What is SOTIF? (ISO 21448)

Table of Contents

Introduction

With the rapid advancement of autonomous driving and advanced driver assistance systems (ADAS), ensuring vehicle safety goes beyond traditional functional safety measures. This is where SOTIF (Safety of the Intended Functionality) and ISO 21448 come into play. Unlike ISO 26262, which focuses on preventing system failures, SOTIF addresses hazards resulting from performance limitations, sensor misinterpretations, and unforeseen scenarios.

Understanding ISO 21448 compliance is crucial for automotive manufacturers, engineers, and safety professionals looking to minimize risks associated with automated driving functions. This article explores the SOTIF guidelines, best practices, and key differences between ISO 26262 vs. ISO 21448 while highlighting the top software solutions and tools that aid in achieving compliance.

Let’s dive into the fundamentals of SOTIF to see how it is shaping the future of automotive safety.

What is SOTIF (ISO 21448)?

ISO 21448 (Safety of the Intended Functionality – SOTIF) is an international automotive safety standard designed to address hazards arising from system limitations rather than hardware or software failures. Unlike ISO 26262, which focuses on preventing malfunctions, SOTIF ensures that a system functions safely under all foreseeable operating conditions, including unexpected driver behaviors, sensor misinterpretations, and environmental factors.

As automated driving systems and ADAS become more advanced, traditional safety standards are no longer sufficient. ISO 21448 compliance helps manufacturers identify and mitigate safety gaps in perception, decision-making, and system behavior—key aspects for autonomous vehicle development.

Key Objectives of ISO 21448

The ISO 21448 standard provides a structured approach to evaluating and reducing risks caused by functional limitations, external disturbances, and misuse scenarios. The main objectives include:

  • Ensuring Intended Functionality – Verifying that ADAS and autonomous systems operate safely under all expected and unexpected conditions.
  • Identifying and Mitigating Functional Safety Gaps – Addressing sensor inaccuracies, AI-driven decision errors, and unpredictable environmental changes.
  • Enhancing Verification and Validation Processes – Establishing robust testing methodologies to improve safety assurance for automated systems.
  • Complementing ISO 26262 – While ISO 26262 focuses on failures due to hardware and software defects, SOTIF extends safety measures to account for incomplete or incorrect system behavior.

Scope and Applicability Across Automotive Systems

ISO 21448 applies to any automotive system that relies on sensors, AI, and real-time data processing, including:

  • Advanced Driver Assistance Systems (ADAS) – Features like automatic emergency braking, lane-keeping assist, and adaptive cruise control.
  • Autonomous Vehicles – Ensuring self-driving technology functions safely in real-world scenarios.
  • Perception and Sensor Systems – Reducing risks associated with camera, LiDAR, radar, and sensor fusion inaccuracies.
  • AI-Based Decision-Making Algorithms – Validating machine learning models used in automated driving systems.

As the automotive industry moves toward higher levels of automation, compliance with SOTIF guidelines is becoming critical for manufacturers, OEMs, and safety engineers. Implementing SOTIF solutions, tools, and software ensures a proactive approach to automotive safety, reducing the risk of unforeseen hazards.

ISO 26262 vs ISO 21448: Key Differences

ISO 26262 is the established international standard for functional safety in automotive systems, focusing on identifying and mitigating risks caused by hardware or software failures. It ensures that systems respond safely in the event of a malfunction by defining safety goals, performing hazard analysis, and establishing a V-model development lifecycle.

In contrast, ISO 21448 (SOTIF) addresses hazards that occur even when the system operates as intended but under unexpected or uncertain conditions, such as sensor misinterpretations, insufficient environmental perception, or limitations in AI decision-making.

Aspect
ISO 26262
ISO 21448
Focus
Functional safety (failures)
Intended functionality (limitations)
Hazards Covered
System/component malfunctions
Misuse, environmental uncertainty, and design limitations
Applicability
All vehicle electronics
Primarily ADAS and autonomous systems
Typical Failures Addressed
Hardware/software faults
Sensor inaccuracies, AI errors, incomplete logic
Safety Goal
Prevent or mitigate effects of system failures
Prevent unsafe behavior in normal, degraded, or complex scenarios

How does ISO 21448 Complement ISO 26262 in Automotive Safety?

