Periodic Reporting for period 3 - ArchitectECA2030 (Trustable architectures with acceptable residual risk for the electric, connected and automated cars)
Reporting period: 2022-07-01 to 2023-12-31
Development in electric, connected, and automated (ECA) vehicle driving technology leads to a paradigm shift in transportation systems, user experience, mode choices, and business models. Automated driving technology is progressing with advancements in electronic components and systems (ECS) and increased verification, validation, and testing requirements to provide increased safety and reliability.
To be accepted by drivers and other stakeholders, automated vehicles must be reliable and significantly safer than today's driving baseline. Consequently, there is a strong need for independent and reproducible validation of automated vehicles even though they have to deal with non-deterministic elements.
The vision of ArchitectECA2030 is to provide a harmonized pan-European validation framework enabling mission-oriented validation of ECS for electric, connected, and automated (ECA) SAE L3 to L5 vehicles to improve reliability, robustness, safety, and traceability.
The ArchitectECA2030 goals are to manage failure modes, uncertainties, and failure probabilities, propagating through the entire ECA vehicle stack consisting of on-board HW, on-board SW, off-board SW and data, development, and validation methodologies, to support hazard identification, risk analysis, and sufficient risk mitigation.
To develop a widely agreed homologation framework, comprised of harmonized methods, tools, and processes able to handle dynamic requirements (e.g. new scenarios, untested events, online traffic data etc.) provided by the in-vehicle monitoring device, to ultimately design safe, secure, and reliable ECA vehicle with a well-defined, quantified, and acceptable residual risk across all ECS levels. The residual risk relies on the failure risks of every single semiconductor, electronic component, subsystem, and system used to build ECA vehicles.
Propose, align, and develop a concept for an in-vehicle monitoring device, which can indicate and measure the health status and possible degradations of the functional electronics and electronic systems, enabling predictive diagnosis, maintenance and reconfiguration of embedded software.
Bring together the representative stakeholders from the ECS industry, standardization and certification bodies (Europe, US, Asia), governments, test field operators, and academia in tight interaction with the lighthouse initiative Mobility.E and its LIASE group to influence emerging standards, validation and homologation procedures for ECA vehicles and contributing to the emerging UL 4600 which is based on ISO 26262 and ISO/PAS 21448 (SOTIF).
To be accepted by drivers and other stakeholders, automated vehicles must be reliable and significantly safer than today's driving baseline. Consequently, there is a strong need for independent and reproducible validation of automated vehicles even though they have to deal with non-deterministic elements.
The vision of ArchitectECA2030 is to provide a harmonized pan-European validation framework enabling mission-oriented validation of ECS for electric, connected, and automated (ECA) SAE L3 to L5 vehicles to improve reliability, robustness, safety, and traceability.
The ArchitectECA2030 goals are to manage failure modes, uncertainties, and failure probabilities, propagating through the entire ECA vehicle stack consisting of on-board HW, on-board SW, off-board SW and data, development, and validation methodologies, to support hazard identification, risk analysis, and sufficient risk mitigation.
To develop a widely agreed homologation framework, comprised of harmonized methods, tools, and processes able to handle dynamic requirements (e.g. new scenarios, untested events, online traffic data etc.) provided by the in-vehicle monitoring device, to ultimately design safe, secure, and reliable ECA vehicle with a well-defined, quantified, and acceptable residual risk across all ECS levels. The residual risk relies on the failure risks of every single semiconductor, electronic component, subsystem, and system used to build ECA vehicles.
Propose, align, and develop a concept for an in-vehicle monitoring device, which can indicate and measure the health status and possible degradations of the functional electronics and electronic systems, enabling predictive diagnosis, maintenance and reconfiguration of embedded software.
