自動駕駛汽車法規(guī)制定與協(xié)調(diào)已經(jīng)成為聯(lián)合國世界車輛法規(guī)協(xié)調(diào)論壇(WP.29)的重點(diǎn)優(yōu)先工作,受到各締約方及相關(guān)政府���、非政府組織的普遍關(guān)注。為系統(tǒng)推進(jìn)自動駕駛相關(guān)法規(guī)的制定與協(xié)調(diào)���,中國于2018年自動駕駛工作組(GRVA)成立之初����,即提案建議制定聯(lián)合國有關(guān)自動駕駛法規(guī)協(xié)調(diào)的規(guī)劃性文件�,確立自動駕駛法規(guī)制定的目標(biāo)、原則和計(jì)劃���,得到相關(guān)各方的普遍支持并獲得WP.29批準(zhǔn)。
2019年6月����,在日內(nèi)瓦舉行的聯(lián)合國WP.29第178次全體會議審議通過了中國、歐盟�����、日本和美國共同提出的《自動駕駛汽車框架文件》。會議同時(shí)決定由中國���、德國��、美國共同擔(dān)任“自動駕駛汽車功能要求非正式工作組(FRAV IWG)”的聯(lián)合主席。這是繼中國擔(dān)任自動駕駛工作組(GRVA)副主席后、在聯(lián)合國自動駕駛法規(guī)協(xié)調(diào)中承擔(dān)的又一重要職責(zé)��。
《自動駕駛汽車框架文件》旨在確立L3及更高級別的自動駕駛汽車的安全性和相關(guān)原則��,并為世界車輛法規(guī)協(xié)調(diào)論壇(WP.29)附屬工作組提供工作指導(dǎo)�����。文件包含了自動駕駛汽車相關(guān)的工作準(zhǔn)則����、安全因素���、以及世界車輛法規(guī)協(xié)調(diào)論壇(WP.29)就自動駕駛汽車法規(guī)制定與協(xié)調(diào)工作需要優(yōu)先考慮的關(guān)鍵性、原則性等問題����;此外�����,文件還確立了WP.29的工作重點(diǎn)��,并明確了相關(guān)成果(交付物)、時(shí)間表和工作安排��。
為使相關(guān)各方及時(shí)了解����、掌握聯(lián)合國法規(guī)協(xié)調(diào)趨勢����;為我國有序推進(jìn)中國智能網(wǎng)聯(lián)汽車標(biāo)準(zhǔn)體系及相關(guān)制度建設(shè)提供參考�;促進(jìn)自動駕駛汽車產(chǎn)業(yè)的創(chuàng)新發(fā)展和國際融合;汽標(biāo)委智能網(wǎng)聯(lián)汽車分標(biāo)委(SAC/TC114/SC34)將《自動駕駛汽車框架文件》的內(nèi)容進(jìn)行翻譯��。以下為正文內(nèi)容:
Submitted by the representatives of China, European Union, Japan and the United States of America
Informal document WP.29-178-10-Rev.2
178th WP.29, 25-28 June 2019
Agenda items 2.3 and 18
Proposal for amendments to ECE/TRANS/WP.29/2019/34
Framework document on automated/autonomous vehicles (levels 3 and higher)
關(guān)于修訂ECE/TRANS/WP.29/2019/34的提案
(L3及更高級別)自動駕駛汽車框架文件
The text reproduced below was prepared by the representative of China, European Union, Japan and the United States of America containing proposed modifications to working document ECE/TRANS/WP.29/2019/34 (Framework document on automated/autonomous vehicles) based on views of other Contracting Party representatives. It is submitted to the World Forum for Harmonization of Vehicle Regulations (WP.29) and to AC.3 for consideration at their June 2019 sessions.
以下文本由中國、歐盟����、日本和美國代表共同準(zhǔn)備完成?;谄渌喖s方代表的意見�����,文件涵蓋了對ECE/TRANS/WP.29/2019/34(自動駕駛汽車框架文件)工作文件的擬修改內(nèi)容����。本文件提交至世界車輛法規(guī)協(xié)調(diào)論壇(WP.29)和《1998年議定書》管理委員會(AC.3)���,于2019年6月的會議上進(jìn)行審議����。
Framework document on automated/autonomous vehicles
自動駕駛汽車框架文件
Purpose
1. 目的
This Framework document’s primary purpose is to provide guidance to WP.29 subsidiary Working Parties (GRs) by identifying key principles for the safety and security of automated/autonomous vehicles of levels 3 and higher. The framework document also defines the work priorities for WP.29 and indicates the deliverables, timelines and working arrangements for those certain work products related to those priorities.
