Framework for Automated Driving System Safety

AGENCY:

National Highway Traffic Safety Administration (NHTSA), Department of Transportation (DOT).

ACTION:

Advance notice of proposed rulemaking (ANPRM).

SUMMARY:

NHTSA is requesting comment on the development of a framework for Automated Driving System (ADS) safety. The framework would objectively define, assess, and manage the safety of ADS performance while ensuring the needed flexibility to enable further innovation. The Agency is seeking to draw upon existing Federal and non-Federal foundational efforts and tools in structuring the framework as ADS continue to develop. NHTSA seeks specific feedback on key components that can meet the need for motor vehicle safety while enabling innovative designs, in a manner consistent with agency authorities.

DATES:

Written comments are due no later than February 1, 2021.

ADDRESSES:

Comments must refer to the docket number above and be submitted by one of the following methods:

• Federal eRulemaking Portal: Go to http://www.regulations.gov. Follow the online instructions for submitting comments.
• Mail: Docket Management Facility, M-30, U.S. Department of Transportation, West Building, Ground Floor, Room W12-140, 1200 New Jersey Avenue SE, Washington, DC 20590.
• Hand Delivery or Courier: U.S. Department of Transportation, West Building, Ground Floor, Room W12-140, 1200 New Jersey Avenue SE, Washington, DC, between 9 a.m. and 5 p.m. Eastern time, Monday through Friday, except Federal holidays. To be sure someone is there to help you, please call (202) 366-9322 before coming.
• Fax: 202-493-2251.

Regardless of how you submit your comments, you must include the docket number identified in the heading of this document.

Note that all comments received, including any personal information provided, will be posted without change to http://www.regulations.gov. Please see the “Privacy Act” heading below.

You may call the Docket Management Facility at 202-366-9322. For access to the docket to read background documents or comments received, go to http://www.regulations.gov or the street address listed above. To be sure someone is there to help you, please call (202) 366-9322 before coming. We will continue to file relevant information in the Docket as it becomes available.

Privacy Act: In accordance with 5 U.S.C. 553(c), DOT solicits comments from the public to inform its decision-making process. DOT posts these comments, without edit, including any personal information the commenter provides, to http://www.regulations.gov,, as described in the system of records notice (DOT/ALL-14 FDMS), which can be reviewed at https://www.transportation.gov/privacy. Anyone can search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.).

FOR FURTHER INFORMATION CONTACT:

For legal issues, Sara R. Bennett, Attorney-Advisor, Vehicle Rulemaking and Harmonization, Office of Chief Counsel, 202-366-2992, email Sara.Bennett@dot.gov.

For research issues, Lori Summers, Director, Office of Vehicle Crash Avoidance and Electronic Controls Research, telephone: 202-366-4917, email Lori.Summers@dot.gov.

For rulemaking issues, Tim J. Johnson, Acting Director, Office of Crash Avoidance Standards, telephone 202-366-1810, email Tim.Johnson@dot.gov.

SUPPLEMENTARY INFORMATION:

Table of Contents

I. Executive Summary

II. Introduction

A. Development of ADS

B. Potential Benefits of ADS

C. NHTSA Regulatory Activity To Remove Unintentional and Unnecessary Barriers to the Development and Deployment of ADS Vehicles

D. Need for a Safety Framework, Including Implementation and Oversight Mechanisms, for Federal Efforts To Address ADS Performance

III. Safety Framework—Core Elements, Potential Approaches, and Current Activities

A. Engineering Measures—Core Elements of ADS Safety Performance

1. Core ADS Safety Functions

2. Other Safety Functions

3. Federal Engineering Measure Development Efforts

4. Other Notable Efforts Under Consideration as Engineering Measures

B. Process Measures—Safety Risk Minimization in the Design, Development, and Refinement of ADS

1. Functional Safety

2. Safety of the Intended Functionality

3. UL 4600

IV. Safety Framework—Administrative Mechanisms for Implementation and Oversight

A. Voluntary Mechanisms

1. Safety Self-Assessment and Other Disclosure/Reporting

2. New Car Assessment Program (NCAP)

3. Operational Guidance

B. Regulatory Mechanisms

1. Mandatory Reporting and/or Disclosure

2. NHTSA's FMVSS Setting Authority

3. Applying the Established FMVSS Framework to ADS Safety Principles

4. Reforming How NHTSA Drafts New FMVSS To Keep Pace With Rapidly Evolving Technology

5. Examples of Regulatory Approaches

D. Timing and Phasing of FMVSS Development and Implementation

E. Critical Factors Considered in Designing, Assessing, and Selecting Administrative Mechanisms

V. Questions and Requests

VI. Preparation and Submission of Written Comments

VII. Regulatory Notices

I. Executive Summary

Over the past several years, NHTSA has published numerous research reports, guidance documents, advance notices of proposed rulemakings, and, on March 30, 2020 (85 FR 17624), a notice of proposed rulemaking relating to the development of vehicles equipped with Automated Driving Systems (ADS). An ADS is the hardware and software that are, collectively, capable of performing the entire dynamic driving task on a sustained basis, regardless of whether it is limited to a specific operational design domain (ODD). In less technical terms, an ADS maintains the control and driving functions within the situations that the system is designed to operate in.

In general, the Agency's ADS-related publications issued so far address the challenges involved in determining which requirements of the existing Federal Motor Vehicle Safety Standards (FMVSS) are relevant to the safety needs of ADS-equipped vehicles without traditional manual controls, and then adapting or developing the requirements and the associated test procedures so that the requirements can effectively be applied to the novel vehicle designs that may accompany such vehicles without adversely affecting safety. Thus, those notices, particularly the Agency's regulatory notices, have focused more on the design of the vehicles that may be equipped with an ADS—not necessarily on the performance of the ADS itself. NHTSA has also published recommendations to ADS developers, including automakers and technology companies, most prominently in Automated Driving Systems 2.0: A Vision for Safety. The Agency has also proposed in a notice-and-comment rulemaking to remove unintended and unnecessary regulatory barriers (e.g., proposing to remove the requirement for installation of advanced air bag systems in delivery trucks with no occupant compartment) or other impediments to the development or deployment of vehicles with ADS. This approach has been appropriate as a means to pave the way for the safe development and eventual deployment of ADS technology, particularly because the Agency understands that ADS-equipped vehicles are likely to remain in the pre-deployment testing and development stage for at least the next several years. Further, as small-scale deployments start to appear in the coming years, NHTSA will address unreasonable safety risks that may arise using its defect investigation and remediation authority.

Though wide-scale deployment still may be several years away, many companies are actively developing and testing ADS technology throughout the United States. This development process for ADS is complex and iterative. Accordingly, it may be premature for NHTSA to develop and promulgate a specialized set of FMVSS or other performance standards for ADS competency. NHTSA's existing FMVSS set minimum performance requirements for vehicles and equipment, and they follow an approach that is performance-based, objective, practicable, and established with precise and repeatable test procedures.

The development of an FMVSS typically requires significant engineering research, the development of an objective metric (i.e., knowing what aspect or aspects of performance to measure), and the establishment of an appropriate standard based upon that metric (i.e., specifying the minimum required level of performance). Premature establishment of an FMVSS without the appropriate knowledge base could result in unintended consequences. For example, a premature standard might focus on the wrong metric, potentially placing constraints on the wrong performance factors, while missing other critical safety factors. Such a standard could inadvertently provide an unreliable sense of security, potentially lead to negative safety results, or potentially hinder the development of new ADS technology.

Safety Framework

Although the establishment of an FMVSS for ADS may be premature, it is appropriate to begin to consider how NHTSA may properly use its regulatory authority to encourage a focus on safety as ADS technology continues to develop. This document, thus, marks a significant departure from the regulatory notices NHTSA has previously issued on ADS because NHTSA is looking beyond the existing FMVSS and their application to novel vehicle designs and is considering the creation of a governmental safety framework specifically tailored to ADS.

Rather than elaborating and prescribing by rule specific design characteristics or other technical requirements for ADS, NHTSA envisions that a framework approach to safety for ADS developers would use performance-oriented approaches and metrics that would accommodate the design flexibility needed to ensure that manufacturers can pursue safety innovations and novel designs in these new technologies. This framework could involve a range of actions by NHTSA, including guidance documents addressing best industry practices, providing information to consumers, and describing different approaches to research and summarizing the results of research, as well as more formal regulation, from rules requiring reporting and disclosure of information to the adoption of ADS-specific FMVSS. These different approaches would likely build off the three primary ADS guidance documents issued in recent years by DOT (i.e., ADS 2.0, Preparing for the Future of Transportation: Automated Vehicles 3.0 (AV 3.0), and Ensuring American Leadership in Automated Vehicle Technologies: Automated Vehicles 4.0 (AV 4.0)). As described in this document, NHTSA seeks comment on the appropriate role of the Agency in facilitating ADS risk management through guidance and/or regulation.

This document focuses on ways the Agency could approach the performance evaluation of ADS through a safety framework, containing a variety of approaches and mechanisms that, together, would allow NHTSA to identify and manage safety risks related to ADS in an appropriate manner. NHTSA anticipates focusing this framework on the functions of an ADS that are most critical for safe operation.

At this stage, NHTSA believes there are four primary functions of the ADS that should be the focus of the Agency's attention. First, how the ADS receives information about its environment through sensors (“sensing”). Second, how the ADS detects and categorizes other road users (vehicles, motorcyclists, pedestrians, etc.), infrastructure (traffic signs, signals, etc.), and conditions (weather events, road construction, etc.) (“perception”). Third, how the ADS analyzes the situation, plans the route it will take on the way to its intended destination, and makes decisions on how to respond appropriately to the road users, infrastructure, and conditions detected and categorized (“planning”). Fourth, how the ADS executes the driving functions necessary to carry out that plan (“control”) through interaction with other parts of the vehicle. While other elements of ADS safety are discussed throughout this document, these four primary functions serve as the core elements NHTSA is considering.