Bring together the representative stakeholders from the ECS industry, standardization and certification bodies (Europe, US, Asia), governments, test field operators, and academia in tight interaction with the lighthouse initiative Mobility.E and its LIASE group to influence emerging standards, validation and homologation procedures for ECA vehicles and contributing to the emerging UL 4600 which is based on ISO 26262 and ISO/PAS 21448 (SOTIF).
Overall the project successfully delivered 15 demonstrators linked to 4 individual supply chains:
Supply Chain 1 demonstrators:
• Foreign object detection system within a wireless charging system
• Robust Physical Sensors
• Simulation of run-time monitoring device for automated driving and robust environmental perception
• Position Enhancement Using 2D cameras
Supply Chain 2 demonstrators:
• Condition monitoring and predictive maintenance of inverter power components
• Formal methods based monitoring device
• Health monitoring system for electric motors
• Secure Monitoring Device (MonDev)
Supply Chain 3 demonstrators:
• Road condition detection and V2X connectivity
• Digital twin package monitoring
• Built-in connectivity component aging monitoring
Supply Chain 4 demonstrators:
• Hardening automatism for power or motor control design
• Lifetime Drift Model for Discrete Parameters
• Virtual Validation & Verification (V3) Framework
• Automated Driving Demonstrator
In addition, the project developed five concrete examples (formed out of individual demonstrators) to showcase the system layer objectives:
1 ACC/LKA big-picture demonstrator
2 Perception big-picture demonstrator
3 Powertrain big-picture demonstrator
4 Connectivity big-picture demonstrator
5 Conceptual framework for homologation (Reference Homologation Process)
Exploitation and dissemination of results:
• 55 events attended to present the achieved results at various international, national and regional conferences
• The website was visited 4193 times during the 3rd reporting period
• 73 new posts. They reached 25292 impressions. 760 followers on LinkedIn and Twitter
• 42 publications prepared including scientific journals, conference papers, and other scientific articles
• 23 exploitable results including exploitation roadmaps
Supply Chain 1 demonstrators:
• Foreign object detection system within a wireless charging system
• Robust Physical Sensors
• Simulation of run-time monitoring device for automated driving and robust environmental perception
• Position Enhancement Using 2D cameras
Supply Chain 2 demonstrators:
• Condition monitoring and predictive maintenance of inverter power components
• Formal methods based monitoring device
• Health monitoring system for electric motors
• Secure Monitoring Device (MonDev)
Supply Chain 3 demonstrators:
• Road condition detection and V2X connectivity
• Digital twin package monitoring
• Built-in connectivity component aging monitoring
Supply Chain 4 demonstrators:
• Hardening automatism for power or motor control design
• Lifetime Drift Model for Discrete Parameters
• Virtual Validation & Verification (V3) Framework
• Automated Driving Demonstrator
In addition, the project developed five concrete examples (formed out of individual demonstrators) to showcase the system layer objectives:
1 ACC/LKA big-picture demonstrator
2 Perception big-picture demonstrator
3 Powertrain big-picture demonstrator
4 Connectivity big-picture demonstrator
5 Conceptual framework for homologation (Reference Homologation Process)
Exploitation and dissemination of results:
• 55 events attended to present the achieved results at various international, national and regional conferences
• The website was visited 4193 times during the 3rd reporting period
• 73 new posts. They reached 25292 impressions. 760 followers on LinkedIn and Twitter
• 42 publications prepared including scientific journals, conference papers, and other scientific articles
• 23 exploitable results including exploitation roadmaps
In contrast to other domains, such as aviation or railway, safety integrity level (SIL) levels higher than ASIL D (SIL-3) are not state of the art in the automotive domain. In that respect, ArchitectECA2030 strives to provide a commonly accepted framework as a basis for the certification of "mobility as a service", thus closing the current certification gaps.
