pith. sign in

arxiv: 2606.07437 · v1 · pith:6LSZS57Jnew · submitted 2026-06-05 · 💻 cs.RO · cs.AI· cs.HC· cs.SE· cs.SY· eess.SY

Re-imagining ISO 26262 in the Age of Autonomous Vehicles: Enhancing Controllability through Transferability and Predictability

Pith reviewed 2026-06-27 21:36 UTC · model grok-4.3

classification 💻 cs.RO cs.AIcs.HCcs.SEcs.SYeess.SY
keywords ISO 26262autonomous vehiclesControllabilityTransferabilityPredictabilityfunctional safetySOTIFSAE automation levels
0
0 comments X

The pith

ISO 26262 controllability decomposes into transferability for fallback handoff and predictability for external anticipation in autonomous vehicles.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper proposes decomposing the Controllability element of ISO 26262 risk assessments into two measurable sub-concepts, Transferability and Predictability, so the standard can apply to driverless vehicles at SAE Levels 4 and 5. Transferability tracks an AV's capacity to shift control to dedicated fallback mechanisms, while Predictability quantifies how readily external agents can foresee AV actions through a mathematical framework drawn from human-robot interaction ideas. The authors add a designed-versus-achievable gap to separate stated architecture from scene-specific performance and show that the split keeps the original Severity-Exposure-Controllability structure intact while aligning with SOTIF requirements. A sympathetic reader would care because the original standard assumes a human driver who can intervene, leaving current AV safety cases without clear auditable evidence for these dimensions.

Core claim

The central claim is that the Controllability placeholder in ISO 26262 can be decomposed into Transferability, which captures AV systems' ability to hand off control to dedicated fallback safety mechanisms, and Predictability, which captures how easily external agents can anticipate AV behavior. Predictability receives a formal definition from human-robot interaction principles together with a mathematical framework for quantification. A designed-versus-achievable gap distinguishes architectural fallback claims from scene-conditioned achievable capability. The resulting metrics align with both ISO 26262 and ISO/PAS 21448, rendering fallback and interaction claims falsifiable and traceable ac

What carries the argument

The decomposition of Controllability into Transferability (handoff to fallback mechanisms) and Predictability (quantified anticipation by external agents via an HRI-inspired mathematical framework), plus the designed-versus-achievable gap.

If this is right

  • Fallback and interaction claims become falsifiable and traceable across ODD slices.
  • The decomposition complements rather than replaces the existing ISO 26262 structure.
  • Risk assessment remains grounded in Severity, Exposure, and the updated Controllability dimensions.
  • Applicability extends directly to SAE Level 4 and 5 driverless systems.
  • Alignment with SOTIF makes scene-conditioned evidence requirements explicit.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The framework could be tested by measuring Predictability scores against recorded near-miss data from deployed AV fleets to check correlation with actual external-agent responses.
  • If the designed-versus-achievable gap proves measurable, regulators might require explicit reporting of both values during type approval.
  • The same decomposition might be applied to other vehicle safety standards that currently assume a human driver.
  • Scene-specific Predictability values could inform dynamic ODD restrictions that reduce required fallback performance in highly predictable environments.

Load-bearing premise

Predictability can be formally defined from human-robot interaction principles and quantified through a mathematical framework that renders fallback claims falsifiable and traceable across different operational design domains.

What would settle it

Application of the Predictability quantification framework to multiple distinct ODD slices yields inconsistent or non-traceable values that fail to distinguish observable differences in real AV fallback success rates.

read the original abstract

The ISO 26262 standard defines functional safety for road vehicles through risk assessments based on Severity, Exposure, and Controllability, grounded in a human-driven vehicle paradigm. In the context of autonomous vehicles (AVs), the absence of a human driver necessitates revisiting these principles. This paper decomposes the Controllability placeholder into two auditable evidence dimensions of ISO 26262 by introducing two measurable sub-concepts: Transferability and Predictability. Transferability extends Controllability to capture AV systems' ability to hand off control to dedicated fallback safety mechanisms, while Predictability captures how easily external agents can anticipate AV behavior. Predictability is formally defined from human-robot interaction-inspired principles, and a mathematical framework is provided to quantify it. A designed-versus-achievable gap is introduced to distinguish architectural fallback claims from scene-conditioned achievable fallback capability. The proposed metrics align with ISO 26262 and ISO/PAS 21448 (SOTIF), rendering fallback and interaction claims falsifiable and traceable across ODD slices. These dimensions complement rather than replace existing standards, and the enhancements preserve the structure of ISO 26262 while extending its applicability to driverless automated systems operating at SAE Levels 4 and 5.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 0 minor

Summary. The paper claims that the Controllability parameter in ISO 26262 can be decomposed for SAE Level 4/5 autonomous vehicles into two measurable sub-concepts—Transferability (capturing handoff to fallback safety mechanisms) and Predictability (capturing ease of anticipation of AV behavior by external agents)—with Predictability formally defined via human-robot interaction principles and quantified by a provided mathematical framework. A designed-versus-achievable gap is introduced to separate architectural claims from scene-specific capability. The proposal positions these dimensions as complementary extensions that preserve the overall ISO 26262 risk-assessment structure (Severity, Exposure, Controllability) while aligning with SOTIF (ISO/PAS 21448) and rendering fallback and interaction claims falsifiable and traceable across ODD slices.