The Agency anticipates that the safety framework would include both process and engineering measures to manage risks. The process measures (e.g., general practices for analyzing, classifying by severity level and frequency, and reducing potential sources of risks during the vehicle design process) would likely include robust safety assurance and functional safety programs. The engineering measures (e.g., performance metrics, thresholds, and test procedures) would seek to provide ways of demonstrating that ADS perform their sensing, perception, planning, and control (i.e., execution) of intended functions with a high level of proficiency.

Administration of a Framework

NHTSA is seeking comment on the manner in which the framework can and should be administered (e.g., guidance, consumer information, or regulation) to support agency oversight of ADS-related aspects. Since some of the mechanisms described in this document (e.g., guidance) could be implemented more quickly than others (e.g., FMVSS), the mechanisms could be adopted, when and as needed, in a phased manner, and implementation of some types of mechanisms might end up not being necessary. This document will go into greater detail on the various types of administrative mechanisms upon which the Agency is seeking comment in later sections.

Future of ADS Regulation

Eventually, non-regulatory aspects of the framework, combined with information learned from research and the continued development of ADS, could serve as the basis for development of FMVSS governing the competence of ADS. The sub-elements of the sensing, perception, planning, and control functions could evolve into new FMVSS focused entirely on ADS competence. A new generation of FMVSS should give the manufacturers of vehicles, sensors, software, and other technologies needed for ADS sufficient flexibility to change and improve without the need for frequent modifications to the regulations. If new FMVSS were developed and adopted, they could be applied on an “if-equipped” basis to existing traditional classes of vehicles (e.g., passenger cars, multipurpose passenger vehicles, buses, and trucks). By an “if-equipped” FMVSS, NHTSA means an FMVSS that would not mandate the installation of ADS in motor vehicles, but would instead specify performance requirements for those vehicles equipped with ADS. Similarly, a new FMVSS could be applied to the entire vehicle of new classes of vehicles, i.e., subclasses of vehicles equipped with ADS. In making this choice, the administrative feasibility of creating, updating, and implementing requirements for multiple subclasses would need to be carefully considered.

Comments Requested

NHTSA seeks comments on how to select and design the structure and key elements of a framework and the appropriate administrative mechanisms to achieve the goals of improving safety, mitigating risk, and enabling the development and introduction of new safety innovations. To aid interested persons in forming their views and preparing their comments, this document surveys ongoing efforts in the private and public sectors to create a safety framework.

In their written submissions, commenters should discuss, for example, what engineering and process measures should be included, and what aspects of ADS performance are suitable for potential safety performance standard setting (i.e., what aspects of ADS performance should manufacturers be required to certify that their system possess? Of the many aspects of sensing, perception, planning, and control that manufacturers will need to prove for their own purposes, the Agency wishes to know which aspects would be so important that they should be subject to separate Federal regulations. The Agency also wishes to hear from the public on whether ADS-specific regulations are appropriate or necessary prior to the broad commercial deployment of the technology, and, if so, how regulations could be developed consistent with the Agency's legal obligations without being based upon the existence of commercially available ADS technology from which to measure required performance. The Agency also seeks comment on how the need for and benefits of issuing regulations can be assessed before ADS become available to allow testing and validation of the assumptions supporting those needs and benefits. In addition, the Agency seeks comment on which type or types of administrative mechanisms would be most appropriate for constructing the framework, either in general or for its component parts, and ensuring its effective and efficient implementation.

II. Introduction

A. Development of ADS

The development of ADS continues and is well under way. Developers are testing components and systems through simulation and modeling, controlled track testing, and limited on-road testing with test vehicle operators and monitors, and, in some cases, limited on-road deployments. The Agency believes these activities will continue to increase.

In July 2020, NHTSA identified on-road testing and development activities in 40 States and the District of Columbia. At the same time, 66 companies in California, one of the main hubs of testing activity in the world, had valid State permits to test ADS-equipped vehicles with safety drivers on public roadways. Two of those companies also received permits allowing for driverless testing in California. One of those companies received permission from California in July 2019 to carry passengers in its ADS-equipped vehicles while a safety driver is present. In the Phoenix area, one company is even providing limited rideshare services to participants in its testing program without an in-vehicle safety driver. This same company recently announced that it is expanding these rideshare services. One manufacturer of small, low-speed, occupant-less delivery vehicles, received a temporary exemption from NHTSA to deploy up to 2,500 vehicles per year for two years. That same company has also received a permit from California to perform driverless testing.

As described in AV 3.0, ADS development does not start with public, on-road testing. Rather, much of the very early testing of prototype ADS by developers is conducted in simulation and/or closed-course (i.e., track) testing environments. Public road testing of a prototype ADS typically begins after significant engineering and safety analysis are performed by developers to understand safety risks and mitigation strategies are put in place to address those risks. It is important to note that the development process is generally both iterative and cyclical. A developer does not “graduate” from simulation to track test, and then to on-road testing, and then deployment. Instead, developers will generally continue simulation testing throughout the development process to gain additional experience with various scenarios that may be encountered rarely in the real world. Similarly, track testing designed to resemble scenarios that may be encountered rarely or that would be dangerous to attempt on public roads until later stages of readiness will occur throughout the process, even as on-road testing is occurring. Further, experiences gained from on-road testing will often lead to simulation and/or test track replication of situations encountered on public roads to improve the ADS. In other words, the fact that a vehicle is being tested on public roads does not mean that the vehicle or ADS is nearing deployment readiness and, conversely, the fact that a vehicle is still undergoing simulation or track testing does not mean is it not safe to be tested on public roads.

NHTSA's understanding is that there are generally different stages of safety risk management during the on-road testing of prototype ADS. First is the development and early stage road testing, which is often comprised of the characteristics such as safety drivers serving key safety risk mitigation roles, rapid updating of ADS software to incorporate lessons learned, and focus on validating the performance of the ADS from the simulation and close-course testing environments. Second, once development progresses, companies may expand ADS road testing and focus on building confidence in the ADS within the locations and situations in which the system is designed to function (i.e., operational design domain). The primary purpose of this stage of testing is to build statistical confidence in matured software and hardware within the intended operational environment and observe system failures, safety driver subjective feedback, and execution of fail-safe/fail-operational system behaviors. Third, and finally, ADS developers may progress to deployment of ADS, in either limited or full capacity.

As stated in AV 3.0, NHTSA believes that on-road testing is essential for the development of ADS-equipped vehicles that will be able to operate safely on public roads. Most of the ADS testing activity in the United States is in the early stages of on-road testing. Safety drivers oversee the ADS during testing for most companies, though some companies have progressed to the later stages of on-road testing. Despite this development and all the progress the industry has made over the past several years, no vehicle equipped with an ADS is available for purchase in the United States or deployed across the United States.

NHTSA recognizes the critical role that State and local governments play in traffic safety, including our shared oversight of on-road testing of vehicles with ADS. Their roles in the active on-road testing and development throughout the country is part of why NHTSA recently launched its Automated Vehicles Transparency and Engagement for Safe Testing (AV TEST) Initiative to facilitate further dialogue and transparency of the state of ADS development. This initiative features a series of meetings and workshops where State and local governments discuss their activities, lessons learned, and best practices for oversight of on-road testing, and NHTSA discusses its research and rulemaking activities. The initiative also involves automakers and ADS developers, and provides a forum to promote public engagement and knowledge-sharing about safety in the development and testing of ADS-equipped vehicles. The AV TEST Initiative will also provide an online, public-facing platform for sharing ADS road testing activities and other relevant information at the local, State, and national levels. It will feature an online mapping tool that will show road testing locations, as well as testing activity data such as dates, frequency, vehicle counts, and routes.

B. Potential Benefits of ADS

NHTSA's mission is to save lives, prevent injuries, and reduce economic costs due to road traffic crashes, through education, research, guidance, safety standards, and enforcement activity. If developed and deployed safely, ADS can aid in achieving that mission, given their potential to prevent, reduce, or mitigate crashes involving human error or poor choices. This potential stems from the substantial role that human factors (distraction, impairment, fatigue, errors in judgment, and decisions not to obey traffic laws) play in contributing to crashes. In addition, they have the potential to enhance accessibility (e.g., through allowing personal transportation to people with disabilities or people incapable of driving), and improve productivity (e.g., by allowing people to work while being transported and allowing platooning or entirely automated operation of commercial trucks). Accordingly, NHTSA is placing a priority on the safe development and testing of ADS that factors safety into every step toward eventual deployment.

C. NHTSA Regulatory Activity To Remove Unintentional and Unnecessary Barriers to the Development and Deployment of ADS Vehicles

To date, NHTSA's regulatory notices have focused on ADS-equipped vehicles without traditional manual controls by assessing the modifications to existing FMVSS that may be necessary to address the designs and any unique safety needs of those vehicles. For example, while vehicles that cannot be driven by human drivers and vehicles that can be driven by human drivers both need brakes that stop them effectively, each set of vehicles may have different safety needs. Traditional vehicles rely on human drivers, while the ADS-equipped vehicles rely on an ADS to acquire information about the location and movement of other roadway users, weather conditions, and vehicle operating status—all while making driving decisions. These differing safety needs may mean that the installation of some features currently required by the FMVSS (e.g., mirrors, dashboard controls, some displays) into vehicles without traditional manual driving controls may no longer meet a need for safety. Further, while steering machines and other equipment can be made to simulate human drivers in conducting the track testing of vehicles with manual controls, having NHTSA instruct the ADS of a vehicle that lacks manual controls how to perform the same testing may be more challenging.

D. Need for a Safety Framework, Including Implementation and Oversight Mechanisms, for Federal Efforts To Address ADS Performance

The National Traffic and Motor Vehicle Safety Act of 1966, as amended (“Safety Act”) tasks NHTSA with reducing traffic accidents, deaths, and injuries resulting from traffic accidents through issuing motor vehicle safety standards for motor vehicles and motor vehicle equipment and carrying out needed safety research and development. The FMVSS established by NHTSA must: Meet the need for motor vehicle safety; be practicable, both technologically and economically; and be stated in objective terms. The final requirement means that they are capable of producing identical results when test conditions are exactly duplicated and determinations of compliance must be based on scientific measurements, not subjective opinion. In addition, in issuing an FMVSS, the Agency must consider whether the standard is reasonable, practicable, and appropriate for the types of motor vehicles or motor vehicle equipment for which it is prescribed.

