A Blueprint for AV Safety: Waymo’s Toolkit For Building a Credible Safety Case

Thumbnail
For many years, Waymo has relied on an established safety framework — a comprehensive set of methodologies that we use to assess the safety of our technology and operations and that guides the deployment of the Waymo Driver. Our robust safety framework has enabled us to launch the world’s first fully autonomous ride-hail service, Waymo One, and expand our 24/7 operations with no human driver across multiple major U.S. cities. Today, residents of Metro Phoenix and San Francisco rely on Waymo to commute, run errands, meet friends and get a safe ride home as part of their daily lives.

We’ve worked to earn public trust by consistently sharing information about our safety methodologies and safety performance data and encouraging greater transparency across the industry. At the national level, we’ve long advocated for a regulatory approach based on a detailed and comprehensive safety case. To further demonstrate our commitment and deepen the dialogue with policymakers and regulators, we are publishing a new paper describing Waymo’s approach to building a reliable case for safety — a novel and thorough blueprint for use by any company building fully autonomous driving systems.

A safety case for fully autonomous operations is a formal way to explain how a company determines that an AV system is safe enough to be deployed on public roads without a human driver, and it includes evidence to support that determination. It involves an explanation of the system, the methodologies used to develop it, the metrics used to validate it and the actual results of validation tests. Building a case for safety requires great engineering rigor and scholarly review, which means including much more detail and context than what’s usually disclosed in AV companies’ safety reports.

We believe the safety case-based approach can provide regulators with an unprecedented line of sight into the basis for each company’s determination that its system is ready for deployment. Yet, in order to develop a worthwhile safety case, it is first important to understand what makes one credible and well crafted, and align on evaluation criteria.

The toolkit we’ve published today can help enable such alignment, and can serve to guide us and others in the industry as we propose our safety case. At Waymo, we believe that a safety case should not only demonstrate how a system is determined to be ready for deployment; it also needs to justify that the set of acceptance criteria is sufficient and the evaluation methods used are credible. Just as a scale measures weight and a ruler measures length, we need to make sure that we use appropriate tools to assess various aspects of autonomous system safety. This is what makes our approach unique: it defines the measuring stick to judge the sufficiency of a safety case and can be used to compare across various safety frameworks proposed in the industry.

Intentionally designed to be methodology-agnostic, our approach builds upon Waymo’s safety framework that we published in 2020 and leverages external state-of-the-art best practices for safety cases and safety assurance. It’s structured around three complementary perspectives:

  • A layered approach to safety. We start by exploring Waymo’s definition of safety and the top-level goal of Waymo’s safety case, grounded in the standardized and widely accepted concept of “absence of unreasonable risk.” Next, building on the multi-layered approach to safety that we introduced in our 2020 framework, we detail our risk assessment for three categories of hazards: architectural, behavioral and in-service operational. Then we introduce our framework for safety case Acceptance Criteria – a novel concept that any developer can implement to make sure that the acceptance criteria for their system evaluation are appropriate and sufficient.
  • A dynamic approach to safety. In this section, we discuss the dynamic and iterative nature of our safety determination. It is characterized by ongoing (rather than one-time) assessments of risks and readiness — for example, when we begin to drive in a new city, or a new vehicle platform is added for operation — within the overall framework of our safety methodologies.
  • A credible approach to safety. We present Waymo’s Case Credibility Assessment (CCA) that helps systematically and robustly structure the argumentation — a differentiator of our thinking that we share more broadly with the AV community for the first time. The CCA rests on two pillars — the credibility of the arguments for safety and the credibility of evidence — reinforced through an implementation credibility check. Together these three ingredients enable us to derive a coherent structure for our claims. This section also provides an example of how the concepts introduced in this paper can be applied in practice in the context of Waymo’s approaches.

Just like Waymo’s safety methodologies that we continuously advance, our safety case framework is in continuous evolution. As we pave the way for more people to benefit from full autonomy, we remain committed to sharing more information to advance the discussion around AV safety.

A number of industries — from traditional automotive to aviation — have also relied on the notion of a safety case, helping underscore the importance of safety and ultimately ensuring consumers are well-served. Against this backdrop, we are optimistic that the AV industry will embrace the importance of an aligned safety case, as well. We hope that with support from regulators and standards organizations, our framework will contribute to full adoption of the safety case-based approach for the autonomous mobility industry.

Go to Source