What is Electric Vehicle Functional Safety Testing?

What is Electric Vehicle Functional Safety Testing?

Electric vehicle (EV) technology is evolving rapidly. Additionally, the demand for these vehicles is steadily increasing, with multiple countries prioritizing a decrease in internal combustion and ramping up zero-emissions vehicles within the next 5-15 years. LHP’s Chief Technology Officer Steve Neemeh illustrates this point in his recent article for our partner Jama Software:

• Norway: The first in the world, aims to have 100% zero-emission cars by 2025.
• Netherlands: 100% electric vehicle sales by 2030.
• India: 30% electric mobility by 2030.
• China: 20-25% of new car sales to be electric by 2025.
• France: Ban on fossil fuel-powered vehicles by 2040.
• UK: Ban on the sale of new petrol and diesel vehicles by 2030 and hybrids by 2035.
• USA: California leads the way with executive order N-79-20 which sets a 2035 date for ZEV sales.
• Germany: Ban on combustion engines by 2030

It’s easy to see that we are a long way from the first EVs of the 1830s. Interest in electric-powered transport has certainly risen and fallen over the decades. However, our current wave of EVs, perhaps starting in the mid-1990s when GM’s EV1 and the first Toyota Prius captured the industry’s attention, is going strong. With innovation and progress comes the need to ensure safety measures are keeping pace with the speed of product development, as the industry continues to evolve and the market for EVs continues to grow.

One innovation EV original equipment manufacturers (OEMs) – and their suppliers – utilize is the ISO international safety standard, ISO 26262: Road Vehicles – Functional Safety. When undergoing electric vehicle functional safety testing, understanding the exact needs of an electric vehicle is important to ensure the test requirements are written clearly. They require the proper degree of specificity to the electric vehicle, or its safety components, under test. Engineers at LHP’s EV Testing Center have a great deal of experience and expertise in both EV testing and functional safety specifications. We can perform a battery of functional safety tests on your battery, battery management, power inverter, and any other safety-related EV component. As needed, we can even evaluate client components against the ISO requirements to determine what test cases are required, essentially designing functional safety testing for each instance from the ground up.

Contents

• How functional safety benefits EV buyers, manufacturers, and suppliers
• Risk assessment for EV functional safety test design
• EV risk mitigation through iterative safety test processes
• Summary

How functional safety benefits EV buyers, manufacturers, and suppliers

Functional safety in electric vehicle manufacturing works to ensure that the electrical and electronic (E/E) components, which increase in every iteration of the vehicle, can be made safe in ways that are interconnected, methodical, and as predictive as possible. This is not a new idea; the ISO organization, in producing its 26262 standard, has organized and codified an extensive reiteration of many existing industry best safety practices.

For suppliers and OEMs, adopting ISO 26262 means that within the industry, there is recognition of the organization’s commitment. The company’s identity moves into closer alignment with ISO 26262, and this can bring in more business. Electric vehicle manufacturers and suppliers who follow the guidance of the ISO 26262 standard even take steps in design (called fail-safes or “watchdogs”) to be certain that, if a component or system should fail, it will do so in a way that is predictable and manageable. This decreases the total safety risk of the failed event. Another obvious benefit is that functional safety certification demonstrates an organization’s commitment to minimizing overall risk and creating the absolute safest vehicle they are able. Functional safety protects organizations with certification and allows them to grow into new markets where certification might be required. Additionally, companies that adopt functional safety provide a moat against legal action when their processes and products follow the ISO guidelines, even if it’s only to demonstrate that they have made every effort to protect consumers, and their efforts are documented in specific detailed format recognized by an international safety standards body.

For consumers interested in owning electric vehicles, neither the ISO organization nor “functional safety” as a codified and standardized set of industrial practices, may be something they think about often. However, it’s certainly true that all car buyers want their vehicles to be as safe as possible, and they typically look for assurances beyond a manufacturer’s claims. When potential EV buyers find the J.D. Power ranking for their intended purchase or compare the rankings published by organizations like US News and World Report, they are also interacting with functional safety. Consumer information sources like these typically abstract the functional safety underpinnings of those ratings, or the data from the National Highway Traffic Safety Administration (NHSTA), for example, which releases highway safety figures. This abstraction is to provide consumers with accessible information that they can easily understand and act on, but these published figures are built largely on and have resulted from, the functional safety efforts of OEMs and suppliers to make the vehicles they produce as safe as possible; the data shows how well they’ve done.

Risk assessment for EV functional safety test design

The functional safety standard, ISO 26262, is called a “risk-based” safety standard. This standard provides guiding principles for developing safety components and systems on both electric and internal-combustion vehicles. One quality of functional safety overall is to examine every aspect of any system related to safety. To assess a component or system, or an entire vehicle, the whole lifecycle of that component is considered, from development and production through its service life, and even to the decommissioning operations afterward (400-volt EV batteries, for example). This consideration leads to developmental guidelines for producing the safest component possible.

