Lilly Tech Systems
Advanced
Best Practices
Safety validation, regulatory compliance, edge case handling, and strategies for building production-grade autonomous driving systems.
Safety-First Design
Redundancy
Every critical system needs a backup. Dual compute, redundant sensors, fallback controllers, and independent safety monitors.
Minimal Risk Condition
Define what the vehicle does when something goes wrong: pull over safely, stop in lane, or request human takeover.
Safety Monitors
Independent watchdog systems that can override the autonomy stack. Monitor perception confidence, planning feasibility, and system health.
SOTIF (ISO 21448)
Safety of the Intended Functionality addresses hazards from insufficient performance of the AI system, not just hardware failures.
Handling the Long Tail
The "long tail" of rare edge cases is the biggest challenge in autonomous driving. Strategies include:
- Massive data collection: Fleet-scale data logging to capture rare events
- Scenario mining: Automatically identify interesting/difficult scenarios from logged data
- Synthetic data: Generate rare scenarios in simulation (adversarial weather, unusual objects)
- Active learning: Focus model training on the hardest examples
- Conservative fallback: When uncertain, slow down or stop rather than making risky decisions
Regulatory Landscape
| Regulation | Scope | Key Requirements |
|---|---|---|
| NHTSA (US) | Federal vehicle safety | FMVSS exemptions, crash reporting, safety self-assessment |
| EU AI Act | AI systems in the EU | High-risk classification, transparency, human oversight |
| ISO 26262 | Functional safety | ASIL levels, fault tree analysis, safety lifecycle |
| ISO 21448 | SOTIF | Performance limitations, triggering conditions, validation |
| UL 4600 | AV safety case | Structured safety argumentation framework |
Testing Pyramid for AVs
- Unit tests: Individual algorithm components (detector accuracy, controller tracking error)
- Module tests: Complete subsystems (perception pipeline, planning stack)
- Integration tests: Full stack in simulation with automated scenario suites
- Hardware-in-the-loop: Real compute and sensors with simulated environment
- Closed-course testing: Real vehicle in controlled test facilities
- Public road testing: With safety drivers, in approved operational design domains
Data Management
- Data logging: Record all sensor data, system state, and decisions for replay and analysis
- Data labeling: Build efficient labeling pipelines with auto-labeling and human review
- Data versioning: Track dataset versions alongside model versions for reproducibility
- Privacy: Anonymize faces and license plates in logged data. Comply with GDPR and local regulations.
Congratulations! You've completed the Autonomous Vehicles course. You now understand the complete self-driving stack from perception through control, and the safety and regulatory considerations for deployment. The AV industry needs engineers who understand both the technology and the responsibility that comes with it.