Vay deployment of tele-driven cars

Vay is deploying tele-driven cars in Las Vegas. At a first pass they have done some safety homework, but open questions remain that they should address to instill public confidence. I spent some time doing background research before posting (especially listening to this All About Autonomy podcast with their founder https://lnkd.in/eYQH72EE ).



Initial summary of their system:
- The operational concept is a rental car ferry service with a tele-driving kit on top of an ordinary vehicle. 100% remotely driven between rentals, and a regular human driver during a rental period.
- Telecom disruptions result in the vehicle doing a safing response of some sort, details unspecified.
- They claim conformance to ISO 26262 (functional safety), ISO 21448 (SOTIF), and ISO 21434 (security) with TUV certification. This is some good news for teleoperation. Would like to know if ISO 26262 includes software (companies often play a game and just do hardware; don't know the case for Vay). Does not address full scope of autonomous safing response when needed.
- They mention, but do not claim conformance to, UL 4600. That standard applies both when driving and during an autonomous safing response.
- This is an SAE Level 4 vehicle because it must completely control itself during a safing response. (This is another reason SAE J3016 levels are unsuitable for regulation, but that is what states are using nonetheless.)
- Limited to slow speeds. They claim they are characterizing remote connectivity lag and modulating maximum speed accordingly, etc.

Initial Thoughts:
- There is no safety report and no VSSA evident on their company web page. They would be well advised to be more public about safety before the first crash.
- The timing, dynamics, and human/machine interface issues of remote driving are potentially very problematic. They say they have a handle on it. Because of opacity on safety (typical of the industry) we either have to take their word for it -- or not. But at least they acknowledge it is a concern, and that is better than the obvious cluelessness of some previous companies on this topic. Driver training will be huge.
- I'll bet at this point the failure response to communications loss is an in-lanes stop. They say they have redundancy but we'll just have to see how this works out for both safety and stranded cars. We won't really know until they try to scale up.
- I'd like to know what will happen if there is a catastrophic large-scale communication disruption -- are all the cars stranded in travel lanes impeding emergency response vehicles? For example deploying in cities prone to earthquakes this is an important question.

Takeaways:
- My take is that safe remote driving is a strong claim, requiring strong evidence.
- There is a risk any crash will be blamed on the remote driver regardless of any contributing technology failure. We'll have to see how that turns out.

Comments

Popular Posts