Sunday, April 4, 2021

A Driver-Centric User’s Guide to Vehicle Automation Modes

Vehicle Automation Modes emphasize the responsibilities of a self-driving vehicle user

By: Dr. Philip Koopman, Carnegie Mellon University

Vehicle Automation Modes
Image CC BY 4.0 https://creativecommons.org/licenses/by/4.0/

(See the accompanying video here:  YouTube | Archive.org)

If you follow self-driving car technology it’s likely you’ve encountered the SAE Levels of automation. The SAE Levels range from 0 to 5, with higher numbers indicating more capable driving automation technology. Unfortunately, in public discussions there is significant confusion and misuse of that terminology. In large part that is because the SAE Levels are primarily based on an engineering view rather than the perspective of a person driving the car.

We need a different categorization approach. One that emphasizes how drivers and organizations will deploy these vehicles rather than the underlying technology. This is not a replacement for the engineering use of SAE levels, but rather a complementary tool for public discussions of the technology that emphasizes the practical aspects of the driver’s role in vehicle operation.

If you doubt that another set of terminology is needed, consider the common informal use of the term “Level 2+,” which is undefined by the underlying SAE J3016 standard that sets the SAE Levels. Consider also the fact that different companies mean significantly different things when they say “Level 3.” In some cases Level 3 follows SAE J3016, meaning that the driver is responsible for monitoring vehicle operation and being ready to jump in — even without any notice at all — to take over if something goes wrong. In other cases vehicles described as Level 3 are expected to safely bring themselves to a stop even if the driver does not notice a problem, which is more like a “Level 3+” concept (also undefined by SAE J3016).

Other Safety

Even more importantly, the SAE Levels say nothing about all the safety relevant tasks that a human driver does beyond actual driving. For example, someone has to make sure that the kids are buckled into their car seats. To actually deploy such vehicles, we need to cover the whole picture, in which driving is critical but only a piece of the safety puzzle.

The Five Operational Modes

In creating a driver-centric description of capabilities, the most important thing is not the details of the technology, but rather what role and responsibility the driver is assigned in overall vehicle operation. We propose five categories of vehicle operation: Assistive, Supervised, Automated, and Autonomous.

Woman driving with both hands on the wheel.

Assistive: A licensed human driver drives, and the vehicle assists.
  • Human Role: Driving
  • Driving: Human
  • Driving Safety: Human
  • Other Safety: Human
The technology’s job is to help the driver do better by improving the vehicle’s ability to execute the driver’s commands and reduce the severity of any impending crash.

This might include anti-lock brakes, stability control, cruise control, and automatic emergency braking. The driver always remains in the loop, exerting at least some form of continuous control over speed, lane keeping, or both. Most passenger vehicles on the road today are Assistive. Generally, this maps to SAE Level 1 and some portions of SAE Level 2.


Woman hands off the steering wheel. Eyes on the road monitoring the vehicle

Supervised: The vehicle drives, but a human driver is responsible for ensuring safety.
  • Human Role: Eyes ON Road
  • Driving: Vehicle
  • Driving Safety: Human
  • Other Safety: Human
Technology normally handles all aspects of the driving task. However, a licensed human driver is responsible for continuous monitoring of driving safety and taking over control instantly if something goes wrong. The driver is not expected to perform a continuous control function such as steering or speed control while in this operating mode. An effective driver monitoring system is required to ensure driver ability to take over when required. 

Tesla “Autopilot” and GM Super Cruise are examples of Supervised operating modes. Generally, this maps to SAE Levels 2 and 3. Achieving safety will depend on getting sufficient driver engagement and avoiding having the vehicle put the driver into an untenable recovery situation.

Supervised autonomy should make it reasonable to expect a civilian driver without specialized training to maintain safety. As a practical matter, this limits use to highway cruise-control style applications where the vehicle does both lane keeping and speed/separation control. If the vehicle can make turns at intersections, it is beyond what is reasonably safe for civilian driver supervision, and instead is likely to be a road test vehicle.


Man reading with eyes off the road as vehicle performs driving tasks

Automated: The vehicle performs the complete driving task.
  • Human Role: Eyes OFF Road
  • Driving: Vehicle
  • Driving Safety: Vehicle
  • Other Safety: Human
A human driver is not required to operate the vehicle in this mode. However, a responsible person is required to ensure other aspects of vehicle safety such as buckling up the kids, proper securing of any cargo, and post-crash response. Simply put, in this operation mode the vehicle does the driving, but a responsible human is still the “captain of the ship” for handling everything except the driving. In some cases, there might be an expectation that a human driver moves the vehicle under manual control during portions of a trip that are not suitable for Automated operation. 

Examples of Automated operation include a heavy truck on divided highway portions of its route, and low speed shuttles that require human conductors for passenger safety. Generally this maps to SAE Levels 4 and 5. Achieving safety will depend on the automated driver being able to handle everything that might occur during driving, and ensuring the vehicle takes safe actions even with no driver intervention when its driving capabilities have been exceeded.