NHTSA typically begins the process of promulgating a FMVSS by identifying the aspect of performance that may need regulation (i.e., the safety need ). NHTSA analyzes real-world crash data and other available information in order to identify safety issues and quantify the size of the safety problems, researches potential solutions or countermeasures to the safety issues that have been identified, and then develops practicable performance or related requirements intended to either resolve or mitigate the crash risk identified. Manufacturers are then required to self-certify, by whatever reasonable means they choose, that their vehicles or equipment meet the performance requirements. Finally, NHTSA assesses vehicle or equipment compliance with those established requirements through the validated test procedures that it has developed.

Based on the current state of ADS development, it is probably too soon to make any decisions about the extent to which new FMVSS might be needed to address particular aspects of the safety performance of these systems. ADS are, generally, in the development stages, and market-ready, mature ADS do not yet exist. Accordingly, there do not exist meaningful data about the on-road experience of these systems that can be analyzed to determine the safety need that potentially should be addressed, e.g., which aspects of performance are in need of regulation, what would be reasonable, practicable, or appropriate for regulation, or the minimum thresholds for performance, much less how to regulate such performance. Likewise, there are no vehicles equipped with mature ADS that can be purchased by the Agency and tested to validate the effectiveness of a contemplated standard in addressing the safety needs of those vehicles.

NHTSA has no desire to issue regulations that would needlessly prevent the deployment of any ADS-equipped vehicle, as this could inhibit the development of a promising technology that has the potential to result in an unprecedented increase in safety. Any regulatory approach must have well-founded supporting data indicating safety needs. An ill-conceived standard may fail to meet the need for motor vehicle safety and needlessly stifle innovation. Worse yet, issuing premature regulations could even increase safety risk with unintended consequences. Pursuing a “precautionary” FMVSS may, in fact, be prohibited by the Safety Act itself, as sufficient information does not yet exist to establish a standard that is practicable, meets the need for motor vehicle safety, and can be stated in objective terms.

It is not too soon, however, for the Agency, with input from stakeholders, to begin identifying and developing the elements of a framework that meets the need for motor vehicle safety and assesses the degree of success in manufacturers' efforts to ensure safety, while also providing sufficient flexibility for new and more effective safety innovations. In addition, NHTSA seeks to explore the adoption of alternative or complementary mechanisms for implementing potential engineering and process measures, as described below, to manage risks and facilitate agency safety oversight.

NHTSA seeks to develop a safety framework of standards and/or guidance that manufacturers of ADS would (or, in the case of guidance, could) follow to evaluate and demonstrate the safety of their new systems, as produced and, at least in some cases, throughout the lifetime of those systems. The framework would rest on the elements described below in section III of this document.

In addition, the Agency seeks to identify the best administrative mechanisms for establishing and implementing engineering and process measures and facilitating agency safety oversight. Potential mechanisms are described in section IV of this document.

III. Safety Framework—Core Elements, Potential Approaches, and Current Activities

Safety assurance generally refers to the broad array of proactive approaches a company can take proactively to identify and manage potential safety risks associated with a system, such as the ADS of a vehicle. Safety assurance, as contemplated in many of the documents discussed in this section, is typically a process controlled and conducted by the manufacturer that is designing a vehicle and certifying that vehicle's compliance. Many of these process and engineering measures are used by manufacturers in the development of their products, and NHTSA intends to explore how the Agency might harness these same processes in the development of a new regulatory or sub-regulatory approach to evaluate the safety of ADS.

The Department's guidance documents on vehicles equipped with ADS, ADS 2.0 and Preparing for the Future of Transportation: Automated Vehicles 3.0, generally describe these aspects of safety assurance and how the Department envisions its role in safety risk management and oversight during the development and deployment of ADS.

This section elaborates on the core elements of ADS safety performance and the documents behind the various elements of the safety framework for ADS that NHTSA is currently considering. This section also describes some of the many private and public activities related to evaluating ADS safety performance.

A. Engineering Measures—Core Elements of ADS Safety Performance

Engineering measures are those aspects that can be readily determined through the testing of a finished motor vehicle or system and establish the level of safety performance. Engineering measures could be used to assess safety performance of the ADS, such as successful crash avoidance (i.e., whether the ADS-equipped vehicle is capable of completing certain maneuvers without loss of control), but how exactly to design these measures is highly complicated. While a mature ADS may avoid many of the human driver errors and poor choices that lead to the majority of crashes today, an ADS may still find itself in crash-imminent scenarios that may warrant emergency maneuvers. Successful crash avoidance would depend on a vehicle's mechanical abilities (e.g., abilities to stop quickly and to maintain or regain directional stability and control). ADS-equipped vehicles, though, are unique in that the vehicle's system must also be able to perform appropriately the following safety relevant functions that are inherent to the adequate functionality of an ADS-equipped vehicle:

• Sensing;
• Perception;
• Planning; and
• Control.

1. Core ADS Safety Functions

“Sensing” refers to the ability of the ADS to receive adequate information from the vehicle's internal and external environment through connected sensors. Sensors on an ADS-equipped vehicle might include cameras, radar, LiDAR, Global Positioning Satellite (GPS), vehicle-to-vehicle (V2V) and/or vehicle-to-everything (V2X) devices, among other technologies. Sensing also involves scanning the driving environment with emphasis on the direction of travel in which the ADS intends to head. The sensing functionality serves as the “eyes” of the ADS.

“Perception” refers to the ability of an ADS to interpret information about its environment obtained through its sensors. This involves an ADS determining the location of the vehicle in relation to the driving environment and its ODD, including whether it is operating within any geolocational limitations in the ODD. Perception includes detection and identification of relevant static features and objects (e.g., road edges, lane markings, and traffic signs) and dynamic objects (e.g., vehicles, cyclists, and pedestrians) detected by sensors within proximity of the vehicle. Through perception, the ADS is provided with information necessary to predict the future behavior (e.g., speed and path) of relevant static and dynamic objects (i.e., those whose speed and path may create the risk of a collision with the vehicle). Thus, while sensing serves as the “eyes” of the ADS, perception performs the associated cognitive recognition of information detected through the sensor's “eyes.” Perception provides necessary interpreted information to the system so that it can conduct other key functions for successful completion of the driving task.

“Planning” refers to the ability of an ADS to establish and navigate the route it will take on the way to its intended destination. The planning function of an ADS builds from the sensing and perception functions by using the information collected through sensing and interpreted through perception, and predicts the future state of static and dynamic objects to create a path that mitigates crash risks, follows rules of the road, and safely reaches its intended destination. If the perception function is akin to the part of the brain of an ADS responsible for cognitive interpretation, the planning function is equivalent to that part of the brain of the ADS responsible for decision-making.

Finally, the “control” function of an ADS refers to the ability of the system to execute the driving functions necessary to carry out the continuously updated driving plan. Control includes implementing the driving plan by delivering appropriate control inputs—such as steering, propulsion, and braking—to follow the planned path while adjusting the plan when and as necessary based on the continuous acquisition and processing of new data concerning the state of the vehicle and surrounding environment. The control function, carried out through actuators and their associated control systems that facilitate execution of the driving plan, are analogous to the “arms” and “legs” of the ADS in driving the vehicle.

NHTSA requests comment on these four core functions, including whether commenters agree that these are the core functions, views on NHTSA's description of these functions, and whether and how NHTSA should prioritize its research as it develops a safety framework.

2. Other Safety Functions

While the four functions described above are necessary for an ADS, they are not necessarily sufficient to ensure ADS safety, which will also depend on a wide array of other functions and capabilities of the system and how that system interacts with the humans both inside and surrounding the ADS-equipped vehicle.

For example, one safety-related aspect not encompassed within the four functions would be the vehicle's ability to communicate with vehicle occupants and other vehicles and people in the driving environment, especially vulnerable road users. The human-machine interaction is expected to have an impact not only on the operational safety of an ADS-equipped vehicle, but also on the public acceptance of such systems. ADS capability to detect the malfunction of its own system or other systems in the vehicle accurately and reliably, while also ensuring safe transitions between operational modes developed to respond to any detected issues or malfunctions (e.g., fail safe or limp home modes), is another important consideration that could impact expected performance by an ADS.

Other aspects that could impact the ability of an ADS to carry out its intended plans in a safe and reliable manner include: (1) Identifying reduced system performance and/or ODD in the presence of failure; (2) operating in a degraded mode within reduced system constraints; (3) performing the essential task of transporting occupants or goods from starting point to the chosen destination; (4) recognizing and reacting appropriately to communications from first responders, including fire, EMS, and law enforcement; (5) receiving, loading, and following over-the-air software updates; (6) performing system maintenance and calibration; (7) addressing safety-related cybersecurity risks; and (8) system redundancies. NHTSA notes that its authorities under the Safety Act are limited to motor vehicle safety and, thus, do not authorize the Agency to regulate areas such as general privacy and cybersecurity unrelated to safety. That said, NHTSA will analyze relevant aspects of these issues during the rulemaking process to the extent required under the Safety Act and when otherwise required by applicable laws, such as the E-Government Act of 2002.

NHTSA requests comment on which of these aspects the Agency should prioritize as it continues the research necessary to develop a safety framework. NHTSA also seeks comment on whether it has an appropriate role to play with any or all of these elements outside of research. If so, which element(s)? For each such element, should NHTSA's role be regulatory or sub-regulatory, and in what manner?

