verified_user
Standardful
Homechevron_rightStandardschevron_rightISO 21448:2022
ActiveInternational Standardupdate Standard Updated: Jun 2022fact_check Fact checked: Jun 28, 2026

ISO 21448:2022

Road vehicles — Safety of the intended functionality (SOTIF)

apartmentPublishing Organization:International Organization for Standardization (ISO)

Standard Introduction

ISO 21448:2022 is an active standard published by International Organization for Standardization (ISO). It is commonly used across Automotive, Electronics, Technology and applies in Global.

Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with ISO 21448:2022.

psychology

Beyond Functional Safety

Addresses hazards from functional insufficiencies and reasonably foreseeable misuse — even when the system is operating correctly without malfunctions, filling the gap that ISO 26262 does not cover.

visibility

Sensor & Algorithm Limitations

Focuses on performance limitations of sensing and perception systems (cameras, radar, lidar) and decision algorithms that may cause unsafe behavior in triggering conditions.

explore

Scenario-Based Analysis

Uses scenario-based approaches to identify and evaluate triggering conditions — specific situations or combinations of conditions that can lead to hazardous behavior of the intended functionality.

list_alt SOTIF Process Areas

  • Specification and design of the intended functionality
  • Identification of potentially hazardous behavior
  • Analysis of triggering conditions and functional insufficiencies
  • Evaluation of known and unknown hazardous scenarios
  • Definition and implementation of improvement measures
  • Verification and validation strategy for SOTIF
  • Criteria for demonstration of acceptable residual risk
  • Operational phase monitoring and field data collection

Who Needs to Comply?

groups

Automotive OEMs and suppliers developing advanced driver assistance systems (ADAS) and automated driving systems. Particularly critical for SAE Level 2+ through Level 4 systems where perception, decision-making, and actuation must function safely under all foreseeable conditions.

Key Requirements

1

Functional Insufficiency Identification

Systematically identify functional insufficiencies in the specification and design of the intended functionality, including sensor limitations, algorithm performance boundaries, and actuator constraints.

2

Triggering Condition Analysis

Identify and analyze triggering conditions — specific environmental situations, user behaviors, or input combinations that could cause the system to exhibit hazardous behavior despite operating as designed.

3

Scenario Classification & Evaluation

Classify scenarios into four areas: known safe, known hazardous, unknown safe, and unknown hazardous. Systematically reduce the unknown and known hazardous areas to achieve acceptable residual risk.

4

Verification & Validation Strategy

Define a comprehensive V&V strategy combining simulation, test track, and real-world driving to demonstrate that residual risk from SOTIF-related hazards is sufficiently low across all relevant scenarios.

5

SOTIF-Related Monitoring

Implement field monitoring and data collection to identify previously unknown triggering conditions during operation, and feed findings back into the SOTIF improvement process.

Implementation Roadmap

1
Phase 1schedule Duration: 2-4 weeks

Prepare scope, ownership and obligations

Define the SOTIF safety assurance program scope across intended vehicle functionality, perception and decision systems, sensors, algorithms, operating design domains, foreseeable misuse, scenario analysis, verification, validation, and safety argument evidence. Assign accountable owners, identify applicable legal, customer, certification, or regulatory drivers, and agree how evidence will be governed.

2
Phase 2schedule Duration: 4-8 weeks

Gap analysis and risk prioritisation

Assess current practices against ISO 21448 expectations and risk context. Review functional insufficiencies, performance limitations, foreseeable misuse, scenario identification, trigger conditions, SOTIF hazards, risk evaluation, verification and validation strategy, residual risk acceptance, and safety argument maintenance, then prioritize gaps by legal exposure, safety or consumer impact, customer impact, operational dependency, and review readiness.

3
Phase 3schedule Duration: 8-20 weeks

Implement controls, records and reporting

Deploy required controls, operating processes, documentation, supplier or partner workflows, testing, reporting, and escalation paths. Build traceable evidence around item definitions, ODD definitions, scenario catalogues, trigger condition analyses, SOTIF hazard analyses, simulation reports, road-test evidence, validation coverage, residual risk decisions, and safety argument records.

4
Phase 4schedule Duration: Ongoing

Review, audit and keep current

Complete readiness reviews, internal checks, and corrective actions before the SOTIF assessment or customer safety review. Refresh the program after product, service, supplier, technology, legal, market, incident, or regulator changes.

Compliance Checklist

0 / 12

checklist Scope and accountability

checklist Controls and evidence

checklist Monitoring and improvement

Penalties & Enforcement

warning

No direct regulatory penalties — ISO 21448 is a voluntary standard. However, SOTIF analysis is increasingly expected by type approval authorities and is referenced in UNECE regulatory frameworks. Failure to address SOTIF can lead to recalls, liability claims, and reputational damage if automated systems cause incidents due to functional insufficiencies.

Frequently Asked Questions

Who needs ISO 21448?

expand_more

ISO 21448 is relevant for organizations whose products, services, systems, or regulated activities fall within intended vehicle functionality, perception and decision systems, sensors, algorithms, operating design domains, foreseeable misuse, scenario analysis, verification, validation, and safety argument evidence. It is commonly driven by regulation, customers, certification, market access, or assurance needs.

What is the main purpose of ISO 21448?

expand_more

The practical purpose is to create a repeatable program for functional insufficiencies, performance limitations, foreseeable misuse, scenario identification, trigger conditions, SOTIF hazards, risk evaluation, verification and validation strategy, residual risk acceptance, and safety argument maintenance. The program should make obligations visible, define accountable owners, operate controls, and keep evidence current.

What should be done first?

expand_more

Start by confirming scope, ownership, and applicable obligations. This prevents teams from building documents or controls that do not match the actual product, service, system, or regulated activity.

How long does implementation take?

expand_more

A focused implementation can take several weeks or months. Timing depends on maturity, number of sites or systems, supplier involvement, technical complexity, testing needs, and external review depth.

What evidence is most useful?

expand_more

Useful evidence includes item definitions, ODD definitions, scenario catalogues, trigger condition analyses, SOTIF hazard analyses, simulation reports, road-test evidence, validation coverage, residual risk decisions, and safety argument records. Reviewers usually expect traceable evidence that connects obligations to decisions, controls, tests, reports, and corrective actions.

How should suppliers or partners be managed?

expand_more

Supplier and partner duties should be documented through contracts, onboarding requirements, data or evidence requests, performance monitoring, and escalation routes for findings, incidents, or changes.

When should the program be updated?

expand_more

Update the program after legal changes, product or service changes, supplier changes, new markets, incidents, complaints, regulator feedback, or audit findings. Stale evidence is a common compliance failure.

Can this be integrated with other programs?

expand_more

Yes. ISO 21448 can usually share governance, document control, training, supplier management, issue tracking, risk management, internal review, and corrective-action workflows with adjacent compliance programs.

Official Documentation

View All

Implementation Timeline

description
Jan 2019
ISO/PAS 21448:2019 published as a Publicly Available Specification, introducing the SOTIF concept
check_circle
Jun 2022
Full international standard ISO 21448:2022 published, replacing the PAS with expanded scope and requirements
trending_up
2023
Increasing adoption by OEMs as ADAS and automated driving systems reach higher automation levels
gavel
2024
UNECE frameworks begin referencing SOTIF principles for type approval of automated driving systems
update
2025
Revision discussions begin to address AI/ML-based perception systems and Level 4 autonomy challenges

Related Categories