Re-imagining ISO 26262 in the Age of Autonomous Vehicles: Enhancing Controllability through Transferability and Predictability
Pith reviewed 2026-06-27 21:36 UTC · model grok-4.3
The pith
ISO 26262 controllability decomposes into transferability for fallback handoff and predictability for external anticipation in autonomous vehicles.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
The central claim is that the Controllability placeholder in ISO 26262 can be decomposed into Transferability, which captures AV systems' ability to hand off control to dedicated fallback safety mechanisms, and Predictability, which captures how easily external agents can anticipate AV behavior. Predictability receives a formal definition from human-robot interaction principles together with a mathematical framework for quantification. A designed-versus-achievable gap distinguishes architectural fallback claims from scene-conditioned achievable capability. The resulting metrics align with both ISO 26262 and ISO/PAS 21448, rendering fallback and interaction claims falsifiable and traceable ac
What carries the argument
The decomposition of Controllability into Transferability (handoff to fallback mechanisms) and Predictability (quantified anticipation by external agents via an HRI-inspired mathematical framework), plus the designed-versus-achievable gap.
If this is right
- Fallback and interaction claims become falsifiable and traceable across ODD slices.
- The decomposition complements rather than replaces the existing ISO 26262 structure.
- Risk assessment remains grounded in Severity, Exposure, and the updated Controllability dimensions.
- Applicability extends directly to SAE Level 4 and 5 driverless systems.
- Alignment with SOTIF makes scene-conditioned evidence requirements explicit.
Where Pith is reading between the lines
- The framework could be tested by measuring Predictability scores against recorded near-miss data from deployed AV fleets to check correlation with actual external-agent responses.
- If the designed-versus-achievable gap proves measurable, regulators might require explicit reporting of both values during type approval.
- The same decomposition might be applied to other vehicle safety standards that currently assume a human driver.
- Scene-specific Predictability values could inform dynamic ODD restrictions that reduce required fallback performance in highly predictable environments.
Load-bearing premise
Predictability can be formally defined from human-robot interaction principles and quantified through a mathematical framework that renders fallback claims falsifiable and traceable across different operational design domains.
What would settle it
Application of the Predictability quantification framework to multiple distinct ODD slices yields inconsistent or non-traceable values that fail to distinguish observable differences in real AV fallback success rates.
read the original abstract
The ISO 26262 standard defines functional safety for road vehicles through risk assessments based on Severity, Exposure, and Controllability, grounded in a human-driven vehicle paradigm. In the context of autonomous vehicles (AVs), the absence of a human driver necessitates revisiting these principles. This paper decomposes the Controllability placeholder into two auditable evidence dimensions of ISO 26262 by introducing two measurable sub-concepts: Transferability and Predictability. Transferability extends Controllability to capture AV systems' ability to hand off control to dedicated fallback safety mechanisms, while Predictability captures how easily external agents can anticipate AV behavior. Predictability is formally defined from human-robot interaction-inspired principles, and a mathematical framework is provided to quantify it. A designed-versus-achievable gap is introduced to distinguish architectural fallback claims from scene-conditioned achievable fallback capability. The proposed metrics align with ISO 26262 and ISO/PAS 21448 (SOTIF), rendering fallback and interaction claims falsifiable and traceable across ODD slices. These dimensions complement rather than replace existing standards, and the enhancements preserve the structure of ISO 26262 while extending its applicability to driverless automated systems operating at SAE Levels 4 and 5.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper claims that the Controllability parameter in ISO 26262 can be decomposed for SAE Level 4/5 autonomous vehicles into two measurable sub-concepts—Transferability (capturing handoff to fallback safety mechanisms) and Predictability (capturing ease of anticipation of AV behavior by external agents)—with Predictability formally defined via human-robot interaction principles and quantified by a provided mathematical framework. A designed-versus-achievable gap is introduced to separate architectural claims from scene-specific capability. The proposal positions these dimensions as complementary extensions that preserve the overall ISO 26262 risk-assessment structure (Severity, Exposure, Controllability) while aligning with SOTIF (ISO/PAS 21448) and rendering fallback and interaction claims falsifiable and traceable across ODD slices.