As a risk-based standard, ISO 26262 does devote significant resources to assessing risk. Assessing risk is a task best performed at the outset of conceptual or product development. Engineers, developers, and programmers working to produce ISO 26262-compliant components and systems must also spend time and other resources assessing and categorizing a proposed component’s risk level. In functional safety, the risk level can be expressed in the form of an Automotive Safety Integrity Level (ASIL) rating. The ISO organization defines levels of this risk classification system in the 26262 standard. The levels, from low risk to high risk, are A, B, C, and D. For almost all road-going vehicles, including EVs, ASIL “D” is the highest rating. Motorcycles, of which there are some electric models in production, only go to ASIL “C,” but the categories are also written differently.

In general, an electric vehicle’s highest possible ASIL rating is “D.” What’s important to note is that a higher ASIL corresponds to a higher degree of risk associated with functions governed or affected by a particular component or system. This means that components or systems carrying a higher ASIL must also be subject to higher demands in terms of functional safety compliance. What ASIL ratings specifically do not do is reflect the risk that a particular component will fail; instead, they describe the risk associated with the results of its failure. If a turn signal fails, there is a certain degree of risk associated with that. If an entire braking system fails, there is also a certain degree of risk associated with that. Those two scenarios would yield different ASIL ratings.

ISO 26262 as a standard responds to the greater evaluated risk by imposing a greater testing load, and a requirement for greater rigor and thoroughness. This is specifically in order to create a more robust design, and to subject that design to more stringent testing and verification, than would be required for a component that carried a lower ASIL rating. ISO 26262 answers greater risk with greater surety of mitigation, greater robustness of design, and greater rigor in testing.

Examining risk: the “corner cases”

In assessing functional safety risk levels for EVs, a typical component of assessing is to examine a combination of worst-use-case scenarios, to construct a hypothetical situation in which several components or systems have failed or are under stress at the same time. This is called a corner case, as in “existing at the far corner of the envelope.” If use cases can be represented as a graph of possible outcomes, corner cases are the least-likely, least-desirable possibilities at the far end of the graph, in the corner, or plot of two highest values of either axis.

Corner cases are unlikely outlier cases, but to mitigate risk as fully as possible, they must also be considered in development and design. An example may be that an electric vehicle is being driven on a curvy mountain road, when a safety system fails, and in addition the battery management system shuts down, meaning there is no propulsion, so the car loses power and speed. All these added situation modifiers push the use case further into the “corner;” it’s less and less likely that all these problems would arise at once, and so if they do so, the risk then rises measurably.

When defining the ASIL rating for an EV’s component, these corner cases help developers and engineers determine the severity, exposure, and controllability of the situation described, thus providing them with added data that is to accurately calculate the ASIL. This in turn allows them, following the guidelines in the ISO 26262 standard, to determine the robustness and stringency of the component’s design and the required testing of all components that might be associated with this situation or event.

EV risk mitigation through iterative safety test processes

Functional safety is frequently associated with one of several V-model images. However, similar V-models can be used to represent workflow in all kinds of engineering and programming work. The model itself is nearly agnostic as to what kinds of work it’s used to represent. This one is built with functional safety in mind and could be a simple representation of the work required for functional safety testing on an electric vehicle’s components.

In functional safety, as our graphic shows, the process begins with understanding the concepts and the requirements of the ISO 26262 standard. In a perfect world, fulfillment of the safety requirements then is “baked in” to the design of the system, component, or electric vehicle under consideration. Functional safety works best when system design is initiated with functional safety in mind, which includes considering safety aspects of both hardware and software. In “implementation,” the thing is built.

Following implementation, and leading up the right-side arm of the “V,” testing commences and carries through to the final step, release for production. However, that does not show the entire story. The arrows leading the other direction, back to the left side of the “V,” tell us that, at least sometimes, the product has not met one of the testing requirements and must return to the definition and test design stage. Usually, this means that some redesign or reiteration takes place, again with the aim of following the ISO standard’s requirements. A component that does not perform as expected in testing is a signal that either the requirements were not followed, or that the requirements are not sufficient. So, a reiteration in design is not simply redesigning a component to the original requirements with no further questions asked; it is a reiteration of the definition and a reiteration of the design requirements.

This rigorous iterative test-design cycle is one way Testing Center engineers at LHP ensure that an EV or its components and systems are functionally safe, and the ISO organization tells us this is the accepted way to mitigate risks in road-going electric vehicles.

Summary

The market corner where electric vehicles are bought and sold is still only a part of the overall automotive industry, but the best predictions for the next two decades are that this corner is going to expand. A culture of safety within the EV sector of our industry will help protect our customers, as well as our own families, not to mention the ability of many in the industry to continue competing.

LHP’s EV Testing Center is well-versed in the functional safety needs of electric vehicles, as well as those of the internal combustion realm, on four wheels or two. As the EV market continues to gain strength, and as more OEMs not only adopt but require functional safety compliance of their suppliers, the ability to marry these two forces will become increasingly important.