本框架文件旨在通過明確L3及更高級別自動駕駛汽車的安全性和安全防護(hù)的關(guān)鍵原則����,為WP.29附屬工作組(GRs)提供指導(dǎo)�。本框架文件還確立了WP.29的優(yōu)先工作事項(xiàng)���,并指出了優(yōu)先事項(xiàng)相關(guān)的某些工作成果的交付物�����、時(shí)間表和工作安排。
Working Principles
2. 工作原則
Technical provisions and/or guidance and resolutions for automated/autonomous vehicles shall be conducted within the contexts of both the 1958 Agreement and 1998 Agreement.
自動駕駛汽車的技術(shù)條款和/或指南以及決議都應(yīng)在《1958年協(xié)定書》和《1998年協(xié)定書》框架下完成��。
Technical provisions, guidance resolutions and evaluation criteria for automated vehicles will to the extent possible, be performance based, technology neutral, and based on state of the art technology while avoiding restricting future innovation.
自動駕駛汽車的技術(shù)條款�����、指導(dǎo)決議和評價(jià)標(biāo)準(zhǔn)應(yīng)盡可能做到基于車輛性能�,保持技術(shù)中立���,以前沿新技術(shù)為基礎(chǔ)���,同時(shí)避免制約未來創(chuàng)新發(fā)展。
Existing standards/guidelines of the contracting parties and in standardization bodies shall be reviewed as well as previous work and reference documents agreed in UNECE.
應(yīng)對締約方和標(biāo)準(zhǔn)化機(jī)構(gòu)現(xiàn)有的標(biāo)準(zhǔn)/指南以及聯(lián)合國歐洲經(jīng)濟(jì)委員會(UNECE)已通過的工作和參考文件進(jìn)行審議��。
This document shall be approved and managed by WP.29 as specific work items are expected to be prepared in multiple GRs with extensive cross-coordination between them. The implementation of each work item shall be monitored at each WP.29 session under a dedicated agenda item. Furthermore, this document shall be reviewed once a year and be updated, if necessary.
由于具體工作項(xiàng)目將在多個(gè)工作組中準(zhǔn)備完成��,并在工作組之間進(jìn)行大量多方協(xié)調(diào),本文件應(yīng)由WP.29進(jìn)行批準(zhǔn)和管理���。每個(gè)工作項(xiàng)目的實(shí)施����,應(yīng)在每次WP.29會議中專門的議程項(xiàng)目下接受監(jiān)督����。此外��,如有必要�����,本文件應(yīng)每年復(fù)審一次�����,必要時(shí)予以更新����。
Safety Vision
3. 安全愿景
WP.29 recognizes that for automated/autonomous vehicles to fulfil their potential in particular to improve road transport, then they must be placed on the market in a way that reassures road users of their safety. If automated/autonomous vehicles confuse users, disrupt road traffic, or otherwise perform poorly then they will fail. WP.29 seeks to avoid this outcome by creating the framework to helping to deliver safe and secure road vehicles in a consistent manner, and to promote collaboration and communication amongst those involved in their development and oversight.
WP.29認(rèn)為��,要使自動駕駛汽車發(fā)揮其潛能�,特別是能夠改善道路運(yùn)輸情況��,就必須以一種能保證道路使用者安全性的方式將自動駕駛汽車投放到市場上��。如果自動駕駛汽車令使用者困惑��、擾亂道路交通秩序或者表現(xiàn)不佳�����,那么該自動駕駛汽車就是失敗的���。WP.29努力避免出現(xiàn)該結(jié)果����,建立該框架以幫助持續(xù)推出具備安全性和安全防護(hù)性的道路車輛,并增進(jìn)研發(fā)和監(jiān)管人員之間的協(xié)作和溝通����。
The level of safety to be ensured by automated/autonomous vehicles implies that “an automated/autonomous vehicle shall not cause any non-tolerable risk”, meaning that automated/autonomous vehicle systems, under their automated mode ([ODD/OD]), shall not cause any traffic accidents resulting in injury or death that are reasonably foreseeable and preventable. Based on this principle, this framework sets out a series of vehicle safety topics to be taken into account to ensure safety.
