Automotive Functional Safety: Ensuring ISO 26262 Compliance

The automotive industry is undergoing a significant transformation in how it approaches functional safety. One reason is the rise of advanced driver assistance systems (ADAS) and self-driving systems. Such solutions require additional efforts to integrate properly while adhering to cybersecurity and road safety measures.

This article will guide you through the importance of functional safety in automotive. We’ll also take a look at key parts of ISO 26262 一 the main standard explaining functional safety for road vehicles — and explore key automotive trends to keep an eye on in the near future.

What is functional safety in automotive?

In the broadest sense, automotive functional safety ensures that software and hardware systems in vehicles can operate without harming anyone. It’s also a set of methods and approaches guiding automotive organizations in delivering secure and protected products that safeguard end users.

The key goals of functional safety measures in automotive are to:

• Eliminate and mitigate hazards caused by the failure or unintended behavior of systems
• Make sure that all systems operate correctly in response to inputs, preventing malfunctions and safeguarding drivers and passengers
• Minimize residual risks and prevent unacceptable risks that could be caused by malfunctioning electrical and electronic (E/E) systems
• Ensure safe systems operation, even during accidents like sensor failures or software malfunctions

In the automotive industry, functional safety is mostly governed by ISO 26262.

ISO 26262 is an international standard that ensures the reliability of critical vehicle components. It provides guidelines for functional safety processes, from development to decommissioning, to qualify devices for use in vehicles.

This standard covers electronic, electrical, embedded, and software components in production road vehicles. The main goal of ISO 26262 is to minimize residual risks and systematically avoid hazards caused by random hardware and systematic faults during the development of vehicle components and systems.

Who needs to comply with ISO 26262?

All organizations involved in the development of automotive E/E systems should consider following ISO 26262 recommendations. Establishing functional safety for automotive is especially important for organizations that develop safety-critical systems:

• Original equipment manufacturers (OEMs) who are responsible for overall system integration and vehicle safety
• Tier 1 suppliers who provide complex components or subsystems like braking systems and advanced driver assistance systems (ADAS)
• Tier 2 and Tier 3 suppliers who provide parts or software to Tier 1 suppliers, producing components like sensors, chips, and embedded software
• Software vendors who offer automotive-centered development tools like compilers and testing frameworks or provide embedded software stacks
• Engineering and software development teams (in-house or outsourced) involved in designing and creating custom automotive software, as well as validating and analyzing the safety of final software products

Is ISO 26262 mandatory?

Compliance with ISO 26262 is not legally required.

However, this standard is considered a comprehensive guideline, and following it is considered a best practice among industry leaders.

For example, OEMs often require suppliers to implement ISO 26262 in their products. Therefore, many organizations that operate in the automotive industry put effort into achieving compliance with this standard, celebrating each milestone.

Non-critical solutions within automotive systems, like car infotainment modules, don’t need to comply with ISO 26262. However, if such a module shares components with safety-critical systems, it’s best to follow functional safety guidelines.

There are different ways to ensure quality in automotive products and achieve functional safety for road vehicles. Let’s explore why ISO 26262 is worth your attention even if compliance is not legally required.

Why strive for ISO 26262 compliance?

With 27.7 million vehicle recalls issued throughout 2024 in the US, it’s clear that automotive industry players still struggle to maintain the quality of vehicle systems. Reasons may include increasingly complex vehicle technologies, new software types, and evolving cybersecurity threats.

If a certain OEM, supplier, or software vendor starts being associated with too many recalls, it can undermine consumer trust. All automotive businesses should strive for strong quality control and thorough testing to minimize both recall expenses and reputational risks. And an essential part of doing so is ensuring proper functional safety.

Why is functional safety important in automotive?

Using ISO 26262 as a guideline helps automotive software engineering teams implement classification systems for key risks and choose proven testing methods and safe coding practices. This allows them to minimize the risk of software crashes, prevent software-caused accidents, and even save costs in the long run by avoiding recalls and liability claims.

