Introduction to Safety and Compliance

As vehicles have progressively leaned on electronic systems, the significance of safety and compliance standards linked to these systems has heightened considerably. Manufacturers rely on these standards as essential directives to guarantee vehicle safety during operation and minimize the potential for failures within automotive electronics.

The Need for Safety Standards

For multiple reasons, safety standards in automotive electronics are important. Primarily, these standards aid in securing the safety of not only the vehicle occupants but also pedestrians and other individuals using the roadways. The risk of a malfunction in the electronic systems rises as vehicles become more complicated and include more automated features. The framework set by safety standards manages risks by delineating procedures for designing, testing, and validating the safety of electronic systems.

Moreover, safety standards play a role in fostering the advancement of automotive technology by establishing a unified set of guidelines adhered to by all manufacturers. Such actions contribute to establishing a balanced competitive landscape within the industry and fostering innovation through the establishment of explicit safety performance expectations.

Consequences of Electrical and Electronic Failures

There is a need to differentiate between operational and non-operational hazards, when it comes to safety.

Functional Hazard: The significance is dual: if a function, such as the Electric Power Assisted Steering Wheel (Power Steering), encounters a fault, causing the steering wheel to jam, it poses a hazard by rendering the vehicle uncontrollable. Another potential origin of functional hazard arises if a safety system, such as the Airbag System, experiences a fault, rendering it unable to operate during a crash and thereby failing to safeguard passengers from more severe injuries. Frequently termed a "latent" fault, this issue typically remains undetectable during regular operational conditions.

Non-Functional Hazard: A non-functional hazard arises not from the lack of proper function but from a fault within the module, resulting in risks such as toxic fumes, thermal hazards, or electric shocks to individuals. As EV vehicles become more prevalent, the instances of thermal hazards in automobiles have risen. This is primarily due to the widespread use of Li-ion batteries as their primary energy source, known for their lower reliability in the face of thermal runaway and their reduced robustness. However, in vehicles, the source of thermal hazard is not restricted to batteries. Instances like an overheating DC/DC converter situated beneath a low-temperature rated carpet at the vehicle's base have highlighted design flaws. These situations demonstrate that designing for non-functional safety can indeed pose a challenging task within the automotive industry.

There is also the need to differentiate between random and systematic failures.

Random Failure: This refers to a form of component failure occurring randomly during the vehicle's lifespan. Reliability standards, such as SN 29500 or IEC 62308, provide the basis for extracting the failure rate.

Systematic Failure: This failure occurs due to design flaws. Hardware, software or mechanical factors are the source of this failure. Consider a scenario where a module lacks protection against various battery voltage transients. As a result, occasional exposure to high voltage stresses may lead to its failure. Another instance is when a sealing ring within the enclosure fails to endure the numerous thermal cycles that may happen during a vehicle's lifespan. Consequently, the degradation of this sealing ring results in the deterioration of the enclosure's IP rating, leading to potential failures related to water ingress affecting the internal circuitry.

In a vehicle, the consequences of electronic and electrical faults can range from minor challenges to severe protection hazards. On a less severe level, an electronic failure could result in the malfunction of comfort features like the heating or air conditioning system. However, the consequences can be far more serious in more crucial systems.

For example, if the electronic control unit (ECU) within a vehicle were to fail, it could cause unforeseen behavior in the brakes, engine or steering. This might potentially result in a loss of control over the vehicle. Likewise, incorrect responses or actions that could confuse the driver or, worse, contribute to an accident can be caused by malfunctioning within driver-assistance systems.

Hence, in vehicles, the implications of electronic failures emphasize the necessity for rigorous safety and compliance standards within automotive electronics. With the ongoing evolution of technology and the introduction of new features, it becomes imperative to continually update and expand these standards. This is crucial for ensuring the ongoing safety and reliability of our vehicles.

Key Automotive Safety Standards

Safety standards have become increasingly crucial to make sure that modernization does not compromise the safety and dependability of vehicles as the automotive industry continues to innovate. The key standards that have shaped dependability and safety aspects of automotive electronics are mentioned below:

ISO 26262 - Road Vehicles Functional Safety

For functional safety in road vehicles, ISO 26262 is an international standard. Within the vehicle, it particularly addresses the electrical and electronic systems and concentrates on the important safety lifecycle activities to fulfill the safety needs. The ISO 26262 standard originates from the broader functional safety guideline, IEC 61508. Its design specifically tailors to meet the distinct requirements within the automotive industry. A framework for risk analysis, design, deployment, validation, verification, and configuration is provided by this standard. ISO 26262 manages the operational safety needs for buses and trucks from 2018.