自動駕駛汽車的安全水平指的是“自動駕駛汽車不會造成任何不可承受的風(fēng)險(xiǎn)”��,這就意味著自動駕駛汽車系統(tǒng)在自動駕駛模式([ODD/OD])下����,不會造成任何本來可以預(yù)見和預(yù)防的交通傷亡事故��。基于這一原則���,該框架提出了一系列車輛安全議題����,以保證車輛安全。
Key issues and principles to be considered by WP29 subsidiary bodies as a priority
4. WP.29附屬機(jī)構(gòu)優(yōu)先考慮的關(guān)鍵問題和原則
The following list of issues and principles will guide discussions and activities on automated/autonomous vehicles within WP.29 and each of its relevant subsidiary Working Parties. The aim is to capture the shared interests and concerns of regulatory authorities, provide the general parameters for work, and to provide common definitions and guidance.
以下列出的問題和原則將在WP.29及每個(gè)相關(guān)附屬工作組內(nèi)指導(dǎo)對自動駕駛汽車的討論和活動��。目的是專注于各法規(guī)制定機(jī)構(gòu)的共同利益與關(guān)注點(diǎn)���,提供工作(需要)的通用參數(shù),并提出通用定義和指南���。
The following is a list of common principles with brief descriptions and explanation. It is expected these would form the basis for further development.
以下列出了一些共性原則并進(jìn)行了簡要說明和解釋,將構(gòu)成未來發(fā)展的基礎(chǔ)���。
System Safety: When in the automated mode, the automated/autonomous vehicle should be free of unreasonable safety risks to the driver and other road users and ensure compliance with road traffic regulations.
系統(tǒng)安全:在自動駕駛模式下�,自動駕駛汽車應(yīng)該使駕駛員和其他道路使用者免于不合理的安全風(fēng)險(xiǎn)���,并要確保符合道路交通法規(guī)。
Failsafe Response: The automated/autonomous vehicles should be able to detect its failures or when the conditions for the [ODD/OD] are not met anymore. In such a case the vehicle should be able to transition automatically (minimum risk manoeuvre) to a minimal risk condition.
失效保護(hù)響應(yīng):自動駕駛汽車應(yīng)該能夠檢測車輛故障或何時(shí)不再滿足設(shè)計(jì)運(yùn)行范圍/運(yùn)行范圍條件(ODD/OD)。在這種情況下����,車輛應(yīng)該自動(采用最低風(fēng)險(xiǎn)策略)切換到最低風(fēng)險(xiǎn)狀態(tài)。
Human Machine Interface (HMI) /Operator information: Automated/autonomous vehicle should include driver engagement monitoring in cases where drivers could be involved (e.g. take over requests) in the driving task to assess driver awareness and readiness to perform the full driving task. The vehicle should request the driver to hand over the driving tasks in case that the driver needs to regain a proper control of the vehicle. In addition, automated vehicle should allow interaction with other road users (e.g. by means of external HMI on operational status of the vehicle, etc.)
人機(jī)交互界面(HMI)/操作者信息:在駕駛?cè)蝿?wù)可能需要駕駛者參與的情況下�,如(發(fā)出)接管請求�,自動駕駛汽車應(yīng)具備對駕駛者參與的監(jiān)控(功能),評估駕駛者執(zhí)行完整駕駛?cè)蝿?wù)的意識和準(zhǔn)備狀態(tài)�。當(dāng)駕駛員對車輛采取不適當(dāng)控制時(shí),車輛應(yīng)該要求駕駛員交出駕駛?cè)蝿?wù)���。此外,自動駕駛汽車應(yīng)允許與其他道路使用者進(jìn)行交互(例如�����,車輛運(yùn)行狀態(tài)下利用外部人機(jī)交互界面等)���。
Object Event Detection and Response (OEDR): The automated vehicles shall be able to detect and respond to object/events that may be reasonably expected in the OD.