While ISO 26262 ensures system integrity in the event of a fault, it does not cover hazards stemming from correct but insufficient system behavior. This is especially relevant for modern vehicles where AI, perception sensors, and machine learning introduce new types of safety challenges.

SOTIF complements ISO 26262 by filling this gap, providing additional risk mitigation strategies for non-failure-based hazards. Together, they form a comprehensive safety assurance framework for the development of ADAS and autonomous driving systems.

By implementing both standards in parallel, automotive developers can achieve:

  • Enhanced safety coverage across a wider range of scenarios
  • Improved validation of perception and decision-making functions
  • Full lifecycle risk assessment, from concept to production
  • Regulatory and industry compliance for future mobility systems

As automotive systems become more autonomous and complex, the integration of SOTIF compliance alongside ISO 26262 becomes essential for delivering safe, reliable, and legally defensible products.

Key ISO 21448 Guidelines and Compliance Requirements

The ISO 21448 (Safety of the Intended Functionality – SOTIF) standard provides a structured approach to identifying, evaluating, and mitigating safety risks that arise from system limitations rather than hardware or software failures. To ensure compliance, organizations must adhere to key ISO 21448 guidelines, which focus on:

  • Hazard Identification and Risk Assessment – Evaluating potential safety issues caused by sensor inaccuracies, AI-driven errors, and unpredictable environmental factors.
  • Scenario-Based Testing and Validation – Ensuring the system operates safely in both expected and unforeseen conditions.
  • System Performance Monitoring – Continuously analyzing the effectiveness of risk mitigation measures throughout the product lifecycle.
  • Human-Machine Interaction Considerations – Addressing how drivers and passengers interact with ADAS and autonomous systems to prevent misuse.

Steps to Achieve ISO 21448 Compliance

To meet ISO 21448 compliance requirements, organizations should follow these essential steps:

  1. Define Functional Boundaries – Establish clear operational design domains (ODD) to understand where and how the system is expected to function safely.
  2. Conduct Hazard and Risk Analysis (HARA) – Identify non-failure-based risks such as sensor perception errors or incorrect AI decision-making.
  3. Develop Safety Requirements – Implement mitigation strategies to address identified risks and enhance system reliability.
  4. Perform Verification & Validation (V&V) – Use scenario-based simulations, real-world testing, and fault-injection testing to evaluate performance.
  5. Ensure Continuous Monitoring & Improvement – Leverage data analytics and post-deployment feedback to refine system safety over time.

Common Challenges in SOTIF Implementation

While ISO 21448 compliance provides a robust framework for automotive safety, organizations often face key challenges, such as:

  • Ensuring completeness of safety scenarios – Defining a comprehensive list of real-world situations is complex.
  • Validating AI and sensor fusion systems – AI-driven systems require continuous learning and refinement to handle edge cases.
  • Integrating with ISO 26262 – Managing the overlap between functional safety (ISO 26262) and intended functionality (ISO 21448).

By utilizing ISO 21448 software solutions, tools, and best practices, organizations can streamline compliance efforts and enhance the safety of ADAS and autonomous systems.

ISO 21448 Best Practices for Automotive Safety

Risk Identification and Hazard Assessment

One of the key ISO 21448 best practices is conducting a thorough risk identification and hazard assessment to ensure that ADAS and autonomous systems operate safely under all conditions. This involves:

  • Identifying SOTIF-related hazards – Unlike ISO 26262, which focuses on hardware/software failures, ISO 21448 hazards stem from sensor limitations, AI misinterpretations, and unexpected environmental conditions.
  • Scenario-Based Risk Analysis – Creating a library of real-world and edge-case driving scenarios where system limitations could lead to safety issues.
  • Applying Hazard Analysis and Risk Assessment (HARA) – Evaluating risks based on their severity, exposure, and controllability to prioritize mitigation efforts.
  • Failure Mode and Effects Analysis (FMEA) & Fault Tree Analysis (FTA) – Using structured safety analysis techniques to understand potential failure chains.

