ISO/TC 22/SC 32/WG 14 N 95
ISO/TC 22/SC 32/WG 14 "Safety and Artificial Intelligence"
Convenorship: DIN
Convenor: Burton Simon Mr Prof. Dr.
ISO PAS 8800 2022-09-20 - WD01 for commenting
Document type Related content Document date Expected action
Project / Other 2022-09-20 COMMENT/REPLY by
2022-10-24
Description
Dear All,
please use the attached document for your review and commenting.
Due date for submission of the national comments is 2022-10-24.
Each country shall only submit one consolidated comment sheet (see N97) to stephan.kraehnert@vda.de.
Please consider the commenting guidelines (see N96).
The word document (N99) is for additional text work only. Do not use this document as reference in the comment sheet.
In case of any questions please do not hesitate to contact me (stephan.kraehnert@vda.de).
Best regards,
Stephan Kraehnert
© ISO 2022 – All rights reserved
ISO/TC 22/SC 32
1
ISO/AWI PAS 8800(en)
2
Secretariat: JISC
3
Road Vehicles — Safety and artificial intelligence
4
Véhicules routiers — Sécurité et intelligence artificielle
5
ISO/AWI PAS 8800:2022(E)
ii © ISO 2022 – All rights reserved
© ISO 2022
6
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this
7
publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical,
8
including photocopying, or posting on the internet or an intranet, without prior written permission. Permission
9
can be requested from either ISO at the address below or ISO’s member body in the country of the requester.
10
ISO copyright office
11
CP 401 • Ch. de Blandonnet 8
12
CH-1214 Vernier, Geneva
13
Phone: + 41 22 749 01 11
14
E-mail: copyright@iso.org
15
Website: www.iso.org
16
Published in Switzerland
17
ISO/AWI PAS 8800:2022(E)
© ISO 2022 – All rights reserved iii
Contents
18
Foreword .................................................................................................................................................................................. vii
19
Introduction ............................................................................................................................................................................ viii
20
1 Scope .............................................................................................................................................................................. 1
21
2 Normative references .............................................................................................................................................. 1
22
3 Terms and definitions ............................................................................................................................................. 1
23
3.1 General AI related definitions .............................................................................................................................. 2
24
3.2 Data related definitions .......................................................................................................................................... 8
25
3.3 General safety related definitions .................................................................................................................... 10
26
3.4 Safety: Root cause and error related definitions ....................................................................................... 15
27
3.5 Miscellaneous definitions .................................................................................................................................... 21
28
4 Abbreviations ........................................................................................................................................................... 24
29
5 Relation to other safety and AI related standards ..................................................................................... 24
30
5.1 Relation to safety standards ............................................................................................................................... 24
31
5.2 Relation to AI standards ....................................................................................................................................... 25
32
5.3 Relation to ISO TR 5469 ....................................................................................................................................... 25
33
6 AI within the context of road vehicles systems safety engineering ................................................... 26
34
6.1 Objectives ................................................................................................................................................................... 26
35
6.2 Reference architecture for AI-based functions ........................................................................................... 26
36
6.3 A causal model of hazardous behaviour of AI systems ........................................................................... 28
37
6.3.1 Root cause classes .............................................................................................................................................. 28
38
6.3.2 Error classification depending on the root cause class ...................................................................... 29
39
6.3.3 Error classification depending on their impact on safety ................................................................. 30
40
6.3.4 Cause and effect chain ...................................................................................................................................... 30
41
6.3.5 Elaboration of the error concepts ............................................................................................................... 31
42
6.3.6 Safety-related properties ................................................................................................................................ 33
43
6.4 AI and functional safety ........................................................................................................................................ 36
44
6.4.1 Applying ISO 26262 and ISO 21448 to safety-related Machine Learning (ML)-based AI
45
systems 36
46
6.4.2 Specification of ML-based functionality.................................................................................................... 36
47
6.5 AI and safety of the intended functionality (Work in progress - may be deleted) ....................... 38
48
7 Safety lifecycle for AI systems ............................................................................................................................ 38
49
7.1 Objectives ................................................................................................................................................................... 38
50
7.2 General Requirements .......................................................................................................................................... 39
51
7.3 Reference AI safety lifecycle ............................................................................................................................... 39
52
7.3.1 Interactions with system level safety activities ..................................................................................... 40
53
ISO/AWI PAS 8800:2022(E)
iv © ISO 2022 – All rights reserved
7.3.2 Derivation of safety requirements on the AI system ........................................................................... 42
54
7.3.3 AI system development ................................................................................................................................... 43
55
7.3.4 Evaluation of the safety assurance argument ........................................................................................ 46
56
7.3.5 Operations ............................................................................................................................................................. 47
57
8 Derivation of safety requirements on AI systems ..................................................................................... 49
58
8.1 Objectives ................................................................................................................................................................... 49
59
8.2 General Requirements .......................................................................................................................................... 49
60
8.2.1 Workflow and connections from objectives to general requirements (informative) ............ 49
61
8.2.2 General requirements (normative) ............................................................................................................ 50
62
8.3 Specific Considerations for Supervised Machine Learning ................................................................... 51
63
8.3.1 Directly measurable targets derived from higher-level safety requirements .......................... 51
64
8.3.2 Utilizing safety-related properties to restrict the occurrence of AI output insufficiencies. 54
65
8.3.3 Metrics, measurements and threshold design ....................................................................................... 56
66
8.3.4 Discussion and recommendations .............................................................................................................. 56
67
9 Selection of AI-Measures and design-related considerations .............................................................. 57
68
9.1 Objectives ................................................................................................................................................................... 58
69
9.2 General requirements ........................................................................................................................................... 58
70
9.3 Suitability of measures for improving AI Trustworthiness (Work in Progress) .......................... 60
71
9.3.1 Types of AI Measures (Work in Progress) ............................................................................................... 60
72
9.3.2 AI Trustworthiness characteristics (Work in Progress) .................................................................... 61
73
9.3.3 Example of relevance between safety-related properties and AI measures (Work in
74
Progress) ................................................................................................................................................................................... 63
75
9.4 Examples of development measures for AI System (Work in Progress) ......................................... 64
76
9.4.1 Transparent and analysable AI architecture (Work in Progress) .................................................. 64
77
9.4.2 AI Model Modification (Work in Progress) ............................................................................................. 68
78
9.4.3 Out of distribution input data (Work in Progress) ............................................................................... 69
79
9.4.4 Robust Learning (Work in Progress) (Work in Progress) ................................................................ 69
80
9.4.5 Attention / Saliency Maps (Work in Progress) ...................................................................................... 70
81
9.4.6 Augmentation of Data (Work in Progress) .............................................................................................. 70
82
9.4.7 Optimization of Hyperparameters (Work in Progress) ..................................................................... 70
83
9.4.8 Verifying feature selection (Work in Progress) ..................................................................................... 71
84
9.4.9 Monitoring multiple scores (Work in Progress) ................................................................................... 71
85
9.5 Examples of architectural measures for control and mitigation of AI-related risks (Work in
86
Progress) ................................................................................................................................................................................... 71
87
9.5.1 Measures for Architectural Redundancy (Work in Progress) ......................................................... 71
88
9.5.2 Measures to determine need for re-training (Work in Progress) .................................................. 72
89
9.6 Considerations related to the target execution environment (Work in Progress) ...................... 78
90