目標(biāo)事件探測與響應(yīng)(OEDR):自動駕駛汽車應(yīng)可對在其運(yùn)行范圍(OD)內(nèi)可合理預(yù)見的物體/事件進(jìn)行檢測與響應(yīng)。
[Operational Design Domain (ODD/OD)] (automated mode): For the assessment of the vehicle safety, the vehicle manufacturers should document the [ODD/OD] available on their vehicles and the functionality of the vehicle within the prescribed [ODD/OD]. The [ODD/OD] should describe the specific conditions under which the automated vehicle is intended to drive in the automated mode. The [ODD/OD] should include the following information at a minimum: roadway types; geographic area; speed range; environmental conditions (weather as well as day/night time); and other domain constraints.
[設(shè)計(jì)適用范圍(ODD/OD) ](自動駕駛模式):為了評估車輛安全�,車輛制造商應(yīng)記錄車輛的 [ODD/OD ]和在規(guī)定的[ODD/OD ]內(nèi)車輛的功能性���。[ODD/OD ]應(yīng)描述自動駕駛汽車采用自動駕駛模式進(jìn)行行駛的具體情況�。[ODD/OD ]應(yīng)包括至少以下信息:道路類型、地理區(qū)域�����、速度范圍���、環(huán)境條件(天氣和日/夜時(shí)間)以及其他的范圍約束條件����。
Validation for System Safety: Vehicle manufacturers should demonstrate a robust design and validation process based on a systems-engineering approach with the goal of designing automated driving systems free of unreasonable safety risks and ensuring compliance with road traffic regulations and the principles listed in this document. Design and validation methods should include a hazard analysis and safety risk assessment for Automated Driving System (ADS), for the OEDR, but also for the overall vehicle design into which it is being integrated and when applicable, for the broader transportation ecosystem. Design and validation methods should demonstrate the behavioural competencies an Automated/autonomous vehicle would be expected to perform during a normal operation, the performance during crash avoidance situations and the performance of fall back strategies. Test approaches may include a combination of simulation, test track and on road testing.
系統(tǒng)安全驗(yàn)證:車輛制造商應(yīng)該以設(shè)計(jì)出免于不合理安全風(fēng)險(xiǎn)的自動駕駛系統(tǒng)和保證符合道路交通法規(guī)與本文件列出的原則為目標(biāo)���,根據(jù)系統(tǒng)工程方法呈現(xiàn)一個(gè)健全的設(shè)計(jì)和驗(yàn)證過程�。設(shè)計(jì)和驗(yàn)證方法應(yīng)包括對以下方面的威脅分析和安全風(fēng)險(xiǎn)評估:自動駕駛系統(tǒng)(ADS),目標(biāo)事件探測與響應(yīng)(OEDR)�����,包含上述內(nèi)容的整車設(shè)計(jì)���,以及更廣泛的交通生態(tài)系統(tǒng)(如適用)�����。設(shè)計(jì)和驗(yàn)證方法應(yīng)展示出自動駕駛汽車正常運(yùn)行期間的預(yù)期行為能力��,避免碰撞的性能以及后備支援的性能�����。試驗(yàn)方法可以包括模擬組合測試�����、場地測試和實(shí)際道路測試��。
Cybersecurity: The automated/autonomous vehicle should be protected against cyber-attacks in accordance with established best practices for cyber vehicle physical systems. Vehicles manufacturers shall demonstrate how they incorporated vehicle cybersecurity considerations into ADSs, including all actions, changes, design choices, analyses and associated testing, and ensure that data is traceable within a robust document version control environment.
信息安全:基于已建立的網(wǎng)絡(luò)車輛物理系統(tǒng)最佳實(shí)踐方案�,自動駕駛汽車應(yīng)免受網(wǎng)絡(luò)攻擊。車輛制造商應(yīng)表明他們?nèi)绾螌④囕v信息安全考慮整合到自動駕駛系統(tǒng)中��,這些考慮包括所有的行動��、變化��、設(shè)計(jì)選擇����、分析和相關(guān)測試��;以及確保數(shù)據(jù)在強(qiáng)大的文檔版本控制環(huán)境中是可追溯的���。
Software Updates: Vehicle manufacturers should ensure system updates occur as needed in a safe way and provide for after-market repairs and modifications as needed.