3. Federal Engineering Measure Development Efforts

NHTSA, as part of the Department's broader efforts, has begun the research to explore potential ways the Agency can assess the safety of ADS. As described in AV 4.0, NHTSA maintains a comprehensive ADS research program evaluating and researching a wide array of aspects related to ADS performance. One of NHTSA's key research tracks focuses on ADS safety performance, and seeks to identify the methods, metrics, and tools to assess how well the ADS-equipped vehicle performs both normal driving tasks as well crash avoidance capabilities. Such assessments include system performance and behavior relative to the system's stated ODD and object and event detection and response (OEDR) capabilities, as well as fail-safe capabilities if/when it is confronted with conditions outside its ODD. A second high-level research focus is on functional safety and ADS subsystem performance. A third research area relevant to this document relates to the cybersecurity of vehicles and systems, including ADS. Finally, NHTSA is also researching human factors issues that may accompany vehicles equipped with ADS.

One key example of NHTSA's efforts to develop safety performance models and metrics is the Instantaneous Safety Metric (ISM)—a research document published in 2017. The ISM calculates physically possible trajectories that a subject vehicle and other roadway users in the surrounding traffic could take given a set of possible actions (e.g., steering wheel angles, brake/throttle) within a preset, finite period of time in the future and calculates which trajectory combinations could result in a potential multi-actor crash. A metric determined by the number and/or proportion of trajectories (and severity/probability of the action that leads to that trajectory) that may lead to a crash could serve as a proxy for the estimated safety risk associated with the given snapshot of the driving state.

An updated approach, referred to as the Model Predictive Instantaneous Safety Metric (MPrISM), builds upon the ISM concept and modifies its assessment method. MPrISM considers the subject vehicle's range of fully controllable actions and calculates crash implications under the scenario of best response choices by the subject vehicle and worst choices by other actors in the scene.

One of the benefits of ISM and MPrISM is their relatable logical reasoning and straight-forward analytical construction. However, ISM is not without its challenges in administering in real-world applications. One of those challenges is the significant computational complexity required for effective utilization. MPrISM attempts to address this computational complexity and can be run using real time data at reasonable processing rates. Through new metric development efforts such as MPrISM, NHTSA will continue researching ways to reduce complexity while also evaluating private sector approaches with a goal of facilitating the advancement of candidate safety performance models and metrics.

4. Other Notable Efforts Under Consideration as Engineering Measures

Various companies and organizations have begun efforts to develop a framework or at least portions of one. For example, in 2018, RAND Corporation issued a report proposing a partial framework for measuring safety in ADS-equipped vehicles. In developing that framework, RAND considered how to define ADS safety, how to measure ADS safety, and how to communicate what is learned or understood about ADS. The RAND report purports to present a framework to discuss how safety can be measured in a technology- and company-neutral way.

Another effort is led by NVIDIA, which published a document proposing a framework called the Safety Force Field that is articulated as a computational method to assess through simulation whether an ADS is monitoring its surrounding environment successfully and not taking unacceptable actions. The stated goal behind the Safety Force Field is avoiding crashes, and it seeks to accomplish this through setting a driving policy that analyzes the surrounding environment and predicts actions by other road users. Based upon this analysis, the system would then seek to determine potential actions that avoid creating or contributing to unsafe conditions that could lead to a crash.

In early July 2019, 11 companies, collectively referred to as “Safety First for Automated Driving,” released a paper describing safety by design, and verification and validation (V&V) methods for ADS. This paper states that it aims to address L3 and higher levels of automation, and can serve as a useful starting point for examining V&V methods appropriate for ADS. To guide safety efforts, the paper identifies principles (12 in all) towards addressing safe operation; safety layer; ODD; behavior in traffic; user responsibility; vehicle-initiated handover; driver-initiated handover; effects of automation; safety assessment; data recording; security; and passive safety. These principles are expressed to be relevant to ADS, and most of them, except those relating to handover to a human operator, are indicated to be relevant to L4 and above.

Finally, several other companies and organizations have published or are developing either documents to guide the safe testing and deployment of ADS or technical approaches to programming ADS in order to reduce the likelihood of facing crash-imminent situations. For example, Intel's Mobileye published a document proposing a framework called Responsibility Sensitive Safety (RSS), intended to address issues with multi-agent safety (defined by them as safe operation and interaction with multiple independent road users in a given environment). RSS is a mathematical model for multi-agent safety that incorporates common-sense rules of driving while interacting with other road users in a way that minimizes the chance of causing a crash, all while operating within normal behavioral expectations. The method is constructed with respect to “right-of-way” rules, occluded objects avoidance, and safe distance maintenance, both longitudinally and laterally. Mobileye also claims that special traffic conditions are covered in the discussion including intersection with traffic lights, unstructured roads, and collisions involving pedestrians (or other road users).

NHTSA is paying close attention to the efforts of other organizations to develop documents related to ADS safety that might be useful from a Federal regulatory perspective. While this document describes some of those efforts, it does not include all. NHTSA is also considering how it might harness process measures as part of a safety framework.

B. Process Measures—Safety Risk Minimization in the Design, Development, and Refinement of ADS

Vehicle process measures help an organization manage and minimize safety risk by identifying and mitigating sources of risk during the design, development, and refinement of new motor vehicles and motor vehicle equipment. Unlike engineering measures, process measures address safety issues that cannot be efficiently or thoroughly addressed through the FMVSS approach to testing, since process standards help to ensure reliability and robustness of designs over the life of the vehicle, and in “edge” cases—both of which are difficult or impossible to verify through one-time testing a finished vehicle. Careful adherence to process standards can enhance the safety of finished motor vehicles substantially. While some of the standards described below are not specific to ADS, the principles underlying such standards can prove useful in ADS development.

1. Functional Safety

ISO 26262 describes a documentation of a process for the evaluation of functional safety to assist in the development of safety-related electrical and/or electronic (E/E) systems. This framework is intended to be used by manufacturers to integrate functional safety concepts into a company-specific development framework. Some requirements have a clear technical focus to implement functional safety into a product; others address the development process itself and can therefore be seen as process requirements in order to demonstrate an organization's capability with respect to functional safety.

ISO 26262 addresses identified, unreasonable safety risks arising from electrical and electronic failures. The framework is intended to be applied to safety-related systems that include one or more E/E systems that are installed in production road vehicles, excluding mopeds. ISO 26262 seeks to avoid failures associated with electronics systems—including those related to software programming, intermittent electronic hardware faults, and electromagnetic disturbances—and mitigate the impact of potential equipment faults during operation. In addition to addressing fault conditions, it contains hazard analysis and risk assessment provisions, design, verification and validation (V&V) requirements, and safety management guidance.

ISO 26262 seeks to ensure systems have the capability to mitigate failure risk sufficiently for identified hazards. The needed amount of mitigation depends upon the severity of a potential loss event, operational exposure to hazards, and human driver controllability of the system when failure occurs. These factors combine into an Automotive Safety Integrity Level (ASIL) per a predetermined risk table. The assigned ASIL for a function determines which technical and process mitigations should be applied, including specified design and analysis tasks that must be performed.

2. Safety of the Intended Functionality

The safety of ADS is also linked to other factors such as conceivable human misuse of the function, performance limitations of sensors or systems, and unanticipated changes in the vehicle's environment.

Safety of the Intended Functionality (SOTIF) attempts to prevent insufficiencies of the intended functionality or reasonably foreseeable misuse by persons. ISO 21448 is a safety standard for driver assistance functions that could fail to operate properly even if no equipment fault is present. SOTIF does not apply to faults covered by the ISO 26262 series or to hazards directly caused by the system technology (e.g., eye damage from a laser sensor). Rather, SOTIF works in tandem with ISO 26262 to help a manufacturer assess and mitigate a variety of risks during the development process, with ISO 26262 focusing on mitigating failure risk and ISO 21448 mitigating foreseeable system misuse.

ISO 21448 is intended to be applied to intended functionality where proper situational awareness is critical to safety, and where that situational awareness is derived from complex sensors and processing algorithms; especially emergency intervention systems (e.g., active safety braking systems) and Advanced Driver Assistance Systems (ADAS) with SAE driving automation Levels 1 and 2 on the SAE standard J3016 automation scales. Per SAE International, the standard can be considered for higher levels of automation, though additional measures might be necessary.

ISO 21448 primarily considers mitigating risks due to unexpected operating conditions (the intended function might not always work in such conditions due to limitations of sensors and algorithms) and gaps in requirements (lack of complete description about the actual intended function). Highlights of this standard include covering:

• Insufficient situational awareness;
• Foreseeable misuse and human-machine interaction issues;
• Issues arising from operational environment (weather, infrastructure, etc.);
• Identifying and filling requirement gaps (removing “unknowns”); and
• Enumerating operational scenarios.

3. UL 4600

UL has developed “UL 4600: Standard for Safety for the Evaluation of Autonomous Products,” a draft voluntary industry standard that states to take a safety case approach to ensuring the safety of ADS. The published safety case approach includes three primary elements: Goals, argumentation, and evidence; each of which is stated to support the previous element to build an overarching safety case. The expressed goals are stated to be the same as ADS-related safety goals that an organization would be trying to achieve. The argumentation is claimed to describe the organization's analysis for why it thinks the system has met that goal. Finally, evidence is what the organization would consider to be sufficient to show that its arguments are reasonable and support the organization's assertion that it has met its safety goal. Preliminary versions of the document were released in 2019, and UL released its most recent version of UL 4600 on April 1, 2020. Like ISO 26262 and 21448, UL 4600 is a process-focused standard that is intended for use by the manufacturers in developing ADS. However, unlike those ISO standards, UL 4600 was developed primarily for ADS.

With the descriptions of Functional Safety, SOTIF, and UL 4600 as background, NHTSA is considering how it might make use of these process standards in the context of developing a new framework concerning ADS, based either in regulation or providing guidance. Traditional FMVSS may not be suitable for addressing certain critical safety issues relating to aspects of the core safety functions of perception, planning, and control. NHTSA requests comment on the specific ways in which Functional Safety, SOTIF, and/or UL 4600 could be adopted, either modified or as-is, into a mechanism that NHTSA could use to consider the minimum performance of an ADS or a minimum risk threshold an ADS must meet within the context of Vehicle Safety Act requirements.