Verification and Validation Methodologies

To achieve ISO 21448 compliance, manufacturers must implement rigorous verification and validation (V&V) processes that go beyond traditional component-level testing. Key ISO 21448 guidelines for V&V include:

  • Simulation-Based Testing – Utilizing virtual environments to test ADAS and autonomous systems in millions of scenarios before real-world deployment.
  • Hardware-in-the-Loop (HIL) and Software-in-the-Loop (SIL) Testing – Ensuring that safety-critical software functions correctly in simulated real-world conditions.
  • Real-World Testing and Edge-Case Validation – Conducting road tests to evaluate sensor performance, AI decision-making, and driver interaction.
  • Data-Driven Validation – Using AI and machine learning to analyze large datasets from fleet vehicles to continuously refine safety models.

Implementation Strategies for SOTIF Compliance

For organizations looking to meet ISO 21448 compliance requirements, adopting a structured implementation approach is essential. Best practices include:

  1. Integrate SOTIF Early in the Development Lifecycle – Embedding ISO 21448 best practices from concept to validation ensures proactive risk management.
  2. Leverage ISO 21448 Software and Tools – Using specialized requirements management, scenario testing, and hazard analysis tools enhances compliance efficiency.
  3. Combine ISO 21448 with ISO 26262 – A dual approach ensures that both hardware failures and system limitations are addressed comprehensively.
  4. Establish Continuous Monitoring and Post-Deployment Analysis – Implementing over-the-air updates, fleet data analysis, and AI-driven monitoring helps improve safety after deployment.
  5. Train Teams on SOTIF Guidelines and Best Practices – Ensuring that engineers, safety teams, and AI developers understand ISO 21448 principles is critical for long-term compliance.

By implementing these ISO 21448 best practices, automotive companies can enhance system safety, reduce SOTIF-related risks, and improve the reliability of ADAS and autonomous driving functions.

ISO 21448 Solutions: Tools & Software for Compliance

To achieve ISO 21448 compliance, organizations need specialized software solutions that support hazard assessment, verification & validation (V&V), traceability, and scenario-based testing.

Visure Requirements ALM Platform for ISO 21448 Compliance

Visure Requirements ALM Platform is a powerful requirements management and traceability solution that enables automotive companies to efficiently comply with ISO 21448 (SOTIF) and ISO 26262. Key features include:

  1. End-to-End Requirements Traceability
  • Establish full traceability between SOTIF requirements, safety goals, risk assessments, and test cases.
  • Ensure bidirectional traceability across hardware, software, and safety validation processes.
  1. Risk Management & Hazard Analysis
  • Perform Hazard Analysis and Risk Assessment (HARA) to identify potential SOTIF-related risks.
  • Implement Failure Mode and Effects Analysis (FMEA) and Fault Tree Analysis (FTA) for structured risk evaluation.
  • Link hazard identification to safety requirements to ensure proper mitigation strategies.
  1. Scenario-Based Verification & Validation (V&V)
  • Define real-world driving scenarios and edge cases to test ADAS and autonomous systems.
  • Support simulation-based testing, model-based development, and AI-driven validation processes.
  • Integrate with ISO 21448 testing tools for hardware-in-the-loop (HIL) and software-in-the-loop (SIL) validation.
  1. Compliance with ISO 21448 and ISO 26262
  • Ensure alignment with both ISO 21448 (SOTIF) and ISO 26262 (functional safety).
  • Generate automated compliance reports to meet industry regulatory requirements.
  • Support version control and audit trails for streamlined certification processes.
  1. AI-Powered Requirements Management
  • Utilize AI-driven assistance for automated requirements validation, impact analysis, and risk assessment.
  • Reduce human errors by detecting inconsistencies and gaps in safety-critical requirements.

Why Choose Visure for ISO 21448 Compliance?