Automotive Safety Integrity Level (ASIL)

For automotive systems, ASIL is a risk classification scheme defined by ISO 26262. These gauges the strict standards of safety and dependability necessary for a particular function within a vehicle. The spectrum spans from QM denoting no requisite safety integrity to ASIL D, signifying the utmost level of safety integrity. The assigned level hinges on factors such as the hazard's severity, its likelihood of occurrence (exposure), and the driver's ability to manage the hazard (controllability). Automotive OEMs (Original Equipment Manufacturers) dictate these levels based on their historically evolved risk acceptance levels. To establish the ASIL ratings, they frequently employ the HARA (Hazard and Risk Assessment) analysis method. Varied ASIL ratings permit different allowable random failure rates for the electronics responsible for delivering the necessary function within the vehicle. For instance, if adherence to ASIL D requirements is necessary for a Power Steering module, it implies that the overall failure rate, resulting in the loss of control over the vehicle, is 10 FIT (Failure in Time), which means number of random failures occurred in 10^9 hours.

SN29500 and IEC 62308 reliability standards

Siemens AG developed the SN29500 standard as a predictive model to assess the reliability of automotive electronics within electronic systems. Employing a physics of failure methodology, the standard considers various environmental factors that vehicles encounter, including temperature and mechanical stress. In the electronics design, the FIT rate for each element is provided by SN29500.

In contrast, IEC 62308 serves as a comprehensive standard addressing the functional safety of electrical and electronic equipment embedded within safety-related systems. It outlines the overarching prerequisites governing the design, construction, testing, and documentation of safety-related systems. Yet, of late, IEC 62308 has gained prominence within the automotive industry as the principal standard used to calculate FIT rates for electronic components. As compared to SN 29500, IEC 62308 is more detailed in various ways. For instance, considering the entire mission profile of an electronic module rather than solely focusing on average temperatures, as seen in SN 29500, empowers designers to exert more precise control over the entire architectural design.

For the design and development of safe vehicles, the safety standards in the automotive sector are crucial. To fulfill the strict safety and dependability needs, they offer the required frameworks for manufacturers to make sure their automobiles are designed, developed and tested. In the automotive sector, a key component of safety engineers’ skillset is the understanding and application of these standards.

Regulatory Compliance and Certifications

To make sure the safety and dependability of automotive electronics, regulatory compliance and certifications play a crucial role. These standards establish obligatory minimum performance thresholds, necessitating compliance verification through certification procedures. The Federal Motor Vehicle Safety Standards (FMVSS) in the United States and the European New Car Assessment Programme (Euro NCAP) in Europe stand as two pivotal entities in this domain.

Federal Motor Vehicle Safety Standards (FMVSS)

In the United States, the National Highway Traffic Safety Administration (NHTSA) is responsible for establishing the FMVSS, which forms a comprehensive array of safety performance standards governing motor vehicles and associated equipment. To decrease the likelihood of accidents and limit the consequences when they do happen, these standards are designed. These standards cover a wide spectrum of vehicle attributes, comprising braking capabilities, occupant protection, lighting, fuel systems, materials for glazing and additional features. Regarding automotive electronics, FMVSS establishes regulations governing various functions such as vehicle lighting, antilock braking systems, electronic stability control, and similar features. Adherence to these standards is obligatory and subject to random verification through the acquisition and testing of vehicles directly from production lines.

European New Car Assessment Programme (Euro NCAP)

To enhance vehicle safety standards and elevate new safety technologies, the Euro NCAP is an independently established body in Europe. Known for its extensive vehicle testing program, Euro NCAP evaluates and assigns safety ratings to new cars. Unlike FMVSS, Euro NCAP doesn't function as a regulatory entity; rather, it offers consumers an independent and transparent evaluation of the safety performance of commonly sold cars in Europe. Assessments of adult occupant protection, pedestrian safety, child occupant protection, and the effectiveness of safety assist technologies are included in the rating system. In recent years, leading to more robust safety evaluations for vehicles with these features, Euro NCAP has raised its focus on advanced driver-assistance systems (ADAS) and autonomous driving technologies.

Collectively, regulatory compliance and certifications such as FMVSS and Euro NCAP constitute the fundamental support system ensuring safety within the automotive industry. Through the establishment of elevated benchmarks and conducting autonomous assessments, these entities propel the advancement of vehicles toward increased safety and reliability. As aspiring engineers, students must comprehend and value the impact of these standards and certifications on reshaping the automotive sector.

Best Practices for Design and Testing

In the design and development of automotive electronics, ensuring safety is pivotal. The application necessitates a combination of methodical analysis, structured developmental models, and rigorous adherence to standards. This exploration delves into essential practices crucial for ensuring the safety and efficiency of automotive electronic design. These include Failure Modes and Effects Analysis (FMEA), worst-case calculations, management of safety lifecycles, utilization of the V-Model and Agile model, 8-D analysis and adherence to AEC standards.