Significance. If the claimed mathematical framework for Predictability is rigorously derived from HRI principles, parameter-free where asserted, and shown to integrate without altering the core ISO 26262 skeleton, the work could provide a useful conceptual bridge for applying functional-safety standards to driverless systems. The explicit separation of designed versus achievable capability and the emphasis on falsifiability across ODDs are constructive elements that could aid auditability.

major comments (1)
  1. The central claim rests on the existence and correctness of a mathematical framework that quantifies Predictability from HRI principles and renders claims falsifiable. No equations, derivations, or example calculations appear in the provided manuscript text, preventing assessment of whether the framework avoids free parameters, circular definitions, or inconsistencies with the designed-versus-achievable gap.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the careful review and for noting the constructive aspects of the decomposition and the designed-versus-achievable distinction. The single major comment correctly identifies that the manuscript text does not contain the explicit mathematical framework referenced in the abstract. We address this directly below.

read point-by-point responses
  1. Referee: The central claim rests on the existence and correctness of a mathematical framework that quantifies Predictability from HRI principles and renders claims falsifiable. No equations, derivations, or example calculations appear in the provided manuscript text, preventing assessment of whether the framework avoids free parameters, circular definitions, or inconsistencies with the designed-versus-achievable gap.

    Authors: We agree that the submitted manuscript lacks the explicit equations, derivations, and worked examples for the Predictability metric. Although the abstract states that a mathematical framework is provided, the detailed formulation derived from HRI principles was omitted from the body text. In the revised version we will insert a new section that (i) states the HRI-derived axioms, (ii) presents the parameter-free quantification of Predictability, (iii) supplies step-by-step derivations, (iv) includes concrete numerical examples across ODD slices, and (v) demonstrates consistency with the designed-versus-achievable gap. This addition will make the falsifiability claim directly verifiable. revision: yes

Circularity Check

0 steps flagged

No significant circularity in conceptual extension

full rationale

The paper introduces Transferability and Predictability as new measurable sub-concepts to decompose Controllability in ISO 26262, with Predictability defined from HRI-inspired principles and supported by a mathematical framework. No load-bearing equations, fitted parameters renamed as predictions, or self-citation chains are visible in the provided text that would reduce the central claim to its own inputs by construction. The argument explicitly frames the decomposition as an extension that preserves the original standard structure and aligns with SOTIF, rendering claims falsifiable without self-referential definitions or uniqueness theorems imported from the authors' prior work. This is a standard case of a self-contained conceptual proposal with independent content.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 2 invented entities

Based on abstract only; the paper introduces two new concepts but provides no numerical parameters, background axioms, or additional invented entities beyond the two named sub-concepts.

invented entities (2)
  • Transferability no independent evidence
    purpose: Extend Controllability to capture AV ability to hand off control to fallback safety mechanisms
    New measurable sub-concept introduced in the abstract
  • Predictability no independent evidence
    purpose: Capture how easily external agents can anticipate AV behavior
    New measurable sub-concept with mentioned mathematical framework from HRI principles

pith-pipeline@v0.9.1-grok · 5792 in / 1246 out tokens · 29218 ms · 2026-06-27T21:36:14.519647+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

20 extracted references · 1 linked inside Pith

  1. [1]

    Available: https://www.iso.org/standard/77490.html

    [Online]. Available: https://www.iso.org/standard/77490.html

  2. [2]

    [4]Road vehicles — Test scenarios for automated driving systems — Scenario based safety evaluation framework, International Organization for Standardization Std

    Underwriters Laboratories (UL),UL 4600: Standard for Safety for the Evaluation of Autonomous Products, Underwriters Laboratories Std., 2023, covers safety case development, behavioral transparency, and system-level assurance for autonomous systems. [4]Road vehicles — Test scenarios for automated driving systems — Scenario based safety evaluation framework...

  3. [3]

    Road vehicles — safety and cybersecurity for automated driving systems — design, verification and validation,

    International Organization for Standardization, “Road vehicles — safety and cybersecurity for automated driving systems — design, verification and validation,” International Organization for Standardization, Tech. Rep. ISO/TR 4804:2020, 2020. [Online]. Available: https://www.iso.org/standard/80363.html

  4. [4]

    A comprehensive review of parallel autonomy systems within vehi- cles: applications, architectures, safety considerations and standards,

    D. Garikapati, S. Poovalingam, W. Hau, R. De Castro, and C. Shinde, “A comprehensive review of parallel autonomy systems within vehi- cles: applications, architectures, safety considerations and standards,” IEEE Access, 2024

  5. [5]

    IEEE Std 2846-2022, 2022

    IEEE,IEEE Standard for Assumptions in Safety-Related Models for Automated Driving Systems, Institute of Electrical and Electronics Engineers Std. IEEE Std 2846-2022, 2022. [Online]. Available: https://standards.ieee.org/ieee/2846/10831/