  • End-to-end traceability across all SOTIF processes
  • Comprehensive risk assessment with built-in hazard analysis tools
  • Seamless integration with simulation, testing, and ALM ecosystems
  • Automated compliance reporting for ISO 21448 and ISO 26262
  • AI-powered automation to streamline requirements validation

By leveraging Visure Requirements ALM Platform, automotive companies can effectively manage SOTIF compliance, improve risk mitigation strategies, and accelerate the development of safe and reliable autonomous systems.

The Future of SOTIF and Automotive Safety

As automotive systems become increasingly autonomous and intelligent, the importance of SOTIF continues to grow. To ensure road safety in the age of AI-driven vehicles, the industry must evolve alongside emerging technologies while maintaining compliance with ISO 21448 guidelines and standards.

The Role of AI and Machine Learning in SOTIF Compliance

AI and machine learning (ML) are transforming how advanced driver-assistance systems (ADAS) and autonomous vehicles interpret and respond to their environments. However, this also introduces new challenges in terms of safety assurance and ISO 21448 compliance:

  • Dynamic Perception and Decision-Making – AI models must be tested against a wide range of real-world and edge-case scenarios to ensure their behavior aligns with SOTIF safety goals.
  • Unpredictable Behavior and Black Box Models – ML systems may exhibit unexpected outputs in unfamiliar environments. SOTIF tools and techniques are being adapted to assess the safety of non-deterministic systems.
  • Continuous Learning and Post-Deployment Monitoring – With AI models evolving over time, manufacturers must implement robust lifecycle monitoring and over-the-air updates to ensure continued SOTIF compliance.
  • Data-Driven Validation – Large-scale data collection and AI-based analysis are enabling real-time risk detection and validation across millions of miles driven, significantly enhancing ISO 21448 safety verification.

How ISO 21448 Is Evolving with Emerging Automotive Technologies

As automotive innovation accelerates, ISO 21448 is also evolving to stay relevant and effective. Some of the key trends shaping the future of SOTIF include:

  • Integration with Next-Generation Standards – ISO 21448 is increasingly being integrated with ISO 26262 and future safety frameworks to provide a comprehensive safety coverage model that includes functional, intended, and operational safety.
  • Focus on Connected and Collaborative Driving – Vehicle-to-everything (V2X) communication and swarm intelligence introduce new safety scenarios. SOTIF guidelines are being adapted to account for shared perception and collaborative autonomy.
  • Scalable and Automated SOTIF Validation – AI-powered SOTIF tools and software solutions are being developed to automate scenario generation, test coverage analysis, and compliance reporting.
  • Greater Emphasis on Human-Machine Interaction (HMI) – As automation increases, ensuring the driver understands and appropriately responds to the system’s behavior becomes a major focus area in future ISO 21448 revisions.

By embracing AI, simulation, and data-driven validation and leveraging ISO 21448 software solutions like Visure Requirements ALM, the automotive industry can confidently navigate the future of safety and innovation.

Conclusion

As the automotive industry accelerates toward full autonomy, ensuring the Safety of the Intended Functionality (SOTIF) is more critical than ever. ISO 21448 offers a comprehensive framework to identify, assess, and mitigate risks that arise not from system failures but from limitations in perception, interpretation, and environmental interactions.

Understanding the key differences between ISO 21448 vs ISO 26262, applying proven best practices, and leveraging powerful tools and software are essential steps in achieving full compliance and developing safer, smarter vehicles.

Solutions like the Visure Requirements ALM Platform empower organizations with end-to-end traceability, AI-driven automation, and robust SOTIF compliance capabilities. Whether you’re building ADAS systems or autonomous driving platforms, Visure helps streamline your development lifecycle while ensuring alignment with both ISO 26262 and ISO 21448 guidelines.

Start your 30-day free trial of Visure Requirements ALM Platform today and experience the most comprehensive solution for SOTIF compliance, requirements management, and automotive safety.

Don’t forget to share this post!

IBM Rational Doors Software
Application Lifecycle Management Tool

Visure Solutions, Inc.
100 Pine Street, Suite 1250
San Francisco, CA 94111, USA
+1 (415) 745-3304

Facebook Envelope X-twitter Linkedin Youtube

Visure

Guides

Tool Suite

Company

Copyright © 2024 Visure Solutions, Inc. Privacy policy