No human behind the wheel.

Autonomous: The whole vehicle is completely capable of operation with no human monitoring.
  • Human Role: No Human Driver
  • Driving: Vehicle
  • Driving Safety: Vehicle
  • Other Safety: Vehicle
The vehicle can complete an entire driving mission under normal circumstances without human supervision. If something goes wrong, the vehicle is entirely responsible for alerting humans that it needs assistance, and for operating safely until that assistance is available. Things that might go wrong include not only encountering unforeseen situations and technology failures, but also flat tires, a battery fire, being hit by another vehicle, or all of these things at once. People in the vehicle, if there are any, might not be licensed drivers, and might not be capable of assuming the role of “captain of the ship.” 

Examples of Autonomous vehicles might include uncrewed robo-taxis, driverless last mile delivery vehicles, and heavy trucks in which the driver is permitted to be asleep. Achieving safety will depend on the autonomous vehicle being able to handle everything that comes its way, for example according to the UL 4600 safety standard. Generally this maps to SAE Levels 4 and 5 in addition to handling vehicle safety issues beyond the scope of SAE J3016.


Photo by Alena Darmel from Pexels

Road Testing: A trained safety driver supervises the operation of an automation testing platform.
  • Human Role: Trained safety driver
  • Driving: Vehicle
  • Driving Safety: Human
  • Other Safety: Human
The vehicle is a test bed for vehicle automation features. Because it is immature technology, the driver must have specialized training and operating procedures to ensure public safety, for example according to the SAE J3018 road testing operator safety standard.

Driver Roles:

No simple set of descriptive terms like this can be perfect, and this approach will inevitably have its shades of gray. However, it has the distinct advantage that human drivers will have clear expectations of their roles:
  • Assistive: Human drives.
  • Supervised: Human monitors and takes over if needed.
  • Automated: Human can ignore driving, but ensures other aspects of vehicle safety.
  • Autonomous: No human involvement needed to ensure safety.
  • Road testing: Specially trained safety operator monitors and compensates for potential design defects

Driver Liability:

Another related advantage is that it provides a more straightforward way to describe potential human driver liability:
  • Assistive: As with conventional human driving.
  • Supervised: The human driver is responsible for safety unless the vehicle does something dangerous that is beyond a reasonable human driver capacity to intervene.
  • Automated: The human driver is not responsible for driving errors, but is responsible for non-driving aspects of safety such as passenger safety, proper cargo loading, and post-crash situation management.
  • Autonomous: There is no human driver to blame for mistakes.
  • Road testing: The testing organization is responsible for safety in accordance with an SMS (Safety Management System). This requires special safety driver selection, training, monitoring, and testing procedures.

Multiple Operational Modes:

A single vehicle can employ various operational modes across its Operational Design Domain (ODD). What is most important is that at any particular time the vehicle and the driver both understand that the vehicle is in exactly one of the five operational modes so that the driver’s responsibilities remain clear. As a simplified example, the same car might operate as Autonomous in a specially equipped parking garage, Automated on limited access highways, Supervised on designated main roads, and Assistive at other times. In such a car it would be important to ensure that the human driver is aware of and capable of performing accompanying driver responsibilities when modes change.

We think it would benefit consumers and other stakeholders if discussions regarding vehicle automation capabilities encompassed a driver's point of view using the terms: Assistive, Supervised, Automated, Autonomous, and road testing. That could help reduce confusion and even reduce the loss of life caused by misunderstanding the responsibilities of the driver in different operational modes.

But what about the SAE Levels?

The point is to not use the SAE Levels when messaging to consumers, legislators, and non-engineers. But for those who really want to see it, here's the way things line up:



If you find it surprising that SAE J3016 Level 3 is Supervised instead of Automated, read this:  https://users.ece.cmu.edu/~koopman/j3016/#myth07

If you find it surprising that Autonomous mode is beyond Level 5, read this: https://users.ece.cmu.edu/~koopman/j3016/#myth11

If you find it surprising that road testing does not appear on that chart, that's because SAE J3016 classifies by intent rather than capability, and does not have a separate category for road testing.

Get the Mug & T-Shirt!

You can get a mug, t-shirt, and other swag here:
https://www.cafepress.com/vehicleautomationmode
(Sold at zero mark-up; distribution area limited.)

If you want to make your own poster, t-shirt, mug, or whatever, feel free to download the high resolution graphic and do it yourself.  No permission required!  (Hint: you can often get a better discount price at CafePress by uploading one of the below graphics and using a coupon code rather than using the store above. Go for it!  The store is just for convenience.)

Basic graphic:  https://archive.org/details/VehicleAutomationModesChart

SAE Level 2 graphic:  https://archive.org/details/level-2-vehicle-automation-modes

Updated 12/13/2021
on No comments:
Labels: , ,
Subscribe to: Posts (Atom)