Skip to contentConsumer Autonomous Vehicle Bill of Rights
Minimum Requirements for Self Driving Car Safety
The Autonomous Vehicle (AV) Consumer Bill of Rights uniquely provides high level design requirements necessary to assure that the AV design will provide adequate security, privacy, and operational safety consumers deserve and demand.
Working Draft 3 - 2 May 2023
Autonomous Vehicles shall not increase risk of injury or death inside or outside of an AV.
- The bare minimum standard for introduction of AVs into commerce is that an AV does not degrade the safety of the highways, highway users, or accessible property. (Do no harm!)
- AV safety must be traceable to documented requirements, analysis, test, and validation.
- AV operational safety claim validation must be supported by statistically significant analysis and test. Claims of AV potential aggregate fleet safety must consider observed safety defects in demonstrated AV operations.
- No vehicle design version may be deployed that increases the frequency of crashes or the likely magnitude of property damage due to crashes or fire.
- No vehicle design may be deployed that increases the probability of injury or death to vehicle occupants, to other motorists or their vehicles, to structures that might contain the AV (including by battery or other electrical fires), to police, fire fighters and other emergency personnel, construction personnel, or other vulnerable road users.
- AVs must include automatic fallback to a safe state in the event of mechanical failure, software or data processing failure or fault, inability to safely continue based on Object Event Detection and Response processing failure or insufficiency, other consequential operational problem, or on occupant demand.
- AV developers must show that deployed vehicles are not susceptible to situations or phenomenon associated with prior AV fatal crashes.
- NHTSA 2017 paper shows minimum standard for AV-specific reliability ~1/140 million hours of operation between critical factors in fatal crashes.
- One fatal crash per 100 million miles driven.
- Vehicle failure as ‘critical factor’ in crash 4% per 2017 NHTSA analysis.
- Implies that vehicle failure must be no more frequent than 1 / 2.5 billion miles driven.
- @ 35 mph, one failure per 70 million hours resulting in critical factor in fatal crash from all vehicle causes.
- Allocating 50% to AV-specific factors and components says no more once per 140 million hours of operation between AV-specific critical factors in fatal crashes.)
Autonomous Vehicles shall secure, verify, and authenticate operational commands and external communications.
- AVs must include effective cybersecurity in their designs.
- AVs must verify that the electronic interpretation of an operational command is the correct interpretation of such command.
- Operational AVs must verify that operational commands whether originating in electronic, verbal, or manual inputs, are from the authenticated authorized user or designated supervisory driver only, and that other operational commands from all other sources are automatically rejected.
- (A song on the radio with lyrics “Let’s go surfing now…” must not be allowed to redirect an AVs trajectory or trip planning by means of voice command.
- Similarly, a malicious electronic input must not alter the AV authorized and intended operating state, trajectory, or destination.)
Autonomous Vehicles shall not prejudice for or against any group of living persons with respect to any other group.
- AV designs may not discriminate against persons with physical or mental disabilities.
- Overall AV safety may not be based on prejudice against any cohort or group.
- (For example, AV safety may not be grounded in such claims as an overall reduction in injury or death based on software that selectively kills only blond-haired children while saving everyone else.)
- AVs may not discriminate between acceptable users on the basis of their ethnicity, race, sex, age, or national origin.
- AV optical identification of humans as users or vulnerable road users may not provide differential results based on skin color, height, weight or other observable characteristics.
- AVs must assure safe ingress and egress of passengers without regard to their ability or disability.
Autonomous Vehicles must respond appropriately to emergency vehicle lights, audible signals, requirements, and manual directions from police officers, other first responders, and good Samaritans without endangering either those third parties or vehicle occupants.
- AVs must respect and adhere to motor vehicle laws concerning operations with or near law enforcement personnel and other first responders in the vicinity of or near the planned trajectory of the AV.
- AVs must acknowledge and respond appropriately and safely to good Samaritans who may provide optical or manual warning signals in an emergency situation.
Autonomous Vehicles shall not be programmed to violate motor vehicle laws.
- AVs may never be programmed by manufacturers or users to violate motor vehicle laws.
- (E.g., cruise control settings exceeding speed limits are legal violations and are not permissible.)
- AVs must respond properly to hand signals and verbal commands from law enforcement or other officials.
- (E.g., an AV must not crash the gate at a secured facility [particularly when the guards have automatic weapons]).
- (An AV must not refuse to stop at or crash into a toll or railroad crossing gate.)
- AVs must respond properly to hand signals by motorcyclists, pedal bicyclists, and vulnerable road users.
- AVs must recognize and respond safely and appropriately to signal lights and gates at railroad crossing, drawbridges, and similar variable automatic or manual traffic control devices.
Autonomous Vehicles shall expedite first responder safety and safe recovery of persons injured or killed after a crash including providing means to readily render vehicles safe for first responders, second responders, and bystanders.