Below, we take a deeper look at the key benefits of ISO 26262 compliance:

• Overall safety improvements. The structured and proven approaches gathered in ISO 26262 help engineering teams comprehensively manage functional safety. Thus, you can make sure that every stage of creating safety-critical components, from development to implementation, adheres to best practices, significantly reducing the risk of system failures and accidents. By identifying and mitigating potential hazards early, the ISO 26262 standard ensures vehicles remain safe throughout their operational life.
• Increased customer trust. Voluntary compliance with standards like ISO 26262 signals a clear commitment to safety and reliability. This is especially critical for electric and autonomous vehicles, where public trust is still evolving. It can also help manufacturers achieve high European New Car Assessment Programme ratings, which positively impact buyers’ decisions.
• Continuous quality enhancement. Since the standard promotes a culture of continuous improvement in safety practices and engineering processes, your team will be able to detect flaws early. Thus, you’ll reduce costly fixes at later development stages and might even prevent product recalls. Apart from improving long-term system performance, ISO 26262 facilitates seamless integration between systems from different suppliers, ensuring interoperability and reducing integration risks.

Adoption of ISO 26262 not only builds consumer and stakeholder trust but also facilitates international market entry for manufacturers due to worldwide acceptance.

Note that establishing automotive functional safety along with achieving ISO 26262 compliance is a long journey. It takes time to investigate ISO 26262 requirements, figure out how to follow all of them, and implement functional safety in your current workflows. Let’s start at the very beginning and explore the structure and key elements of this standard.

How ISO 26262 works: Functional safety essentials

The ISO 26262 standard is based on twelve parts, each referring to a different level of the product lifecycle. Ten parts are normative, and the other two are guidelines.

• Part 1: Vocabulary specifies vocabulary, definitions, and abbreviations. A uniform understanding of terms not only helps your team to be on the same page but also minimizes the risk of misunderstandings with your contractors and clients.
• Part 2: Management of functional safety explains the proposed methodology for handling all aspects of functional safety. This section provides your team with a comprehensive picture of the safety lifecycle.
• Part 3: Concept phase guides you through the early phase of product development. This section defines functional safety requirements and requires performing a hazard and risk assessment. This set of requirements helps your team finalize your project’s safety goals.
• Part 4: Product development at the system level includes helpful specifications that will guide your team through safety concepts, architectural designs, integration, and testing.
• Part 5: Product development at the hardware level provides your team with critical requirements for hardware development. It also asks your team to evaluate violations of safety goals due to random failures.
• Part 6: Product development at the software level helps engineers address concerns on the software level. Your team will learn key specifications for software safety, architectural design, verification, integration, and embedded software testing.
• Part 7: Production, operation, service and decommissioning explains how to set up and maintain a production process for safety-related elements and items. Your team also will get all necessary information regarding operations, services, and decommissioning for users that interact with safety-related items.
• Part 8: Supporting processes provides your team with recommendations on how to correctly proceed to system verification, perform tool qualification, and introduce proven in-use arguments.
• Part 9: Automotive Safety Integrity Level (ASIL)-oriented and safety-oriented analyses is a document that describes different types of analyses, along with ASIL tailoring, criteria for coexistence of elements, analysis of dependent failures, and safety analyses. We take a closer look at ASILs below.
• Part 10: Guidelines on ISO 26262 provides engineers with extra context for the general concepts of ISO 26262.
• Part 11: Guidelines on applying the standard to semiconductors supports semiconductor manufacturers and silicon intellectual property (IP), explaining how IP suppliers and integrators should work together.
• Part 12: Adaptation of ISO 26262 to motorcycles tailors the standard’s requirements to motorcycles.

Among these twelve parts, Part 9, also known as ASILs, is especially important. It specifies the hazard potential of each system and defines the key development rules for automotive engineers. Such a decomposition technique helps development teams efficiently manage and mitigate risks associated with specific functions or components.

This classification consists of four levels, with ASIL D representing the highest degree of hazard control rigor and ASIL A the lowest:

• ASIL A is assigned to systems with a relatively low risk of harm, where failures are unlikely to cause serious injury. Examples: interior lighting, windscreen washers, infotainment systems.
• ASIL B is applied to systems where failure could lead to non-serious injury or pose a moderate safety concern. Examples: brake lights, reversing camera, instrument cluster.
• ASIL C is used for systems that demand stringent safety requirements and thorough validation, since failure could result in serious injury. Examples: adaptive cruise control, battery management systems, suspension.
• ASIL D is applied to the most safety-critical systems, where failure could be fatal. Examples: autonomous driving systems, braking systems, airbags, electric power steering.

