ISO 26262, titled “Road Vehicles — Functional Safety,” is an international standard specifically designed to ensure the functional safety of electrical and electronic systems in road vehicles. The standards have a 12-part risk-based safety assessment to cover road vehicles’ embedded related safety aspects. It covers conceptual development, product development, production, operation, service, and decommissioning.
What is the Automotive Safety Integrity Level (ASIL)?
Before relating ISO 26262 to EVs, let us first understand a core aspect of the standard, which applies to all powered vehicles, whether EVs or ICE-engine vehicles.
Safety is ISO 26260’s primary concern. It comprises three factors that combine to form a key term called Automotive Safety Integrity Level (ASIL). ASIL is the combination of Severity, Exposure, and Controllability factors. Depending on the intensity of the combination, the outcome of ASIL is categorized into four levels. It starts from level A, which relates to the least-risk scenario, and extends to level D, which relates to the highest-risk scenario. Any specific vehicle component can be included in one of these levels.
Figure 1 illustrates the factors contributing to ASIL and its different levels, from least-risky to highest-risky.
While the ASIL is well-defined for non-EVs, the EV segment is still maturing for different ASILs. Therefore, identifying the unique components in EVs not found in non-EVs is the first step in ISO 26262 standards.
ISO 26262 is continuing to design guidelines for EV functional safety. However, battery management systems (BMS) and high-voltage systems are two promising areas for the standards where EVs need a different approach than non-EVs.
Another area of interest is the general safety lifecycle measure, where most applicable non-EV guidelines of the existing standards also apply to EVs. Figure 2 collectively shows the different areas to implement ISO 26262 standards.
How is ISO 26262 applicable to BMS safety measures?
BMS plays a larger role in EVs than in non-EVs because EVs run on batteries as the main source of fuel. Below are three important BMS safety measures to consider when applying ISO 26262.
- Protection mechanisms. ISO 26262 mandates the implementation of several protection mechanisms within the BMS, including overcharge, overdischarge, overtemperature, overcurrent, and short-circuit protection. These mechanisms help prevent conditions that could lead to battery failure or unsafe operation.
- Hazard Analysis and Risk Assessment (HARA). The standard requires a rigorous HARA process to determine the ASILs. This process helps identify potential hazards and assesses the risk associated with the BMS, guiding the implementation of necessary safety measures.
- Safety goal definition and verification. Based on the risk assessment, specific safety goals are defined for the BMS. These goals guide the design and development process, ensuring the BMS meets the required safety standards. Verification and validation processes are mandated to confirm that the safety goals have been achieved.
How can ISO 26262 address the challenges of high-voltage system safety?
EVs charge at a very high voltage, especially when considering fast and ultra-fast charging. This makes EVs prone to high-voltage risks, and safety becomes a predominant factor.
Below are three measures to consider.
- Ingress protection. ISO 26262 specifies requirements for protecting high-voltage components from water ingress and other foreign objects, which could lead to short circuits or other hazardous conditions.
- Insulation monitoring. The standard requires monitoring insulation resistance in high-voltage systems to detect any degradation in insulation that could pose a risk of electric shock or fire.
- Thermal propagation testing. Stringent testing is required to evaluate the ability of high-voltage systems to withstand thermal propagation, which could be triggered by an internal short circuit leading to thermal runaway. This testing ensures the system can prevent fire and explosion under such conditions.
What are the applicable general safety lifecycle measures from ISO 26262?
There are a few general safety lifecycle measures applicable that are common to EVs and non-EVs. They’re discussed as follows.
- Safety management. ISO 26262 mandates a comprehensive safety management process throughout the vehicle’s entire lifecycle, from concept through decommissioning. This includes requirements traceability, configuration control, and documentation of all safety-related activities.
- Requirements traceability. The standard requires that all safety requirements be traceable throughout the development process, ensuring that each requirement is addressed and verified.
- Configuration control. ISO 26262 emphasizes the importance of configuration control in managing changes in the system or components that could affect safety.
Summary
ISO 26262 standards for the functional safety of road vehicles are an established process for non-EVs. However, EVs have gained momentum for functional safety recently, especially after the second version of the standards was formulated in 2018.
Generally, EVs and non-EVs have most of the parts in common, except for the size of the battery system. In non-EVs, the battery supplements the existing structure, but the battery is the primary driver of EVs.
Along with the battery, the charging infrastructure is unique to EVs over non-EVs. Therefore, EV engineers should look for BMS and high-voltage system safety to comply with the ISO 26262 functional safety for road vehicles standards.
References
- Implementing Functional Safety – Step by Step Guide: How to Implement Functional Safety through ISO 26262, LHP, Inc.
- Functional Safety in Electric Vehicles – The Doorway to Safe and Sustainable Mobility, Embitel
- Functional safety requirements for BMS in electric cars (ISO 26262), Sensata Technologies, Inc.
Images
- Figure 1-2, Rakesh Kumar, Ph.D.
You may also like:
Filed Under: FAQs, Safety Systems