PAS 8800 framework helps strengthen risk management, supports regulatory compliance, and enhances team confidence in the safe development and deployment of AI-driven automotive systems. 

Trust Perforce Static Analysis for ISO/PAS 8800 Compliance Support

Perforce Static Analysis delivers the most accurate results to safety-critical project teams in the automotive industry. 

Perforce QAC provides deep, precise analysis and is the most trusted static code analyzer for continuous compliance with safety standards such as MISRA® and AUTOSAR. 

Perforce Klocwork can quickly scan automotive software, which requires more than 100 million lines of code, at scale. Teams using Klocwork easily collaborate and keep development velocity high, while also meeting regulatory compliance. 

See how Perforce Static Analysis can help fulfill ISO/PAS 8800 requirements and accelerate compliance: Request your free trial today! 

Request Your Static Analysis Free Trial