ISO 21448

ISO 21448 is an international standard titled Road vehicles – Safety of the Intended Functionality (SOTIF). It addresses safety risks that can arise from unexpected behaviors of advanced driver-assistance systems (ADAS) and autonomous driving (AD) functions.

Unlike traditional functional safety standards—which address hazards resulting from malfunctions or failures of electrical and electronic (E/E) systems—ISO 21448 focuses on situations where the system operates as intended but may still behave unsafely in complex or unfamiliar conditions. This includes:

• Limitations of sensors

• Unpredictable human behavior

• Complex environmental conditions

The standard provides a systematic approach to identify, assess, and mitigate potentially unsafe behaviors that do not stem from a system fault. Validas supports ISO 21448 compliance by classifying and qualifying tools and software libraries, helping organizations produce reliable, audit‑ready evidence for complex ADAS and autonomous functions. ISO 21448 requires that the tools used for training and verifying AI applications be classified and qualified according to ISO 26262 Clauses 8–11 (Tool Confidence).

ISO 21448 is critically important for the development and deployment of autonomous driving and advanced driver-assistance systems because these systems operate in highly dynamic and unpredictable real-world environments. While a camera or radar might be functioning perfectly, its perception might be impaired by sun glare, heavy rain, or an unusual road marking, leading the system to misinterpret a situation and potentially act unsafely.

Traditional safety approaches, like those in ISO 26262, focus on preventing harm from hardware or software failures. However, for highly automated driving, a significant portion of the safety challenge lies in ensuring that the intended function does not lead to an unreasonable risk under diverse and sometimes unforeseen operational conditions.

The main idea of ISO 21448 is to deal with the fact that there can be “unknown” scenarios, i.e., scenarios that have not been considered during the design.

In case those unknown scenarios become known, the cars have to be updated so that they can handle these scenarios in the future as well.

ISO 21448 and ISO 26262 are closely related and complementary standards that together ensure the comprehensive safety of automotive E/E systems. ISO 26262 focuses on functional safety, which aims to prevent hazards caused by failures or malfunctions of electrical and electronic components. It deals with systematic faults (errors in design or manufacturing) and random hardware failures.

In contrast, ISO 21448 specifically addresses the "Safety of the Intended Functionality" (SOTIF) by managing risks that arise when an ADAS or AD system functions as intended but still leads to an unsafe situation due to performance limitations or unforeseen environmental conditions.

Effectively, ISO 26262 ensures that the system works correctly, while ISO 21448 ensures that the system works safely in all foreseeable conditions, even if it is technically operating fault-free. Both standards are essential for achieving overall vehicle safety, with ISO 21448 often building upon the foundation laid by ISO 26262 to tackle the unique challenges of automated driving.

ISO 21448 affects all organizations involved in the development, testing, and deployment of advanced driver-assistance systems and autonomous driving functionalities in road vehicles. This primarily includes vehicle manufacturers (OEMs), Tier 1 suppliers providing ADAS/AD components and software, and other suppliers contributing to the perception, planning, and control systems of automated vehicles.

Engineering teams, including software engineers, sensor specialists, algorithm developers, and validation engineers must incorporate SOTIF principles into their daily work. Safety managers and risk assessors play a crucial role in overseeing the application of standard methodologies.

While specifically tailored for road vehicles, the underlying principles of managing risks from intended but potentially unsafe functionalities are relevant across other domains dealing with highly automated or intelligent systems, such as industrial automation, robotics, and even emerging AI safety frameworks where complex systems interact with dynamic environments.