Where Failures May Occur in Automated Driving: A Fault Tree Analysis Approach

There will be circumstances where partial or conditionally automated vehicles fail to drive safely and require human interventions. Within the human factors community, the taxonomies surrounding control transitions have primarily focused on characterizing the stages and sequences of the transition between the automated driving system (ADS) and the human driver. Recognizing the variance in operational design domains (ODDs) across vehicles equipped with ADS and how variable the takeover situations may be, we describe a simple taxonomy of takeover situations to aid the identification and discussions of takeover scenarios in future takeover studies. By considering the ODD structure and the human information processing stages, we constructed a fault tree analysis (FTA) aimed to identify potential failure sources that would prevent successful control transitions. The FTA was applied in analyzing two real-world accidents involving ADS failures, illustrating how this approach can help identify areas for improvements in the system, interface, or training design to support drivers in level 2 and level 3 automated driving.