Significance. If the claimed mathematical framework for Predictability is rigorously derived from HRI principles, parameter-free where asserted, and shown to integrate without altering the core ISO 26262 skeleton, the work could provide a useful conceptual bridge for applying functional-safety standards to driverless systems. The explicit separation of designed versus achievable capability and the emphasis on falsifiability across ODDs are constructive elements that could aid auditability.
major comments (1)
- The central claim rests on the existence and correctness of a mathematical framework that quantifies Predictability from HRI principles and renders claims falsifiable. No equations, derivations, or example calculations appear in the provided manuscript text, preventing assessment of whether the framework avoids free parameters, circular definitions, or inconsistencies with the designed-versus-achievable gap.
Simulated Author's Rebuttal
We thank the referee for the careful review and for noting the constructive aspects of the decomposition and the designed-versus-achievable distinction. The single major comment correctly identifies that the manuscript text does not contain the explicit mathematical framework referenced in the abstract. We address this directly below.
read point-by-point responses
-
Referee: The central claim rests on the existence and correctness of a mathematical framework that quantifies Predictability from HRI principles and renders claims falsifiable. No equations, derivations, or example calculations appear in the provided manuscript text, preventing assessment of whether the framework avoids free parameters, circular definitions, or inconsistencies with the designed-versus-achievable gap.
Authors: We agree that the submitted manuscript lacks the explicit equations, derivations, and worked examples for the Predictability metric. Although the abstract states that a mathematical framework is provided, the detailed formulation derived from HRI principles was omitted from the body text. In the revised version we will insert a new section that (i) states the HRI-derived axioms, (ii) presents the parameter-free quantification of Predictability, (iii) supplies step-by-step derivations, (iv) includes concrete numerical examples across ODD slices, and (v) demonstrates consistency with the designed-versus-achievable gap. This addition will make the falsifiability claim directly verifiable. revision: yes
Circularity Check
No significant circularity in conceptual extension
full rationale
The paper introduces Transferability and Predictability as new measurable sub-concepts to decompose Controllability in ISO 26262, with Predictability defined from HRI-inspired principles and supported by a mathematical framework. No load-bearing equations, fitted parameters renamed as predictions, or self-citation chains are visible in the provided text that would reduce the central claim to its own inputs by construction. The argument explicitly frames the decomposition as an extension that preserves the original standard structure and aligns with SOTIF, rendering claims falsifiable without self-referential definitions or uniqueness theorems imported from the authors' prior work. This is a standard case of a self-contained conceptual proposal with independent content.
Axiom & Free-Parameter Ledger
invented entities (2)
-
Transferability
no independent evidence
-
Predictability
no independent evidence
Reference graph
Works this paper leans on
-
[1]
Available: https://www.iso.org/standard/77490.html
[Online]. Available: https://www.iso.org/standard/77490.html
-
[2]
[4]Road vehicles — Test scenarios for automated driving systems — Scenario based safety evaluation framework, International Organization for Standardization Std
Underwriters Laboratories (UL),UL 4600: Standard for Safety for the Evaluation of Autonomous Products, Underwriters Laboratories Std., 2023, covers safety case development, behavioral transparency, and system-level assurance for autonomous systems. [4]Road vehicles — Test scenarios for automated driving systems — Scenario based safety evaluation framework...
2023
-
[3]
Road vehicles — safety and cybersecurity for automated driving systems — design, verification and validation,
International Organization for Standardization, “Road vehicles — safety and cybersecurity for automated driving systems — design, verification and validation,” International Organization for Standardization, Tech. Rep. ISO/TR 4804:2020, 2020. [Online]. Available: https://www.iso.org/standard/80363.html
2020
-
[4]
A comprehensive review of parallel autonomy systems within vehi- cles: applications, architectures, safety considerations and standards,