The supply chain specific demonstrator has achieved several technical advancements beyond the state-of-the-art (see 42 scientific publications). Additionally, a major accomplishment beyond the current state-of-the-art is the concept of the developed monitoring device:
To maximize the learning from in-service data ArchitectECA2030 developed a hierarchical monitoring device concept including 4 distinct abstraction layers for ECA vehicles (starting from sub-components, via components, through sub-systems up to the system the entire ECA vehicle itself). The main purpose of the hierarchical monitoring device approach is to monitor the health status of the individual elements across the 4 specified layers to guarantee the safe operation of the vehicle within its specified ODD. The nominal behavior of the 4 specified layers is directly specified via the system requirements and specification of the entire ECA vehicle.
In the ArchitectECA2030 project, we focus on strategies and approaches to manage the resulting residual risk at the system level in an effective and safe manner. In this sense, we have designed a system-level residual risk management strategy that aims to continue the operation of the ECA vehicle as long as the residual risk is acceptable.
In addition to the technical impact mentioned, the project has defined two objectives: 'End user acceptance by trustworthy ECS value chain' and the importance of 'ZERO emission, ZERO crashes, ZERO congestions by ECA2030 cars'.
The technologies developed in several supply chains showcased by individual demonstrators aimed to minimize residual risk and increase the trustworthiness of electric, connected, and autonomous vehicles. This ensures that end-users can rely on the electronic components, autonomous system design, and safety functions, including information, warnings, and actions. Furthermore, demonstrations can enhance end-user acceptance by establishing trustworthy ECS systems that comply with safety standards, employ predictive modelling, utilize virtual testing environments, and incorporate robust fault injection mechanisms. The EU's political agenda to eliminate road traffic fatalities by 2050 is known as Vision ZERO. Regulation 2019/2144 (new GSR) is a significant element of this agenda. It mandates various ADAS features for the EU market, regardless of the manufacturer, as long as the vehicle is to be sold on the EU market. This regulation has been applicable since July 2022. Supply Chain 5 has considered draft documents related to the GSR architecture/environment.
The supply chain specific demonstrator has achieved several technical advancements beyond the state-of-the-art (see 42 scientific publications). Additionally, a major accomplishment beyond the current state-of-the-art is the concept of the developed monitoring device:
To maximize the learning from in-service data ArchitectECA2030 developed a hierarchical monitoring device concept including 4 distinct abstraction layers for ECA vehicles (starting from sub-components, via components, through sub-systems up to the system the entire ECA vehicle itself). The main purpose of the hierarchical monitoring device approach is to monitor the health status of the individual elements across the 4 specified layers to guarantee the safe operation of the vehicle within its specified ODD. The nominal behavior of the 4 specified layers is directly specified via the system requirements and specification of the entire ECA vehicle.
In the ArchitectECA2030 project, we focus on strategies and approaches to manage the resulting residual risk at the system level in an effective and safe manner. In this sense, we have designed a system-level residual risk management strategy that aims to continue the operation of the ECA vehicle as long as the residual risk is acceptable.
In addition to the technical impact mentioned, the project has defined two objectives: 'End user acceptance by trustworthy ECS value chain' and the importance of 'ZERO emission, ZERO crashes, ZERO congestions by ECA2030 cars'.
The technologies developed in several supply chains showcased by individual demonstrators aimed to minimize residual risk and increase the trustworthiness of electric, connected, and autonomous vehicles. This ensures that end-users can rely on the electronic components, autonomous system design, and safety functions, including information, warnings, and actions. Furthermore, demonstrations can enhance end-user acceptance by establishing trustworthy ECS systems that comply with safety standards, employ predictive modelling, utilize virtual testing environments, and incorporate robust fault injection mechanisms. The EU's political agenda to eliminate road traffic fatalities by 2050 is known as Vision ZERO. Regulation 2019/2144 (new GSR) is a significant element of this agenda. It mandates various ADAS features for the EU market, regardless of the manufacturer, as long as the vehicle is to be sold on the EU market. This regulation has been applicable since July 2022. Supply Chain 5 has considered draft documents related to the GSR architecture/environment.