As you can see, ISO 26262 is extensive. For organizations just beginning their compliance journey, implementing this standard in their workflow can feel overwhelming. Although the implementation process can take up to several years, achieving ISO 26262 compliance is manageable with the right strategy.

Make sure your team starts with a gap analysis, thoroughly assessing your current development processes, tools, and organizational structure against ISO 26262 requirements. Once you identify what’s already in place and what needs to be built or improved, it becomes much easier to keep going through the standard guidelines.

However, understanding the basics of ISO 26262 may not be enough for ensuring product safety and further maintenance. It’s best to also pay attention to key trends of functional safety in the automotive industry and consider using at least some of them to your advantage.

Key trends in automotive functional safety

As the automotive industry evolves alongside trends in software-defined, connected, and autonomous vehicles, functional safety has to evolve as well to meet upcoming challenges. Let’s explore a few key trends that are worth your attention. Some can help you enhance your automotive project’s security, while others might cause new challenges of their own.

1. Artificial intelligence and machine learning

AI and ML allow engineers to analyze large datasets, automating and accelerating pattern identification. Thus, these technologies help to enhance functional safety processes like hazard analysis, fault detection, test case generation, and predictive maintenance.

Integrating Machine Learning and AI in Automotive Safety: Enhancing ISO 26262 Compliance, written by Jherrod Thomas, highlights the beneficial use of AI and ML for the following development phases:

• Design phase. ML algorithms can foresee potential modes of failure, which is crucial for crafting more resilient automotive systems.
• Testing and validation. ML models can process large volumes of testing data, detecting anomalies. This comes in handy for ensuring adherence to safety standards and assisting with successful certification.
• Operational phase. Once a vehicle is manufactured and in use, AI’s capabilities for real-time surveillance help to continuously monitor the vehicle’s systems and behaviors on the road. Automotive companies can use ML models to detect patterns that indicate a component like brakes or a battery is beginning to degrade before it actually fails, allowing issues to be fixed early and advancing operational vehicle safety.

Note: Integrating AI and ML in the vehicle development process is challenging due to strict dataset requirements and distinct analyses for ML applications within the ISO 26262 framework. Make sure to establish processes for ensuring dataset quality and properly test AI-based systems.

2. Software-defined vehicles

Software-defined vehicles (SDVs) manage their operations and enable new features primarily through software, so engineers don’t solely rely on hardware when improving vehicle functionality and updating safety measures.

However, building this type of vehicle introduces:

• Increased software complexity. SDVs rely on extensive ecosystems for features like over-the-air (OTA) updates and autonomous driving, which also tend to evolve dynamically. Thus, it becomes hard to map certain safety goals to specific software components.
• Need for V-model adaptation. ISO 26262 relies on a traditional V-model, which aligns development phases with corresponding testing activities, forming a “V” shape where design stages on the left correspond to validation stages on the right. SDVs, on the contrary, are based on agile and iterative development methods to keep pace with rapid innovation and continuous feature updates. Engineering teams must find a way to ensure ISO 26262 compliance by adapting the V-model to the SDV development process.
• Post-deployment safety. Since SDVs keep receiving regular updates post-production, teams must ensure that each update aligns with chosen functional safety principles.

3. Model-based systems engineering

Model-based systems engineering (MBSE) is a methodology that uses digital modeling and simulation to design systems. MBSE aims to support the entire lifecycle of a system, from conception and design to decommissioning. By creating virtual models of systems, engineers can simulate and test system behavior, finding ways to improve efficiency and reduce the risk of errors.

This methodology is also applied in the automotive industry and is particularly valuable for working with ADAS and SDVs:

• Documentation traceability. MBSE facilitates traceability from high-level safety requirements through implementation and testing, providing clear artifacts for documenting compliance.
• Verification. MBSE enables early simulation, virtual testing, and automated code generation, assisting with the verification and validation processes required by ISO 26262.
• Product development at the software level. Part 6 of ISO 26262 can be mapped onto MBSE workflows, but it requires tailoring the standard’s requirements to the specific models, tools, and processes used in MBSE projects.

