ISO 21448:2022
Road vehicles — Safety of the intended functionality (SOTIF)
Standard Introduction
ISO 21448:2022 is an active standard published by International Organization for Standardization (ISO). It is commonly used across Automotive, Electronics, Technology and applies in Global.
Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with ISO 21448:2022.
Beyond Functional Safety
Addresses hazards from functional insufficiencies and reasonably foreseeable misuse — even when the system is operating correctly without malfunctions, filling the gap that ISO 26262 does not cover.
Sensor & Algorithm Limitations
Focuses on performance limitations of sensing and perception systems (cameras, radar, lidar) and decision algorithms that may cause unsafe behavior in triggering conditions.
Scenario-Based Analysis
Uses scenario-based approaches to identify and evaluate triggering conditions — specific situations or combinations of conditions that can lead to hazardous behavior of the intended functionality.
list_alt SOTIF Process Areas
- Specification and design of the intended functionality
- Identification of potentially hazardous behavior
- Analysis of triggering conditions and functional insufficiencies
- Evaluation of known and unknown hazardous scenarios
- Definition and implementation of improvement measures
- Verification and validation strategy for SOTIF
- Criteria for demonstration of acceptable residual risk
- Operational phase monitoring and field data collection
Who Needs to Comply?
Automotive OEMs and suppliers developing advanced driver assistance systems (ADAS) and automated driving systems. Particularly critical for SAE Level 2+ through Level 4 systems where perception, decision-making, and actuation must function safely under all foreseeable conditions.
Key Requirements
Functional Insufficiency Identification
Systematically identify functional insufficiencies in the specification and design of the intended functionality, including sensor limitations, algorithm performance boundaries, and actuator constraints.
Triggering Condition Analysis
Identify and analyze triggering conditions — specific environmental situations, user behaviors, or input combinations that could cause the system to exhibit hazardous behavior despite operating as designed.
Scenario Classification & Evaluation
Classify scenarios into four areas: known safe, known hazardous, unknown safe, and unknown hazardous. Systematically reduce the unknown and known hazardous areas to achieve acceptable residual risk.
Verification & Validation Strategy
Define a comprehensive V&V strategy combining simulation, test track, and real-world driving to demonstrate that residual risk from SOTIF-related hazards is sufficiently low across all relevant scenarios.
SOTIF-Related Monitoring
Implement field monitoring and data collection to identify previously unknown triggering conditions during operation, and feed findings back into the SOTIF improvement process.
Implementation Roadmap
Prepare scope, ownership and obligations
Define the SOTIF safety assurance program scope across intended vehicle functionality, perception and decision systems, sensors, algorithms, operating design domains, foreseeable misuse, scenario analysis, verification, validation, and safety argument evidence. Assign accountable owners, identify applicable legal, customer, certification, or regulatory drivers, and agree how evidence will be governed.
Gap analysis and risk prioritisation
Assess current practices against ISO 21448 expectations and risk context. Review functional insufficiencies, performance limitations, foreseeable misuse, scenario identification, trigger conditions, SOTIF hazards, risk evaluation, verification and validation strategy, residual risk acceptance, and safety argument maintenance, then prioritize gaps by legal exposure, safety or consumer impact, customer impact, operational dependency, and review readiness.
Implement controls, records and reporting
Deploy required controls, operating processes, documentation, supplier or partner workflows, testing, reporting, and escalation paths. Build traceable evidence around item definitions, ODD definitions, scenario catalogues, trigger condition analyses, SOTIF hazard analyses, simulation reports, road-test evidence, validation coverage, residual risk decisions, and safety argument records.
Review, audit and keep current
Complete readiness reviews, internal checks, and corrective actions before the SOTIF assessment or customer safety review. Refresh the program after product, service, supplier, technology, legal, market, incident, or regulator changes.
Compliance Checklist
checklist Scope and accountability
checklist Controls and evidence
checklist Monitoring and improvement
Penalties & Enforcement
No direct regulatory penalties — ISO 21448 is a voluntary standard. However, SOTIF analysis is increasingly expected by type approval authorities and is referenced in UNECE regulatory frameworks. Failure to address SOTIF can lead to recalls, liability claims, and reputational damage if automated systems cause incidents due to functional insufficiencies.
Frequently Asked Questions
Who needs ISO 21448?
expand_more
ISO 21448 is relevant for organizations whose products, services, systems, or regulated activities fall within intended vehicle functionality, perception and decision systems, sensors, algorithms, operating design domains, foreseeable misuse, scenario analysis, verification, validation, and safety argument evidence. It is commonly driven by regulation, customers, certification, market access, or assurance needs.
What is the main purpose of ISO 21448?
expand_more
The practical purpose is to create a repeatable program for functional insufficiencies, performance limitations, foreseeable misuse, scenario identification, trigger conditions, SOTIF hazards, risk evaluation, verification and validation strategy, residual risk acceptance, and safety argument maintenance. The program should make obligations visible, define accountable owners, operate controls, and keep evidence current.
What should be done first?
expand_more
Start by confirming scope, ownership, and applicable obligations. This prevents teams from building documents or controls that do not match the actual product, service, system, or regulated activity.
How long does implementation take?
expand_more
A focused implementation can take several weeks or months. Timing depends on maturity, number of sites or systems, supplier involvement, technical complexity, testing needs, and external review depth.
What evidence is most useful?
expand_more
Useful evidence includes item definitions, ODD definitions, scenario catalogues, trigger condition analyses, SOTIF hazard analyses, simulation reports, road-test evidence, validation coverage, residual risk decisions, and safety argument records. Reviewers usually expect traceable evidence that connects obligations to decisions, controls, tests, reports, and corrective actions.
How should suppliers or partners be managed?
expand_more
Supplier and partner duties should be documented through contracts, onboarding requirements, data or evidence requests, performance monitoring, and escalation routes for findings, incidents, or changes.
When should the program be updated?
expand_more
Update the program after legal changes, product or service changes, supplier changes, new markets, incidents, complaints, regulator feedback, or audit findings. Stale evidence is a common compliance failure.
Can this be integrated with other programs?
expand_more
Yes. ISO 21448 can usually share governance, document control, training, supplier management, issue tracking, risk management, internal review, and corrective-action workflows with adjacent compliance programs.
Official Documentation
Official PDF for ISO 21448:2022
Official publication or summary for ISO 21448:2022
Official online resource
International Organization for Standardization (ISO) guidance and reference material
Implementation toolkit
Templates, guidance, or companion resources for ISO 21448:2022