Wednesday, October 5, 2022

Gatik Announcement -- Is it real safety? Or just AV safety theater?

Gatik just announced it has completed an extensive third-party safety review of its system as part of deploying fully driverless commercial operations in Canada. But the announcement raises many questions as to how much it really assures safety.

Gatik truck in Walmart livery

The autonomous vehicle safety arena is full of misinformation, disinformation, safety theater -- and players earnestly trying to do the right thing. Companies routinely employ ambiguous language, half-truths, and outright propaganda to deploy safety theater. But some companies use unambiguous statements of conformity to safety standards to show they are really doing safety. Which bucket does Gatik fall into?  Let's take a look at the signs from their press release.

Gatik claims that their third-party review covers safety and security. This was done with "a team of third-party experts." No mention of who these experts might have been, nor their qualifications. The gold standard is an accredited third party assessor such as TUV SUD (there are quite a few others as well).

For security they mention reasonable standards including SAE J3061, ISO/SAE 21434, and UNECE R155. It would be better to see them state "conformance" with these standards instead of just saying they were "covered" by the review. (Maybe they failed to conform as a result -- who knows?)  But at least this statement shows that the experts knew enough to look at these standards. So maybe OK, but hard to say.

For safety the only standard mentioned is SAE J3016 -- which is not a safety standard. In fact, only meeting the minimum requirements for the SAE Levels is not safe in practice (e.g., driver monitoring is not required, nor is any notification to the human driver that takeover is required after some types of failures). The safety analysis, such as it is, is clearly patterned after J3016, mentioning ODD and OEDR. 

There is a statement that "where they apply, the vehicle and ADS comply with safety relevant standards and best practices, such as those developed by SAE International and the International Organization for Standardization (ISO)."  No mention of ANSI/UL 4600, which was included by NHTSA as a highly relevant standard. Also, what do they mean by "where they apply" exactly? Other companies have gone on the record saying none of the AV-specific safety standards apply to their AV. So maybe Gatik means they aren't following safety standards at all.  Not even SAE J3018 for testing safety.

What I get out of reading the announcement is they hired some unidentified experts of unknown reputation, who likely had better credentials in security than safety. (Any bona fide safety experts would never pronounce that a system was "safe" based solely on testing results as indicated in the press release.) They took a look and say "sure, looks like it works." That's about it. (If there is more, we'd expect them to brag about it with some specificity, right?)  

If there is one thing I've learned in this industry is that companies will claim the strongest thing they think they can. A weak claim means a weak result. This is a very weak safety claim.

While I appreciate that Gatik publicly messages “Safety is at the heart of everything we do," this Gatik press release fairly screams safety theater. If they want us to believe their message is compelling, they need to do better. Some examples of ways they could provide a better statement of safety:

  • What exactly do you mean by "acceptable" safety?
  • Name the safety standards they "considered."   Were they ISO 26262, ISO 21448, ANSI/UL 4600, and SAE J3018 (all safety standards). These are the types of standards US DOT has already proposed for regulatory purposes, so they ought to be top of mind for any AV safety assessment.
  • Name the safety standards they actually conform to beyond "considering" and potentially not implementing.
  • Is there an Safety Management System (SMS)?  Didn't see it mentioned. This is safety 101, so you'd think they'd at least mention that.
  • Say who the external experts were so we can judge their reputation. Were they an accredited assessment organization? Were any of them actually qualified to opine on safety rather than security?
  • Explain how it is that a "rigorous suite of system as well as component level tests" can show safety. Because everyone would really like to know how you can do that for an AV. The safety standards are much more about engineering processes and safety engineering, with validation just being the tail of the safety dog. Certainly nothing I've seen indicates that validation-only safety assessment is possible for an AV.
Their announcement video talks about delivering against a value proposition. The only reason it gives for believing they are safe is ... saying they deliver safety and "manage risk."  That's it.  Gatik has not issued a VSSA, so no info to be had there.

Gatik -- your turn.  If you have a response I'll be happy to post it here for all to see:

... no response yet ...




No comments:

Post a Comment

All comments are moderated by a human. While it is always nice to see "I like this" comments, only comments that contribute substantively to the discussion will be approved for posting.