- AVs must include and conspicuously display markers and instructions that allow first responders to expeditiously immobilize and render the AV safe (including fire suppression) for extraction and recovery of injured or killed persons inside or outside of the AV after a crash.
- AVs must provide easily understood markings and instructions to render the vehicle inert and safe for towing or carriage and/or storage after a crash.
- AVs must be designed to protect first responders, injured persons, and bystanders against unintended vehicle operation or emission of toxic products after a crash.
- AVs must provide a means for remote law enforcement AV operation termination.
- AVs must include means for law enforcement to remotely interdict AV operations for law enforcement, emergencies, or ad hoc traffic exclusion.
Autonomous Vehicles shall safely transition between political boundaries without increasing the risk of injury or death.
- AVs that transit across political boundaries with differing requirements or restrictions on AV operation must not increase risk to occupants, other motorists, or vulnerable road users by crossing that boundary.
- (An extreme example is an AV designed for right hand driving being used in a country that specifies left hand driving.)
- (Another example is a speed limit change from one within AV design limits to another that is beyond the safe control limits of the AV.)
- (Another example is adaptive headlights designed to avoid creating unsafe glare to oncoming drivers. These must be designed to respect the driving handedness.)
During safety inspections Autonomous Vehicles shall automatically confirm the validity of installed software and firmware versions for that vehicle, and assess and report nominal capability and/or failure(s) of safety- and life-critical features that are not visually verifiable.
- The AV must detect and report software/firmware conformance and deviations. AVs include safety and life critical software features that cannot be visually inspected and verified. Because of the complexity of AV software/firmware and its safety functionality, only authorized software/firmware versions may be allowed.
- AVs must be designed so that safety inspection officials including mechanics and law enforcement can evaluate AV conformance with its safe mechanical and data processing functionality limits and performance. (Similar to the way oxygen sensor readouts show conformance with pollution control requirements.)
- AVs must make safety- and life-critical operational safety data available through the OBD port or equivalent without proprietary restrictions.
Autonomous Vehicles shall include a fool-proof capability to expedite safe egress on demand of its occupants (e.g., a big red stop button).
- AVs must provide a means for untrained occupants to initiate expedited safe vehicle stop and occupant egress at any time.
- A big red STOP button might do the trick for sighted passengers.
- AV emergency egress must address physical or mental limitations of its passengers and AVs must unambiguously communicate emergency egress mechanisms to those occupants.
- AVs must never falsely imprison occupants who desire for any reason to terminate a trip and egress from the vehicle.
Autonomous Vehicles shall not sell or distribute personally identifiable information of any person to any third parties without their explicit consent.
- AVs generate tremendous amounts of data that may reveal intimate details of its passengers’ private lives. AVs must not provide any personally identifiable information to any third parties without explicit permission on a per-transaction basis.
- (In other words, AV passengers must opt-in to data release each and every time it has been collected by an AV.)
- The scope of the third-party data distribution prohibition must include not only the authorized user but also other passengers, occupants, and other persons who may have been identified by, for example, facial recognition algorithms.
Autonomous Vehicle OEMs, their agents, representatives, dealers, distributors, and operators of transportation for hire shall assume legal responsibility and liability for safe AV operation. In no case shall a vehicle occupant who is not actively driving an AV be held responsible for the actions or consequences of its automated controls.
- Liability for AV operation must lie with the entity that is actually controlling the vehicle. If no occupant is directly controlling the vehicle, then the liability must be vested in those who designed, built, and/or introduced the vehicle into commerce.
- No one who is not actually controlling an AV may be held liable for its operation any more than a passenger in a taxi is responsible for its safe operation.
Autonomous Vehicles shall collect and report operational data to support research and development to improve safety, performance, and reliability.
- As a quid pro quo for licensing or permission to operate on public roads and to assess the impact of AVs on highway safety, AVs must record and report on demand of responsible investigators video, parametric, and dynamic vehicle operational data needed to objectively determine AV safety, safety metrics, and safety trends.
- AVs must expedite and not make it difficult or impossible for responsible third party requests to recover or interpret data supporting investigations of failures, fires, crashes, or cybersecurity violations.
- Open standards for reportable data and parameters must be used to assure independence of crash and reportable incident investigations.
- Reportable data must unfettered access to relevant geographical, vehicular motion dynamics, parameters, software/firmware configuration, video, and other vehicle- or event-specific data relevant to an investigation.
Autonomous Vehicles shall not increase the transportation sector environmental burden over their design lifetime.
- AV manufacturers must plan for safe handling, post-deployment protection of humans and the environment, and end-of-life sequestration or recycling of hazardous chemicals and materials used in AV manufacturing or operation.
- AVs must not increase vehicle lifetime end-to-end energy consumption compared to conventional vehicles with due consideration of electrical generation, distribution, conversion, and storage efficiencies and the impact of unoccupied operation.
AV Bill of Rights Feedback
Tell us what you think about our proposed, "AV Bill of Rights". What is important to you when it comes to automated vehicles and safety?