Failure Modes and Effects Analysis (FMEA)

FMEA stands as a proactive, methodical approach used to evaluate processes systematically, pinpoint potential failure points, and assess the varying impacts of these failures. Its purpose is to identify critical areas within the process that require prioritized modifications. Within automotive electronics, FMEA serves as a valuable tool for averting electronic failures by charting potential failure points and their subsequent impacts on the overall system. For instance, in the circuit, we explain the failure mode of a multilayer ceramic capacitor. When it fails, this capacitor type mostly goes into a short circuit. There are two potential causes for this occurrence. The first reason pertains to random hardware failure, governed by the aforementioned reliability standards. The second reason involves excessive microstrain stresses affecting the printed circuit board near the capacitor, resulting in capacitor cracking—an example of falling under systematic failures. To address microstrain stresses, it's advisable to incorporate preventive measures into your FMEA. For instance, consider relocating the capacitor away from high micro strain zones, such as screw holes, on the printed circuit board.

The V-Model vs Agile Model

Lifecycle of the V-Model in Automotive Industry: Each phase of the project lifecycle is associated with a testing phase in a development model known as V-model. Its emphasis on verification and validation makes this model highly prevalent within the automotive industry. Moreover, the stringent approach aligns well with the requirements of safety-critical automotive systems.

Figure 6: The V-model

There is a testing stage linked to it that makes the development procedure robust on every development layer.

Differences Between V-model and Agile Development: In contrast, Agile methodology is known for its short and iterative development cycles, offering enhanced flexibility that frequently leads to faster delivery of results. Yet, the constant changes inherent in Agile can pose challenges within the realm of intricate and safety-critical systems like automotive electronics.

Challenges in Agile Transformation in the Automotive Industry: Although the Agile model presents various benefits, such as heightened flexibility and adaptability to alterations, its implementation encounters hurdles within automotive development. This domain demands extensive documentation, rigorous testing, and adherence to standards - tasks that might prove difficult to incorporate seamlessly within the Agile paradigm.

8-D Analysis

The Importance of 8-D Analysis in Automotive: To address multiple challenges in product development and production, the Eight Disciplines (8D) problem-solving technique is used. In automotive electronics, it improves product quality by identifying, rectifying, and eliminating recurring problems.

Figure 7: Flowchart of the 8-D Analysis

Practical Example of 8-D Analysis in Automotive: An instance where the 8-D analysis proves effective when troubleshooting a failure observed in an ECU that has been returned from the field. Systematically, this process identifies the main cause, whether it stems from design or manufacturing issues with the ECU or its individual components. It then enacts corrective measures while also ensuring preventative actions to forestall any recurrence. Depending on the potential location of the root cause within the system, the 8-D analysis is conducted by either the car manufacturer or the component manufacturers. It is important to conduct the 8-D analysis and to make advancements to the product in the automotive sector.

Worst Case Calculation

The Importance of Worst Case Calculation in Automotive: Millions of vehicles are produced by car manufacturers each year. Within the circuits, the substantial volume leads to significant variations in component tolerances. To design modules with high robustness in achieving the safety-functions, the worst-case scenario analysis is critical.

Extreme Value, RSS and Monte Carlo Methods: To identify worst-case circumstances considering variations in system parameters, these statistical methods are used. Determining the maximum value of each parameter tolerance and then aggregating these values together is known as Extreme Value analysis. The analysis presented reflects a worst-case scenario compared to reality and is deemed the most secure approach. However, it frequently leads to intricate and costly designs. Extracting the square root of the sum of squared tolerances is known as the RSS (Root Sum Square) method. The method assumes a normal statistical distribution for the total tolerance of circuit parameters and solely accommodates their 3-sigma deviation. Frequently, the total distribution of circuit parameter tolerances deviates from normality. Monte-Carlo analysis is performed in that case. Monte Carlo randomly alters each parameter during calculations, offering a list of results that showcases which parameter combinations yield the system's most adverse outcomes.

Different Sources of Component Tolerances to Consider: It consists of temperature effects, aging, manufacturing tolerances and other environmental effects.

Safety Lifecycle Management in Development Process

This encompasses the execution of hazard analysis and risk assessment, setting safety requirements, executing design and implementation, verifying and validating, and generating safety documentation across the entire product lifecycle.

The AEC (Automotive Electronics Council)

What is AEC?: In the automotive sector, the AEC (an organization) sets qualification standards for electronic elements. Delegates from automotive car manufacturers and suppliers are present in this organization

AEC Qualification of Electronics Components: To define the minimum needs for a strong zero-defect technique with respect to the product and process capability, AEC-Q standards are globally recognized and designed. Manufacturers qualify electronic components to these standards by marking them with the AEC designation in their datasheets.

Supplier Responsibilities of AEC Qualified Components: The responsibility of manufacturers of AEC-qualified components extends beyond merely validating their components against the AEC-Q standards. In the event that a vehicle incorporates a defective AEC-qualified component, it is mandatory for the manufacturer to collaborate with their customer, conduct an 8-D analysis, and implement preventive measures as part of the resolution process. Establishing a traceability system for AEC-qualified parts is compulsory to pinpoint the exact origin of any faulty components.