D. Garikapati, S. Poovalingam, W. Hau, R. De Castro, and C. Shinde, “A comprehensive review of parallel autonomy systems within vehi- cles: applications, architectures, safety considerations and standards,” IEEE Access, 2024
2024
-
[5]
IEEE Std 2846-2022, 2022
IEEE,IEEE Standard for Assumptions in Safety-Related Models for Automated Driving Systems, Institute of Electrical and Electronics Engineers Std. IEEE Std 2846-2022, 2022. [Online]. Available: https://standards.ieee.org/ieee/2846/10831/
2022
-
[6]
R. Salay and K. Czarnecki, “Using machine learning safely in automotive software: An assessment and adaption of software process requirements in ISO 26262,”arXiv preprint arXiv:1808.01614, 2018. [Online]. Available: https://arxiv.org/abs/1808.01614
Pith/arXiv arXiv 2018
-
[7]
Legible motion for robot planning and control,
A. Dragan, “Legible motion for robot planning and control,” Ph.D. dissertation, Carnegie Mellon University, 2015
2015
-
[8]
Integrating human observer inferences into robot motion planning,
A. D. Dragan and S. S. Srinivasa, “Integrating human observer inferences into robot motion planning,”Autonomous Robots, vol. 37, no. 4, pp. 351–368, 2014
2014
-
[9]
Legibility and predictability of robot motion,
A. D. Dragan, K. C. T. Lee, and S. S. Srinivasa, “Legibility and predictability of robot motion,” inACM/IEEE Int. Conf. on Human- Robot Interaction (HRI), 2013
2013
-
[10]
Effects of robot motion on human-robot collaboration,
A. D. Dragan, S. Bauman, J. Forlizzi, and S. S. Srinivasa, “Effects of robot motion on human-robot collaboration,” inProceedings of the 10th ACM/IEEE International Conference on Human-Robot Interac- tion (HRI), 2015, pp. 51–58
2015
-
[11]
Viewpoint-based legibility optimization,
S. Nikolaidis, A. D. Dragan, and S. S. Srinivasa, “Viewpoint-based legibility optimization,” inProceedings of the 11th ACM/IEEE Inter- national Conference on Human-Robot Interaction (HRI), 2016, pp. 271–278
2016
-
[12]
Planning for autonomous cars that leverage the effects on human drivers,
D. Sadigh, S. S. Sastry, S. A. Seshia, and A. D. Dragan, “Planning for autonomous cars that leverage the effects on human drivers,” in Proceedings of Robotics: Science and Systems (RSS), 2016
2016
-
[13]
Ex- pressive robot motion timing,
A. Zhou, D. Hadfield-Menell, A. Nagabandi, and A. D. Dragan, “Ex- pressive robot motion timing,” inProceedings of the 2017 ACM/IEEE International Conference on Human-Robot Interaction (HRI), 2017, pp. 22–31
2017
-
[14]
Standard issued 2015-03-31
Society of Automotive Engineers (SAE) International,Road Vehicle – Human-Centric Driving Data Acquisition for Research and Develop- ment, Std., 2015, sAE J2944 201503. Standard issued 2015-03-31
2015
-
[15]
Strategic highway research program 2 (shrp 2) naturalistic driving study (nds) data,
National Highway Traffic Safety Administration (NHTSA), “Strategic highway research program 2 (shrp 2) naturalistic driving study (nds) data,” Dataverse, various years
-
[16]
Automated driving systems’ com- munication of intent with shared road users,
J. Jenness, A. K. Benedick, J. P. Singer, S. Yahoodik, E. Petraglia, J. Jaffe, and J. M. Sullivan, “Automated driving systems’ com- munication of intent with shared road users,” U.S. Department of Transportation, National Highway Traffic Safety Administration, Tech. Rep. DOT HS 813 148, 11 2021
2021
-
[17]
Can cars gesture? a case for expressive behav- ior within autonomous vehicle and pedestrian interactions,
P. Schmitt, N. Britten, J. Jeong, A. Coffey, K. Clark, S. S. Kothawade, E. C. Grigore, A. Khaw, C. Konopka, L. Pham, K. Ryan, C. Schmitt, and E. Frazzoli, “Can cars gesture? a case for expressive behav- ior within autonomous vehicle and pedestrian interactions,”IEEE Robotics and Automation Letters, vol. 7, no. 2, pp. 1416–1423, 2022
2022
-
[18]
The road ahead: Advancing interactions between autonomous vehicles, pedestrians, and other road users,
A. Block, S. Joshi, W. Tabone, A. Pandya, S. Lee, V . Patil, N. Britten, and P. Schmitt, “The road ahead: Advancing interactions between autonomous vehicles, pedestrians, and other road users,” in2023 32nd IEEE International Conference on Robot and Human Interactive Communication (RO-MAN), 2023, pp. 16–23
2023
-
[19]
Estimating pedestrian behavior at crosswalks: Stated preference and behavioral models for engineering applications,
B. J. Schroeder and N. M. Rouphail, “Estimating pedestrian behavior at crosswalks: Stated preference and behavioral models for engineering applications,” inTransportation Research Record, vol. 2264, no. 1, 2011, pp. 90–98
2011
-
[20]
Washington, DC: National Academies Press, 2010, pedestrian perception–response time guidance, Chapter 17
Transportation Research Board,Highway Capacity Manual, 5th ed. Washington, DC: National Academies Press, 2010, pedestrian perception–response time guidance, Chapter 17
2010
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.