IV. Safety Framework—Administrative Mechanisms for Implementation and Oversight

This section describes a variety of mechanisms that could be used, singularly or in combination, to implement the elements of a safety framework. The possibility that multiple mechanisms might ultimately be used does not mean that they could or would need to be implemented in the same timeframe. While some mechanisms could be implemented in the near term, others would need to be developed through additional research and then validated before they could be implemented. Thus, the mechanisms could be adopted and implemented, if and when needed, in a prioritized and phased manner. Implementation of some types of mechanisms might rarely be necessary, while others may be temporary until different mechanisms would take their place.

The array of available mechanisms roughly falls into either of two categories: (1) Voluntary mechanisms for monitoring, influencing and/or encouraging greater care; and (2) regulatory mechanisms. The former group includes voluntary disclosure, the New Car Assessment Program, and guidance. The latter group includes FMVSS and any other compulsory requirements.

A. Voluntary Mechanisms

NHTSA can establish various mechanisms to gather or generate information about:

• How developers are analyzing the safety of their ADS;
• how developers are identifying potential safety risks of those systems; and
• what methods developers are choosing to mitigate those risks.

This information could: (1) Enable the Agency to take proactive actions to encourage the development of innovative technologies in a manner that allows them to reach their full safety potential; (2) help the Agency avoid taking action that hampers safety innovation or otherwise adversely affect safety; and (3) support the Agency's existing programs by helping the Agency become more responsive to new technologies. To the extent ADS developers make such information available to the Agency and the public, competing developers may be encouraged to place greater emphasis on safety and improve transparency on their efforts in that regard.

1. Safety Self-Assessment and Other Disclosure/Reporting

Demonstrating the safety of ADS is critical for facilitating public confidence and acceptance, which may lead to increased adoption of the technology. Entities involved in the development and deployment of automation technology have an important role in their responsibilities for safety assurance of ADS-equipped vehicles and in providing transparency about their systems are achieving safety.

ADS 2.0 provided guidance to stakeholders regarding the safe design, testing, and deployment of ADS. This document identified 12 safety elements that ADS developers should consider when developing and testing their technologies. ADS 2.0 also introduced the concept of a Voluntary Safety Self-Assessment (VSSA), which is intended to encourage developers to demonstrate to the public that they are: Considering the safety aspects of an ADS; communicating and collaborating with the U.S. DOT; encouraging the self-establishment of industry safety norms; and building public trust, acceptance, and confidence through transparent testing and deployment of ADS. Entities were encouraged to demonstrate how they address the safety elements contained in A Vision for Safety by publishing a VSSA on their websites. NHTSA believes that VSSAs are an important tool for companies to showcase their approach to safety without needing to reveal proprietary intellectual property. The Agency hopes that VSSAs show the public that how these companies are addressing safety and how safety considerations are built into the design and manufacture of ADS-equipped vehicles that are tested on public roadways. As of June 2020, 23 developers and automakers have published VSSAs, which represents a significant portion of the industry.

Another voluntary reporting mechanism aimed at transparency is NHTSA's AV TEST Initiative, which involves both a series of events throughout the country where NHTSA, State and local governments, automakers, and ADS developers share information about activities. AV TEST is also expected to result in a website for companies to share information with the public about their vehicles, including details of on-road testing.

One type of administrative mechanism under consideration is to use guidance to encourage the development of a safety case by manufacturers. As used in this document, a safety case is “a structured argument, supported by a body of evidence that provides a compelling, comprehensible, and valid case that a system is safe for a given application in a given operating environment.” For NHTSA's purposes, “valid” as used in this context means “verifiable.” Such an administrative mechanism might be implementable more quickly than other mechanisms and could allow vehicle and equipment manufacturers flexibility in documenting the competence of their ADS in performing sensing, perception, planning, and control of its intended functions. It may be possible, within the limits of administrative feasibility, to tailor some aspects of these demonstrations to a vehicle's design purpose and intended scope of operation. Another, more extensive, means of increasing transparency of how a company developed its ADS would be for the developer to disclose (e.g., to NHTSA and/or the public) some or all its safety case. This disclosure would provide the results of applying the company's own stated performance metrics, metric thresholds, and test procedures, and how those results justify its belief that its vehicle is functionally and operationally capable of performing each of the core elements of ADS safety performance.

2. New Car Assessment Program (NCAP)

Short of setting a safety standard, an ADS competency evaluation could be added in NCAP. While an FMVSS obstacle-course performance test, standing alone, would likely be inadequate to evaluate ADS competence, such a test might form a useful foundation for consumer information under the NCAP program. This evaluation could be developed and used to measure the relative performance of an ADS in navigating a variable environment (within established operational ranges) and complex set of interactions with stimulus road users (e.g., dummy vehicles, pedestrians, and cyclists) on a course, with note made of variances in the manner in which the course was completed. All ADS-equipped vehicles could be expected to avoid collisions (including avoiding causing collisions), while adhering to a driving model that minimizes the risks of getting into crash-imminent situations and observing operational limitations, such as limits on rates of acceleration and deceleration and limits on absolute speed. Additionally, operational data relating to crash avoidance performance, as well as “nominal” driving behaviors (e.g., lane-keeping ability), could be collected during “on-road driving” and could be used to contribute to an overall safety performance assessment method. Relatedly, an NCAP program could provide comparative data on the occupant protection afforded by ADS vehicles.

The information NCAP provides empowers consumers to compare the relative safety of new vehicles and to make informed vehicle-purchasing decisions. This information has encouraged automakers to compete based upon improving safety—encouraging safety advancements and swift adoption of performance improvements that improve the safety of motor vehicles. For example, with the inclusion of static and dynamic rollover prevention tests into the NCAP program in 2001 and 2003, NHTSA encouraged the advancement and further deployment of safety improving technologies—notably electronic stability control—to prevent rollover crashes. This deployment took place more than 10 years before a FMVSS for electronic stability control went into effect. In part because of the market demand triggered by that encouragement, 29 percent of MY 2006 vehicles already had ESC voluntarily installed. NCAP's power to provide safety-relevant information to consumers, thus driving consumer demand for safety improvements in the market, could similarly be harnessed and applied to ADS performance.

3. Operational Guidance

At the current stage in the development of the technologies needed for wide-scale deployment of ADS, the specific areas for which regulatory intervention might be most needed remain uncertain and the appropriate regulatory performance metrics and safety thresholds remain unknown. The Department has therefore sought to enhance safety through voluntary guidance, instead of mandatory requirements. The Agency is requesting comment on whether developing further guidance on engineering and process measures remains the most appropriate approach.

To ensure due process and appropriate consideration of views of stakeholders and the general public in the development of guidance, certain guidance documents are subject to public comment—in accordance with Department of Transportation Regulations on Guidance Documents and Executive Order 13891. That said, guidance documents, as they simply recommend rather than require actions by regulated entities, are more appropriate at this early stage in the development of ADS and ADS-equipped vehicles, reserving mandatory requirements for when the technology is sufficiently mature and actual safety needs have been more clearly identified. Guidance documents also provide the agency greater flexibility in making recommendations, as they do not need to meet the strict requirements that FMVSS must meet and are generally easier to adopt and modify than mandatory requirements issued in a FMVSS. The Agency, therefore, would likely be able to develop and update these guidance documents more quickly, and design them to be more reflective of consensus industry standards and practices as they continue to develop.

Issuing guidance, working with States and developers to deepen communications, identifying for manufacturers critical safety aspects generally applicable to ADS, and exercising safety oversight using NHTSA's existing broad enforcement authorities have, for the most part, been NHTSA's approaches to the development of ADS thus far. NHTSA expects that these will continue to be the Agency's approaches to ADS for the foreseeable future while it conducts the research necessary to develop meaningful performance tests and metrics and while it closely monitors changes occurring in the private development of ADS and business models that surround the technology.

B. Regulatory Mechanisms

That said, the Agency believes that, at some point, regulation of the ADS will likely be necessary and is exploring ways it could appropriately regulate ADS, being mindful of the need to avoid creating unnecessary barriers to innovation or unintended safety risks. As discussed above, many stakeholders are already exploring a variety of approaches to assessing ADS performance and measuring ADS safety. The following explores what regulatory mechanisms the Agency is currently using and how future approaches might be incorporated into the FMVSS, either separately or together and in conjunction with non-regulatory mechanisms.

1. Mandatory Reporting and/or Disclosure

In addition to the voluntary reporting/disclosure activities discussed in the previous section, NHTSA has also taken steps to require the disclosure and reporting of certain information in the context of exemptions. NHTSA recently conditioned the Agency's grant of a petition for temporary exemption on a set of terms that include mandatory reporting of information on the operation of the vehicles equipped with ADS. The petition for exemption was from Nuro, Inc. for a low-speed (25 mph maximum), electric-powered occupantless delivery vehicle that will be operated by an ADS. In NHTSA's notice granting the petition for exemption, the Agency stated: “NHTSA has determined that it is in the public interest to establish a number of reporting and other terms of deployment of the vehicles that will apply throughout the useful life of these vehicles—violation of which can result in the termination of this exemption.” The terms include post-crash reporting, periodic reporting, cybersecurity, and other general requirements.

NHTSA also maintains a process for the temporary importation of noncompliant vehicles into the Unites States for research, demonstration, testing, and other purposes. For entities other than manufacturers of certified motor vehicles, approval of a temporary exemption comes in the form of written permission from NHTSA that the importer may import the noncompliant vehicle. When NHTSA began receiving requests for exemptions to import ADS-equipped vehicles for research and demonstration purposes, NHTSA determined that additional requirements were necessary to exercise oversight and monitor the safety of the exempt vehicles' operations. NHTSA may condition approval for importation of a noncompliant vehicle on specific terms and conditions. Similar to the terms that accompany a grant of a petition for exemption, the terms that importers are required to meet depend upon the information included in the petition, and are generally established to mitigate risks. Many of the terms required of Nuro have also been required for importers who have received permission to import a non-compliant ADS-equipped vehicle. Some examples of additional terms and conditions added to permission letters for vehicles equipped with ADS include: requiring that the noncompliant vehicle be used only in the ways described in the application; annual reporting on the status of all vehicles granted temporary exemptions; disengagement reporting; and reporting incidents of near misses, situations in which the trained operator acted to avoid an imminent crash, deviations from the prescribed route, and unexpected lane departures.