4. Over-the-air updates

OTA updates help automakers quickly deliver upgrades and new features to onboard vehicle systems using remote technologies. Over 33% of vehicles recalled in 2024 can be fixed via OTA updates, reflecting the industry’s shift toward more efficient and customer-friendly recall solutions.

OTA updates play a vital role in ensuring and maintaining automotive functional safety thanks to:

• Post-production functional safety. OTA updates help automotive organizations fix issues discovered after a product’s release. For example, they can be used to fix glitches in infotainment systems, driver assistance systems, and battery management. Safety can also be improved by pushing vulnerability patches.
• Safe and secure updates. When implemented correctly, OTA technology ensures that updates are not corrupted by allowing only trusted sources to push updates. It also should provide rollback mechanisms.

However, OTA updates themselves may bring security challenges. Your team has to ensure that all updates are:

• Assessed to make sure they don’t alter safety goals or affect safety mechanisms
• Documented and tracked: what was changed, why, and how it was verified
• Tested and validated against applicable safety requirements

5. Continuous cybersecurity enhancement

Increasing connectivity is accompanied by increasing vulnerability. Automotive organizations must not only keep up with securing their products from old threats but also expect new challenges that come with ADAS, SDVs, and OTA updates. The reason is that new connectivity options open new ways for malicious actors to target safety-critical systems.

Integrating cybersecurity measures into functional safety processes can help your team achieve the following:

• Comprehensive risk management. Both ISO 26262 and cybersecurity frameworks require systematic risk analysis. Continuously enhancing cybersecurity measures ensures that new and evolving cyber risks are identified and mitigated alongside functional safety risks.
• Safety tampering prevention. ISO 26262 requires manufacturers to make sure systems behave safely even when faults occur. And cybersecurity mechanisms can help ensure that functional safety logic remains intact if an incident occurs or an update goes wrong.
• Continuous testing and validation. ISO 26262 requires rigorous testing and validation of safety-related systems. By continuously updating cybersecurity measures and incorporating security testing, organizations can identify vulnerabilities that might impact safety functions, ensuring ongoing compliance and resilience.

Note: To ensure proper cybersecurity, consider following the practices offered in ISO/SAE 21434.

Functional safety and cybersecurity: Apriorit’s take

The convergence of functional safety and cybersecurity is particularly evident in modern vehicles, where external connectivity exposes systems to potential cyber threats. For example, a cyberattack on a vehicle’s braking or steering system could cause a safety-critical failure, even if the system is functionally sound. Therefore, ensuring cybersecurity is essential to maintain the integrity of safety mechanisms.

For companies aiming to comply with ISO 26262, cybersecurity expertise is vital. Understanding potential cyber threats and implementing appropriate countermeasures enhances the effectiveness of functional safety mechanisms and strengthens the overall resilience of automotive systems. At Apriorit, we are ready to share our knowledge, skills, and experience to help you bring product safety to the next level.

• Apriorit is a TISAX-certified company, meaning we use a proven approach to establish proper cybersecurity in projects for automotive companies.
• Our teams already have diverse experience with automotive projects, from auditing the security of vehicle communication systems to enhancing mobile apps for electric vehicle charging services.
• When creating custom software and applications, Apriorit engineers adhere to the strictest practices of the secure software development lifecycle, focusing on early vulnerability detection and elimination.
• Our engineers have vast experience delivering secure solutions, enabling robust data protection and encryption mechanisms.
• We also work with projects that require reliable firmware protection and proper embedded system performance.
• We conduct professional security testing and audit services, helping our clients make sure their software is protected and resilient against potential threats.

Conclusion

Functional safety practices can not only help companies deliver better automotive products but also prevent accidents and save lives. As a result of reducing residual risks throughout the entire development cycle, automotive companies improve both vehicle performance and their reputation among customers.

Following standards for ensuring functional safety in automotive even when they are not mandatory saves money on fixing recalls and fosters development of new, safer technologies. However, compliance with ISO 26262 takes time — not to mention that it requires making sure your business partners and vendors also adhere to the strictest quality standards.

Apriorit offers top-quality automotive software development services, assisting with a variety of tasks from sensitive data protection to vehicle component integration. As a TISAX-certified company, we’re dedicated to overcoming every challenge using proven security measures, technologies, and tools.