標準簡介
ISO 21448:2022 是由 國際標準化組織 (ISO) 發布的現行有效標準,常用於汽車、電子產品、科技等產業,並適用於全球等市場。
本頁整理了 ISO 21448:2022 的官方文件、目前狀態以及常見相關認證或評估機構,便於快速理解要求與落地路徑。
Beyond Functional Safety
Addresses hazards from functional insufficiencies and reasonably foreseeable misuse — even when the system is operating correctly without malfunctions, filling the gap that ISO 26262 does not cover.
Sensor & Algorithm Limitations
Focuses on performance limitations of sensing and perception systems (cameras, radar, lidar) and decision algorithms that may cause unsafe behavior in triggering conditions.
Scenario-Based Analysis
Uses scenario-based approaches to identify and evaluate triggering conditions — specific situations or combinations of conditions that can lead to hazardous behavior of the intended functionality.
list_alt SOTIF Process Areas
- Specification and design of the intended functionality
- Identification of potentially hazardous behavior
- Analysis of triggering conditions and functional insufficiencies
- Evaluation of known and unknown hazardous scenarios
- Definition and implementation of improvement measures
- Verification and validation strategy for SOTIF
- Criteria for demonstration of acceptable residual risk
- Operational phase monitoring and field data collection
Who Needs to Comply?
Automotive OEMs and suppliers developing advanced driver assistance systems (ADAS) and automated driving systems. Particularly critical for SAE Level 2+ through Level 4 systems where perception, decision-making, and actuation must function safely under all foreseeable conditions.
Key Requirements
Functional Insufficiency Identification
Systematically identify functional insufficiencies in the specification and design of the intended functionality, including sensor limitations, algorithm performance boundaries, and actuator constraints.
Triggering Condition Analysis
Identify and analyze triggering conditions — specific environmental situations, user behaviors, or input combinations that could cause the system to exhibit hazardous behavior despite operating as designed.
Scenario Classification & Evaluation
Classify scenarios into four areas: known safe, known hazardous, unknown safe, and unknown hazardous. Systematically reduce the unknown and known hazardous areas to achieve acceptable residual risk.
Verification & Validation Strategy
Define a comprehensive V&V strategy combining simulation, test track, and real-world driving to demonstrate that residual risk from SOTIF-related hazards is sufficiently low across all relevant scenarios.
SOTIF-Related Monitoring
Implement field monitoring and data collection to identify previously unknown triggering conditions during operation, and feed findings back into the SOTIF improvement process.
Penalties & Enforcement
No direct regulatory penalties — ISO 21448 is a voluntary standard. However, SOTIF analysis is increasingly expected by type approval authorities and is referenced in UNECE regulatory frameworks. Failure to address SOTIF can lead to recalls, liability claims, and reputational damage if automated systems cause incidents due to functional insufficiencies.