VDA 450 (04/2023) English
VDA 450 Electrical Power Supply System regarding automated driving in the context of ISO 26262 - Gruppenlizenz (group license), AGB (GTC) Art. 10, 2 - Language of the document English
As electrification and digitalization increase, so does the level of automation of vehicle functions. In connection with this, a safety-oriented development aimed at protecting life and limb is a prerequisite. For this reason, ISO 26262 – now available in the second edition - was launched back in 2011 as a global standard for developing pertinent vehicle functions.
As a basic function of a vehicle, the electrical power supply provides energy for all electric systems and functions in the vehicle. Without the respective function of providing energy, electric functions cannot be performed either. Traditionally, many functions currently being developed in the context of ISO 26262:2018 are implemented as Pail-Passive functions. When a fault occurs, the transition to a safe state is normally performed without the need for power supply. There are some exceptions in this case, e.g. the light function and the wiper function of a vehicle, which were designed fault-tolerant by using different power distributions for the right/left side (crossconnection).
When using semi- or fully-automated vehicle functions (level 3-5 as described in SAE J3016:2021), which allow for vehicle operation without human intervention either temporarily or completely, a Fail-Passive function is no longer sufficient as a continuation of the vehicle operation is necessary after a fault to avert current danger and furthermore to reach a safe state. In such cases, the term "Fail-Active" functions is used or, in this document, "safety-relevant vehicle functions". In this context, safety relevance refers to the availability of power.
Accordingly, the power supply for the implementation of Fail-Active vehicle functions is also subject to the same requirements for safety-oriented design and development defined in ISO 26262:2018 as the vehicle functions themselves. In the process, due consideration must be given to the fact that a vehicle shall be able to support not just one SR-Vehicle-Function but several. These may be utilized at staggered intervals or occur simultaneously.
The objective of this VDA recommendation is to define a safety standard for the electrical power supply, which is reflected in the interpretation of the relevant passages of ISO 26262:2018, the structure of the safety concept and the requirements for the Elements. Furthermore, this recommendation deals with critical issues in the application of ISO 26262:2018 and presents exemplary case studies.