2. NHTSA's FMVSS Setting Authority

NHTSA has broad jurisdiction over motor vehicle safety pursuant to the Safety Act (49 U.S.C. Chapter 301), the purpose of which is “to reduce traffic accidents and deaths and injuries resulting from traffic accidents.” The Safety Act defines “motor vehicle safety” as inclusive of both operational and nonoperational safety. Specifically, “`motor vehicle safety' means the performance of a motor vehicle or motor vehicle equipment in a way that protects the public against unreasonable risk of accidents occurring because of the design, construction, or performance of a motor vehicle, and against unreasonable risk of death or injury in an accident, and includes nonoperational safety of a motor vehicle.”

The Safety Act authorizes the issuance of FMVSS for motor vehicles and motor vehicle equipment and the recall and remedy of motor vehicles and equipment failing to comply with a FMVSS or containing a defect that poses an unreasonable risk to safety. The FMVSS are intended to be uniform national standards so that compliant vehicles can be sold throughout the United States.

Among the products that fall within the scope of this authority are all vehicle systems and their parts and components. Modern computer-controlled electronic systems, like object detection and identification systems needed to protect vulnerable road users, automatic emergency braking systems, and air bag systems, are composed of hardware and software components, both of which are necessary to the functioning of those systems. Without their software components, computer-controlled electronic systems are merely non-functional assemblages of hardware components, incapable of protecting anyone. NHTSA has used its authority to specify how and when the hardware components of complex electronic systems, such as advanced air bags and anti-lock braking systems, must activate and perform. This performance-oriented approach gives manufacturers freedom to develop the software components needed to control the performance of each system's hardware components. NHTSA has also repeatedly exercised its authority over software when the software components of the computerized electronic systems of motor vehicles have been determined to contain a safety defect and thus become the subject of a recall campaign.

The Safety Act defines “motor vehicle safety standard” as “a minimum standard for motor vehicle or motor vehicle equipment performance.” This definition contemplates that each FMVSS (1) regulates one or more identified aspects of vehicle or equipment performance, and (2) specifies a minimum threshold for each of those aspects of performance (i.e., a required level of that aspect of performance that regulated products must at least equal to protect against unreasonable risk of crashes or unreasonable risk of death or injury in a crash). Such a threshold serves as a clear separation of compliant from noncompliant products. In the event of noncompliance, the threshold also aids NHTSA in determining the nature and extent of the needed remedy and in determining the seriousness of the noncompliance, which, in turn, is relevant in determining the appropriate amount of any civil penalty. Specifying minimum levels of safety performance in a standard also enables the Agency to estimate the benefits and the costs of complying with a standard and determine what level of stringency maximizes net benefits, as contemplated by Executive Order 12866 and Department of Transportation regulations.

In addition, each FMVSS must be objective and practicable. The Sixth Circuit has held that the FMVSS objectivity requirement means that compliance with an FMVSS standard must be susceptible to objective measurements, which are capable of repetition. Each FMVSS must also be reasonable, practicable, and appropriate for each type of vehicle to which it applies. In the interest of transparency, and as a matter of due process, each FMVSS must also give reasonable notice of what performance is required and how compliance will be determined.

NHTSA has broad authority to issue FMVSS. “[T]he Agency is empowered to issue safety standards which require improvements in existing technology or which require the development of new technology, and it is not limited to issuing standards based solely on devices already fully developed.” However, NHTSA has learned from previous experiences that establishing FMVSS prior to technology readiness can lead to adverse safety consequences. Motor vehicles are extraordinarily complicated machines that are massive and move at very high speeds. When setting a performance standard not appropriately grounded in the capabilities of technologies employed to meet the standard, unexpected consequences can result. For instance, one of the foundational court decisions regarding FMVSS involved the Agency's establishment of braking standards for air brake-equipped trucks, tractor-trailers, and buses—mandating stopping distances far shorter than achieved in large trucks that were built at the time. The stopping distance requirements required the entire industry to design completely new braking systems. The Agency was aware that the shorter stopping distances would increase the likelihood of wheel lock-up, so the standard also required that the stops be made without wheel lock-up—which effectively (although not explicitly) required manufacturers to develop and install antilock computers on each axle. These antilock devices proved unreliable, and, combined with the more-powerful newly designed braking systems, resulted in increased risk of loss of control resulting from wheel lock-up. Further, the susceptibility of early sensors to outside interferences resulted in circumstances where some trucks lost the use of brakes entirely. In invalidating requirements under the standard, the Court of Appeals for the Ninth Circuit found that “because of unforeseen problems in the development of the new braking systems, the Standard was neither reasonable nor practicable at the time it was put into effect.” The Court also explained that NHTSA must “ascertain, with all reasonable probability, that its safety regulations do not produce a more dangerous highway environment than that which existed prior to governmental intervention.”

Given the rapidly evolving state of ADS technology, NHTSA is taking care that its actions do not result in unforeseen problems in the development or deployment of ADS. Establishing FMVSS prior to technology readiness hampers safety-improving innovation by diverting developmental resources toward meeting a specific standard. Such a regulatory approach could unnecessarily result in the Agency establishing metrics and standards without a complete understanding of the technology or safety implications and result in unintended consequences, including loss of potential benefits that could have been attained absent government intervention, a false sense of security, or even inadvertently creating additional risk by mandating an approach whose effects had not been known because regulation halted the technology at too early a stage in its development.

NHTSA has typically used its FMVSS authority either to mandate the installation of a proven technology by way of performance standards to address a safety need and subject the technology to minimum performance requirements, or to regulate voluntarily installed technology by subjecting the technology to minimum performance safety requirements. In most instances, when NHTSA has mandated the installation of a technology by way of performance standards, it has not done so until the technology is fully developed and mature, so that all buyers of new vehicles have the protection of that technology. An example of this practice is Electronic Stability Control (ESC). ESC development for passenger cars began in the late 1980s, and three manufacturers voluntarily installed the systems on some of their vehicles by 1995. After NHTSA evaluated real word data and realized the beneficial effect of ESC in preventing crashes, NHTSA undertook a rulemaking to establish FMVSS No. 126, “Electronic stability control systems for light vehicles.” By the time a proposal was issued for FMVSS No. 126, 29 percent of MY 2006 vehicles sold in the U.S. were already voluntarily equipped with ESC. Given the profound benefits of ESC, NHTSA's rulemaking impelled the expedited installation of ESC in the vehicle fleet. While this has been a common practice, of establishing performance standards and mandating that certain vehicles be equipped with a system that meets those performance requirements, it is too soon to tell if this will be the best path forward for ADS.

Furthermore, there are notable instances in which NHTSA has regulated voluntarily installed technologies by simply establishing minimum safety performance requirements, as opposed to mandating the installation of a technology, include when the Agency anticipated the introduction of electric and compressed natural gas vehicles and fuel systems, and issued standards to guard against risks of electric shock and explosion.

Also, existing classes of vehicles (e.g., passenger cars, trucks, buses, motorcycles, and low speed vehicles) subject to the existing FMVSS are based largely on observable physical features (e.g., number of designated seating positions) or objectively measurable specifications (e.g., gross vehicle weight rating) or performance (e.g., top speed).⁸⁸ As a result, determining which class a vehicle falls into involves a relatively simple, quick, and objective process.

Developers of ADS are taking a variety of approaches to the vehicles that utilize their systems. Some are testing their systems in fully FMVSS-compliant vehicles, others are exploring alternative vehicle designs that would not comply with some or even all of the current FMVSS, and even others are simply developing the ADS without a particular vehicle type in mind—something that could be retrofit into an existing vehicle, or a system that could be sold to automakers. NHTSA expects that existing vehicle classes will remain relevant for many purposes. Yet, new classes of vehicles may emerge as companies begin to consider all the possible uses and business models available for their systems. The need to define any new class in the context of the FMVSS has not been determined.

3. Applying the Established FMVSS Framework to ADS Safety Principles

NHTSA believes that the critical relationship between the safety of an ADS's design and the vehicle's decision-making system makes it necessary to evaluate the safety of ADS performance considering appropriate and well-defined ODD (for any system below Level 5). For example, if an ADS is capable of only operating at speeds below 30 miles per hour (mph), it is reasonable and necessary to assess the system at speeds below 30 mph. NHTSA might also consider whether it would be appropriate to require that the vehicle be designed so that it cannot operate automatically at speeds of 30 mph or more unless and until it acquires the capability (e.g., through software updates) of safely operating automatically above that speed. Similarly, if a vehicle would become incapable of operating safely if one or more of its sensors became non-functional, NHTSA might consider whether it would be appropriate to require that the vehicle be designed so that it can detect those problems and either cease to operate automatically in a safe manner in those circumstances (in the case of a vehicle designed to operate either manually or automatically) or operate automatically in a reduced or “limp home” manner only.

State and local authorities also play critical roles in roadway safety. Through establishing and enforcing their rules of the road, these authorities have traditionally controlled such operational matters as the speed at which vehicles may be driven and the condition of certain types of safety equipment, such as headlamps and taillamps. In the future, it is reasonable to expect that such authorities may establish new rules of the road to address ADS-equipped vehicles specifically. NHTSA could require that ADS be designed such that they must follow all applicable traffic laws in the areas of operation, thereby supporting State and local efforts to ensure their traffic laws are observed. That said, NHTSA expects that the States and localities would enforce those rules if broken, just as they would today.

4. Reforming How NHTSA Drafts New FMVSS To Keep Pace With Rapidly Evolving Technology

As the functions and capabilities of modern motor vehicles are increasingly defined and controlled by software, vehicles will likely continue to change and improve through software updates that occur during the lifetime of the vehicle. Likewise, the more quickly vehicle systems can change, the greater the risk that the current regulatory requirements may unnecessarily interfere with innovation, and that the slow pace of the regulatory process to address unnecessary barriers may delay the introduction of new safety improvements.