軟件更新:車輛制造商應(yīng)確保系統(tǒng)更新可根據(jù)需要、以安全的方式進(jìn)行����,并可根據(jù)需要應(yīng)用于售后修理和修改。
Event data recorder (EDR) and Data Storage System for Automated Driving vehicles (DSSAD): The automated/autonomous vehicles should have the function that collects and records the necessary data related to the system status, occurrence of malfunctions, degradations or failures in a way that can be used to establish the cause of any crash and to identify the status of the automated/autonomous driving system and the status of the driver. The identification of differences between EDR and DSSAD to be determined.
事件數(shù)據(jù)記錄議(EDR)和自動駕駛汽車數(shù)據(jù)存儲系統(tǒng)(DSSAD):自動駕駛汽車應(yīng)具有采集和記錄與系統(tǒng)狀態(tài)�����、故障發(fā)生���、降級或失效相關(guān)必要數(shù)據(jù)的功能,其采用一種可用來確定任何碰撞發(fā)生的原因�����、自動駕駛系統(tǒng)狀態(tài)以及駕駛員狀態(tài)的方式�。如何識別EDR和DSSAD之間的差異尚待確定�。
Additional issues not listed in the currently agreed WP29 work priorities
WP.29目前通過的優(yōu)先工作中未列出的其他問題
Vehicle maintenance and inspection: Vehicle safety of in-use vehicles should be ensured through measures such as related to maintenance and the inspection of automated vehicles etc. Additionally, vehicle manufacturers are encouraged to have documentation available that facilitates the maintenance and repair of ADSs after a crash. Such documentation would likely identify the equipment and the processes necessary to ensure safe operation of the automated/autonomous vehicle after repair
車輛維護(hù)和檢查:應(yīng)利用自動駕駛汽車維護(hù)和檢查等相關(guān)措施����,確保在用車輛的安全�。此外�����,鼓勵(lì)車輛制造商提供可用文件���,便于對碰撞后自動駕駛汽車的維護(hù)和修理。這些文件將確定能保證自動駕駛汽車在修理后可安全運(yùn)行的必要裝備和過程�����。
Consumer Education and Training: Vehicle manufacturers should develop, document and maintain employee, dealer, distributor, and consumer education and training programs to address the anticipated differences in the use and operation of automated vehicles from those of conventional vehicles.
消費(fèi)者教育和培訓(xùn):車輛制造商應(yīng)制定��、記錄和維護(hù)對于員工���、經(jīng)銷商��、分銷商以及消費(fèi)者的教育和培訓(xùn)方案�����,解決自動駕駛汽車與傳統(tǒng)汽車在使用和操作方面產(chǎn)生的預(yù)期差異問題���。
Crashworthiness and Compatibility: Given that a mix of automated/autonomous vehicles and conventional vehicles will be operating on public roadways, automated/autonomous vehicle occupants should be protected against crashes with other vehicles.
防撞性和兼容性:鑒于自動駕駛汽車和傳統(tǒng)汽車將共同在公共道路上行駛,應(yīng)該保證自動駕駛汽車與其他車輛發(fā)生碰撞時(shí)對其乘員進(jìn)行保護(hù)�。
Post-crash AV behaviour: Automated/autonomous vehicles should be able to return to a safe state immediately after being involved in a crash. Things such as shutting off the fuel pump, removing motive power, moving the vehicle to a safe position off the roadway, disengaging electrical power, and other relevant actions should be considered. A communication with an operations center, collision notification center, or vehicle communications technology should be used.
碰撞后自動駕駛汽車行為:發(fā)生碰撞后����,自動駕駛汽車應(yīng)該立即返回至安全狀態(tài)��?��?煽紤](相關(guān)動作)諸如關(guān)閉燃油泵,切斷動力���,將車輛移至路邊安全位置���,切斷電力以及其他相關(guān)動作�。應(yīng)啟用與操作中心、碰撞通知中心的通信或者啟用車輛通信技術(shù)�����。
WP.29