  6. [6]

    Using machine learning safely in automotive software: An assessment and adaption of software process requirements in ISO 26262,

    R. Salay and K. Czarnecki, “Using machine learning safely in automotive software: An assessment and adaption of software process requirements in ISO 26262,”arXiv preprint arXiv:1808.01614, 2018. [Online]. Available: https://arxiv.org/abs/1808.01614

  7. [7]

    Legible motion for robot planning and control,

    A. Dragan, “Legible motion for robot planning and control,” Ph.D. dissertation, Carnegie Mellon University, 2015

  8. [8]

    Integrating human observer inferences into robot motion planning,

    A. D. Dragan and S. S. Srinivasa, “Integrating human observer inferences into robot motion planning,”Autonomous Robots, vol. 37, no. 4, pp. 351–368, 2014

  9. [9]

    Legibility and predictability of robot motion,

    A. D. Dragan, K. C. T. Lee, and S. S. Srinivasa, “Legibility and predictability of robot motion,” inACM/IEEE Int. Conf. on Human- Robot Interaction (HRI), 2013

  10. [10]

    Effects of robot motion on human-robot collaboration,

    A. D. Dragan, S. Bauman, J. Forlizzi, and S. S. Srinivasa, “Effects of robot motion on human-robot collaboration,” inProceedings of the 10th ACM/IEEE International Conference on Human-Robot Interac- tion (HRI), 2015, pp. 51–58

  11. [11]

    Viewpoint-based legibility optimization,

    S. Nikolaidis, A. D. Dragan, and S. S. Srinivasa, “Viewpoint-based legibility optimization,” inProceedings of the 11th ACM/IEEE Inter- national Conference on Human-Robot Interaction (HRI), 2016, pp. 271–278

  12. [12]

    Planning for autonomous cars that leverage the effects on human drivers,

    D. Sadigh, S. S. Sastry, S. A. Seshia, and A. D. Dragan, “Planning for autonomous cars that leverage the effects on human drivers,” in Proceedings of Robotics: Science and Systems (RSS), 2016

  13. [13]

    Ex- pressive robot motion timing,

    A. Zhou, D. Hadfield-Menell, A. Nagabandi, and A. D. Dragan, “Ex- pressive robot motion timing,” inProceedings of the 2017 ACM/IEEE International Conference on Human-Robot Interaction (HRI), 2017, pp. 22–31

  14. [14]

    Standard issued 2015-03-31

    Society of Automotive Engineers (SAE) International,Road Vehicle – Human-Centric Driving Data Acquisition for Research and Develop- ment, Std., 2015, sAE J2944 201503. Standard issued 2015-03-31

  15. [15]

    Strategic highway research program 2 (shrp 2) naturalistic driving study (nds) data,

    National Highway Traffic Safety Administration (NHTSA), “Strategic highway research program 2 (shrp 2) naturalistic driving study (nds) data,” Dataverse, various years

  16. [16]

    Automated driving systems’ com- munication of intent with shared road users,

    J. Jenness, A. K. Benedick, J. P. Singer, S. Yahoodik, E. Petraglia, J. Jaffe, and J. M. Sullivan, “Automated driving systems’ com- munication of intent with shared road users,” U.S. Department of Transportation, National Highway Traffic Safety Administration, Tech. Rep. DOT HS 813 148, 11 2021

  17. [17]

    Can cars gesture? a case for expressive behav- ior within autonomous vehicle and pedestrian interactions,

    P. Schmitt, N. Britten, J. Jeong, A. Coffey, K. Clark, S. S. Kothawade, E. C. Grigore, A. Khaw, C. Konopka, L. Pham, K. Ryan, C. Schmitt, and E. Frazzoli, “Can cars gesture? a case for expressive behav- ior within autonomous vehicle and pedestrian interactions,”IEEE Robotics and Automation Letters, vol. 7, no. 2, pp. 1416–1423, 2022

  18. [18]

    The road ahead: Advancing interactions between autonomous vehicles, pedestrians, and other road users,

    A. Block, S. Joshi, W. Tabone, A. Pandya, S. Lee, V . Patil, N. Britten, and P. Schmitt, “The road ahead: Advancing interactions between autonomous vehicles, pedestrians, and other road users,” in2023 32nd IEEE International Conference on Robot and Human Interactive Communication (RO-MAN), 2023, pp. 16–23

  19. [19]

    Estimating pedestrian behavior at crosswalks: Stated preference and behavioral models for engineering applications,

    B. J. Schroeder and N. M. Rouphail, “Estimating pedestrian behavior at crosswalks: Stated preference and behavioral models for engineering applications,” inTransportation Research Record, vol. 2264, no. 1, 2011, pp. 90–98

  20. [20]

    Washington, DC: National Academies Press, 2010, pedestrian perception–response time guidance, Chapter 17

    Transportation Research Board,Highway Capacity Manual, 5th ed. Washington, DC: National Academies Press, 2010, pedestrian perception–response time guidance, Chapter 17