The nature and requirements of the rulemaking process may challenge the Agency's efforts to amend existing FMVSS and develop, validate, and establish new FMVSS quickly enough to enable the Agency to keep pace with the expected rapid rate of technological change. Some aspects of the process are inherent and, thus, unavoidable, such as the often lengthy period needed for preparatory research to develop and validate performance metrics and test procedures and for the rulemaking process to propose, take and consider comment, and eventually adopt the metrics and procedures.

There are, however, other aspects of the process that are not only amenable to reform, but that are also likely needed to change for expedient application to future technologies. Some portions of the existing FMVSS might be seen as overly specific, and insufficiently technologically neutral. If a new generation of safety standards and other safety regulations is determined to be needed for ADS, they might be written, to the extent allowed by the law, so that they do not have the effect of inadvertently locking future ADS into today's hardware and software technologies. A new generation of performance requirements and test procedures for ADS could be drafted with a greater eye to enabling continuing technological innovation to ensure that the new requirements do not become unintended obstacles to the use of new technologies. In other words, the Agency should take care not to assume that the specific technologies used in today's vehicles will be used in future vehicle designs. Future standards—particularly those that mandate vehicles be equipped with a certain technology—may be better approached by focusing on objective vehicular functionality as opposed to the performance of a specific discrete system. A new generation of FMVSS should give the manufacturers of vehicles, sensors, software, and other technologies needed for ADS sufficient flexibility to change and improve without the need for frequent modifications to the regulations. Such an approach may also benefit the safety of future vehicles through more flexible standards that focus more on the safety outcome, rather the performance of any specific technology.

What may be needed, then, is a new approach to structuring and drafting standards that places greater reliance on more general, but still objective, specifications of the types and required levels of performance.

5. Examples of Regulatory Approaches

Below NHTSA provides some examples of potential regulatory approaches that the Agency could consider including in a safety framework. These examples are not intended to propose any particular approach. Instead, they highlight some of the future approaches on which NHTSA would like feedback.

a. FMVSS Requiring Obstacle Course-Based Validation in Variable Scenarios and Conditions

A performance-oriented, outcome-based FMVSS could be developed along one or more of the lines stated in “AV 3.0”:

Performance-based safety standards could require manufacturers to use test methods, such as sophisticated obstacle-course-based test regimes, sufficient to validate that their ADS-equipped vehicles can reliably handle the normal range of everyday driving scenarios as well as unusual and unpredictable scenarios. Standards could be designed to account for factors such as variations in weather, traffic, and roadway conditions within a given system's ODD, as well as sudden and unpredictable actions by other road users. Test procedures could also be developed to ensure that an ADS does not operate outside of the ODD established by the manufacturer. Standards could provide for a range of potential behaviors—e.g., speed, distance, angles, and size—for surrogate vehicles, pedestrians, and other obstacles that ADS-equipped vehicles would need to detect and avoid.

However, physical testing of ADS functions through an obstacle course with a wide range of potential scenarios and conditions would not be without its own limitations. While physical obstacle course testing may be appropriate and even necessary as part of a future FMVSS regulating ADS competency, such a test is likely not sufficient to meet the need for safety in and of itself. Testing an ADS is expected to be different from the physical testing considered sufficient for today's vehicles. No physical obstacle course would come close to replicating the infinite number of driving scenarios an ADS would be expected to navigate safely, nor the complexity of the driving situations that ADS might encounter on the roads.

The level of ADS competency required to handle such diversity and complexity is partly why ADSs are developed using a variety of verification and validation tools when exposing the ADS to different scenarios during development. ADS developers generally use an iterative process that includes simulations, closed-course testing, and on-road testing during development and demonstration to expose the ADS to as many variables as reasonably possible, while also transferring information from each of those methods of testing back to the others to help ensure each method includes as many variables as possible. Situations that occur during on-road testing are important information for developers to include in the simulations used on ADS, and vice versa, with scenarios from the simulations being important to validate in the physical world through on-road testing. Though this iterative testing is normal for the development process, it may also indicate how challenging it might be for an obstacle-course test administered by a third party to include an adequate number and type of scenarios to test ADS competency, while also ensuring that such a course would be objective and practicable. While a standard obstacle course test may provide a baseline of performance, analogous to current FMVSS that perform a subset of specific crash tests, it cannot expose a vehicle to the entire spectrum of field crash scenarios.

b. FMVSS Requiring Vehicles To Be Programmed To Drive Defensively in a Risk-Minimizing Manner in Any Scenario Within Their ODD

An FMVSS might also require that the planning and control functions of an ADS be programmed to adhere to a defensive driving model so as to minimize the likelihood of getting into a crash-imminent situation under any scenario within its ODD—similar to the driving policies and metrics described in Mobileye's RSS, NVIDIA's Safety Force Field, and NHTSA's MPrISM described previously. This could be accompanied by an additional requirement that the vehicle be capable of automated operation within its ODD only. The FMVSS could be complemented by a requirement that each vehicle manufacturer state in the owner's manual for each of its vehicles equipped with ADS that it would be unsafe for the vehicle to operate in automated mode outside its ODD and that the vehicle has therefore been designed so that it cannot do so. Such a statement could also include a description of what behavior the vehicle owner could expect in the circumstance that an ADS exceeds the limits of its ODD, such as the vehicle will pull over in a safe location.

While programming an ADS to adhere to defensive driving models may help lower the risk of crash, there are additional ADS performance aspects that NHTSA would need to consider. Adherence to a defensive driving model would be one potential requirement that could mitigate some, but not all, safety risks. Much would also depend on the implementation of that defensive driving model, and the efficacy of that implementation.

c. FMVSS Drafted in a Highly Performance-Oriented Manner

The traditional approach to standard drafting is one where NHTSA specifies the desired performance in great detail, and may also include requirements to lessen the likelihood and mitigate the consequences of failure. For instance, FMVSS No. 135 “Light vehicle brake systems,” establishes performance requirements for braking systems functioning normally, and separate requirements for when brake power assist units are inoperative or depleted of reserve capability. Applying this approach to the myriad unique combinations of technologies that may be developed to perform the four critical functions of an ADS could prove quite challenging. For instance, the sensing function of an ADS may be performed by one or a combination of technologies such as LiDAR, radar, cameras, GPS, and V2X radios/antennae units. If the available technologies that might be used for sensing fail in distinctly different ways, the approach the Agency took in regulating light duty braking might mean that any sensing standard must include different requirements for different technologies. The degree of specificity required for such an approach would necessitate successive rulemaking proceedings to amend or remove regulatory provisions as they are obsoleted by technological change.

To avoid this problem, any FMVSS that might be developed for ADS could be drafted in a manner that minimizes the chances of creating new barriers to innovation. As the Department stated in “AV 3.0”:

Future motor vehicle safety standards will need to be more flexible and responsive, technology-neutral, and performance-oriented to accommodate rapid technological innovation. They may incorporate simpler and more general requirements designed to validate that an ADS can safely navigate the real-world roadway environment, including unpredictable hazards, obstacles, and interactions with other vehicles and pedestrians who may not always adhere to the traffic laws or follow expected patterns of behavior. Existing standards assume that a vehicle may be driven anywhere, but future standards will need to take into account that the operational design domain (ODD) for a particular ADS within a vehicle is likely to be limited in some ways that may be unique to that system.

The likelihood of different ADS having entirely different sensors, systems, and even ODDs that are limited in entirely different ways introduces additional challenges to NHTSA's traditional approach to standard drafting. Generally, NHTSA establishes standards meeting the need for safety in applicable circumstances. When one ADS can operate only in a discrete set of conditions that varies almost entirely from the discrete set of conditions in which another ADS is capable of operating, establishing objective standards meeting the need for motor vehicle safety for all ADS becomes that much more challenging. Application of one specific or one series of prescriptive tests may not be feasible or practical for that wide an array of technology and operating limitations. Compounding this difficulty is the fact that a given ADS is likely to be updated over time—and ODD limitations that apply to a vehicle's ADS at the time of certification could be entirely different from the same vehicle's upgraded ODD limitations years later.

D. Timing and Phasing of FMVSS Development and Implementation

As described above, issuing performance standards for ADS competency has been and remains premature because of the lack of technological maturity and the development work necessary to support developing performance standards. Since widespread deployment of ADS vehicles appears to be years away, NHTSA has the opportunity to decide carefully and strategically which aspects of ADS safety performance may require the most attention. By taking this deliberate approach, the Agency can perform the research and validation necessary to ensure that any standards developed to regulate those aspects of performance achieve their purpose without limiting the ability of manufacturers to develop and introduce further safety improvements and capabilities unnecessarily.

Also important to this discussion of timing are the many challenges and aspects that NHTSA must overcome to implement some of the mechanisms described in this document. First, it has been NHTSA's practice to purchase vehicles independently to assess baseline and/or countermeasure performance when developing an FMVSS. Given the lack of ADS-equipped vehicles available for testing or any other purposes, the Agency would have difficulty verifying that a new standard would achieve its intended purpose without systems and vehicles to test. In recognition of and in response to the difficulty, the Agency would be required to explore alternative avenues to validate the appropriateness of a proposed test procedure.

Next, NHTSA expects a phased approach to regulation of those aspects of safety performance that may necessitate regulation, given limited agency resources and the constantly evolving technology and business models involved in ADS development. NHTSA would need to phase its responses in several ways. To avoid implementing ineffective or counterproductive measures, the Agency would need to set priorities and allocate its resources accordingly. NHTSA has already begun the process of providing oversight and guidance (including encouraging disclosure and highlighting key safety aspects the Agency finds relevant for all ADS developers), as described in previous sections. Further, where appropriate, the Agency has granted, and will continue to consider granting, exemptions from FMVSS to allow for limited deployment or research of in a manner that mitigates safety risk and advances agency technical knowledge. However, the question remains as to what the Agency should prioritize next in its goals of advancing the safety of ADS. Certain mechanisms would permit more expedited implementation, while others would require much research. Most of the mechanisms would face some of the practical hurdles related to the unavailability of ADS to test.

NHTSA seeks comment on what next steps the Agency should take in the regulation of ADS, the timing of those steps, and whether any of the abovementioned steps are required for the development of an ADS-specific FMVSS regime that achieves appropriate standards for highway safety while preserving incentives for innovation and accommodating improvements in technology.

E. Critical Factors Considered in Designing, Assessing, and Selecting Administrative Mechanisms

To aid commenters in providing useful information to the Agency on the array of administrative mechanisms described above, NHTSA has set forth below a variety of critical factors that the Agency will weigh in exploring the strengths and weaknesses of those mechanisms.

• Consistent and Reliable Assurance of Safety— To the extent that the mechanisms provide flexibility in how manufacturers demonstrate safety, there should be criteria for assessing objectively whether the methods of each manufacturer should meet a common standardized level of rigor, including documentation, and a common standardized minimum level of safety.
• Technology Neutrality/Performance-Based— The Agency wants to ensure that any mechanism it uses does not pick winners and losers among available and anticipated technologies. By being highly performance or outcome oriented, the mechanisms will allow for innovation and minimize the necessity of having to be amended to permit the introduction of new technologies. Any new standards and regulations should be drafted, to the extent possible, in performance-oriented terms to give manufacturers broad choices among available technologies and flexibility to develop and introduce new technologies without the need first to seek amendments to those standards or exemptions.
• Predictability— In developing vehicles and ADS, manufacturers should be able to anticipate what types of performance outcomes they will need to make to demonstrate the safety of their products so that they can design their products accordingly.
• Transparency— To build public confidence and acceptance, the methods used by manufacturers to demonstrate the safety of their products should be made known and explained to the public.
• Efficiency— Given that there is neither enough time nor resources for the Agency to develop physical test procedures for all conceivable driving scenarios, an effort should be made to determine which physical tests have the greatest likelihood to minimize safety risk in an effective manner.
• Equity— All manufacturers should be treated fairly and equally in the Agency's assessing of the sufficiency of their safety showings. To that end, the mechanism(s) chosen by the Agency should provide some means to validate that each manufacturer's demonstration of safety meets or exceeds a common level of rigor and comprehensiveness and that each vehicle meets or exceeds a common minimum level of safety.
• Consistent with Market-Based Innovation— To ensure that innovation is recognized and valued, governmental actions should be consistent with market-based innovation, and ensure the Agency's actions facilitate and do not unnecessarily inhibit innovation to the extent possible.
• Resource Requirements— Return (measured in added safety) on investment (e.g., efficient use of available resources) is especially important in choosing mechanisms and in deciding which of the core elements of ADS safety performance the Agency should prioritize in exercising its safety oversight responsibilities.

V. Questions and Requests

A. Questions About a Safety Framework

• Question 1. Describe your conception of a Federal safety framework for ADS that encompasses the process and engineering measures described in this document and explain your rationale for its design.
• Question 2. In consideration of optimum use of NHTSA's resources, on which aspects of a manufacturer's comprehensive demonstration of the safety of its ADS should the Agency place a priority and focus its monitoring and safety oversight efforts and why?
• Question 3. How would your conception of such a framework ensure that manufacturers assess and assure each core element of safety effectively?
• Question 4. How would your framework assist NHTSA in engaging with ADS development in a manner that helps address safety, but without unnecessarily hampering innovation?
• Question 5. How could the Agency best assess whether each manufacturer had adequately demonstrated the extent of its ADS' ability to meet each prioritized element of safety?
• Question 6. Do you agree or disagree with the core elements (i.e., “sensing,” “perception,” “planning” and “control”) described in this document? Please explain why.
• Question 7. Can you suggest any other core element(s) that NHTSA should consider in developing a safety framework for ADS? Please provide the basis of your suggestion.
• Question 8. At this early point in the development of ADS, how should NHTSA determine whether regulation is actually needed versus theoretically desirable? Can it be done effectively at this early stage and would it yield a safety outcome outweighing the associated risk of delaying or distorting paths of technological development in ways that might result in forgone safety benefits and/or increased costs?
• Question 9. If NHTSA were to develop standards before an ADS-equipped vehicle or an ADS that the Agency could test is widely available, how could NHTSA validate the appropriateness of its standards? How would such a standard impact future ADS development and design? How would such standards be consistent with NHTSA's legal obligations?
• Question 10. Which safety standards would be considered the most effective as improving safety and consumer confidence and should therefore be given priority over other possible standards? What about other administrative mechanisms available to NHTSA?
• Question 11. What rule-based and statistical methodologies are best suited for assessing the extent to which an ADS meets the core functions of ADS safety performance? Please explain the basis for your answers. Rule-based assessment involves the definition of a comprehensive set of rules that define precisely what it means to function safely, and which vehicles can be empirically tested against. Statistical approaches track the performance of vehicles over millions of miles of real-world operation and calculate their probability of safe operation as an extrapolation of their observed frequency of safety violations. If there are other types of methodologies that would be suitable, please identify and discuss them. Please explain the basis for your answers.
• Question 12. What types and quanta of evidence would be necessary for reliable demonstrations of the level of performance achieved for the core elements of ADS safety performance?
• Question 13. What types and amount of argumentation would be necessary for reliable and persuasive demonstrations of the level of performance achieved for the core functions of ADS safety performance?

B. Question About NHTSA Research

• Question 14. What additional research would best support the creation of a safety framework? In what sequence should the additional research be conducted and why? What tools are necessary to perform such research?

C. Questions About Administrative Mechanisms

• Question 15. Discuss the administrative mechanisms described in this document in terms of how well they meet the selection criteria in this document.
• Question 16. Of the administrative mechanisms described in this document, which single mechanism or combination of mechanisms would best enable the Agency to carry out its safety mission, and why? If you believe that any of the mechanisms described in this document should not be considered, please explain why.
• Question 17. Which mechanisms could be implemented in the near term or are the easiest and quickest to implement, and why?
• Question 18. Which mechanisms might not be implementable until the mid or long term but might be a logical next step to those mechanisms that could be implemented in the near term, and why?
• Question 19. What additional mechanisms should be considered, and why?
• Question 20. What are the pros and cons of incorporating the elements of the framework in new FMVSS or alternative compliance pathways?
• Question 21. Should NHTSA consider an alternative regulatory path, with a parallel path for compliance verification testing, that could allow for flexible demonstrations of competence with respect to the core functions of ADS safety performance? If so, what are the pros and cons of such alternative regulatory path? What are the pros and cons of an alternative pathway that would allow a vehicle to comply with either applicable FMVSS or with novel demonstrations, or a combination of both, as is appropriate for the vehicle design and its intended operation? Under what authority could such an approach be developed?

D. Questions About Statutory Authority

• Question 22. Discuss how each element of the framework would interact with NHTSA's rulemaking, enforcement, and other authority under the Vehicle Safety Act.
• Question 23. Discuss how each element of the framework would interact with Department of Transportation Rules concerning rulemaking, enforcement, and guidance.
• Question 25. If you believe that any of the administrative mechanisms described in this document falls outside the Agency's existing rulemaking or enforcement authority under the Vehicle Safety Act or Department of Transportation regulations, please explain the reasons for that belief.
• Question 24. If your comment supports the Agency taking actions that you believe may fall outside its existing rulemaking or enforcement authority, please explain your reasons for that belief and describe what additional authority might be needed.

VI. Preparation and Submission of Written Comments

How do I prepare and submit comments?

Your comments must be written and in English. To ensure that your comments are filed in the correct docket, please include the docket number of this document in your comments.

Please submit one copy (two copies if submitting by mail or hand delivery) of your comments, including the attachments, to the docket following the instructions given above under ADDRESSES. Please note, if you are submitting comments electronically as a PDF (Adobe) file, we ask that the documents submitted be scanned using an Optical Character Recognition (OCR) process, thus allowing NHTSA to search and copy certain portions of your submissions.

How do I submit confidential business information?

If you wish to submit any information under a claim of confidentiality, you must submit three copies of your complete submission, including the information you claim to be confidential business information, to the Office of the Chief Counsel, NHTSA, at the address given above under FOR FURTHER INFORMATION CONTACT.

In addition, you may submit a copy (two copies if submitting by mail or hand delivery) from which you have deleted the claimed confidential business information, to the docket by one of the methods given above under ADDRESSES. When you send a comment containing information claimed to be confidential business information, you should include a cover letter setting forth the information specified in NHTSA's confidential business information regulation (49 CFR part 512).

Will NHTSA consider late comments?

NHTSA will consider all comments received before the close of business on the comment closing date indicated above under DATES. To the extent possible, NHTSA will also consider comments received after that date.

How can I read the comments submitted by other people?

You may read the comments received at the address given above under ADDRESSES. The hours of the docket are indicated above in the same location. You may also read the comments on the internet, identified by the docket number at the heading of this document, at http://www.regulations.gov.

Please note that, even after the comment closing date, NHTSA will continue to file relevant information in the docket as it becomes available. Further, some people may submit late comments. Accordingly, NHTSA recommends that you periodically check the docket for new material.

VII. Regulatory Notices

This action has been determined to be significant under Executive Order 12866, as amended by Executive Order 13563, and DOT's Regulatory Policies and Procedures. It has been reviewed by the Office of Management and Budget under that Order. Executive Orders 12866 (Regulatory Planning and Review) and 13563 (Improving Regulation and Regulatory Review) require agencies to regulate in the “most cost-effective manner,” to make a “reasoned determination that the benefits of the intended regulation justify its costs,” and to develop regulations that “impose the least burden on society.” In addition, Executive Orders 12866 and 13563 require agencies to provide a meaningful opportunity for public participation. Accordingly, we have asked commenters to answer a variety of questions to elicit practical information about alternative approaches and relevant technical data. These comments will help the Department evaluate whether a proposed rulemaking is needed and appropriate. This action is not subject to the requirements of E.O. 13771 (82 FR 9339, February 3, 2017) because it is an advance notice of proposed rulemaking.

Authority: 49 U.S.C. 30101 et seq., 49 U.S.C. 30182.