Skip to main content

Application of STPA for the Elicitation of Safety Requirements for a Machine Learning-Based Perception Component in Automotive

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13414)


Approaches based on Machine Learning (ML) provide novel and promising solutions to implement safety-critical functions in the field of autonomous driving. Establishing assurance in these ML components through safety requirements is critical, as the failure of these components may lead to hazardous events such as pedestrians being hit by the ego vehicle due to an erroneous output of an ML component (e.g., a pedestrian not being detected in a safety-critical region). In this paper, we present our experience with applying the System-Theoretic Process Analysis (STPA) approach for an ML-based perception component within a pedestrian collision avoidance system. STPA is integrated into the safety life cycle of functional safety (regulated by ISO 26262) complemented with safety of the intended functionality (regulated by ISO/FDIS 21448) in order to elicit safety requirements. These requirements are derived from STPA unsafe control actions and loss scenarios, thus enabling the traceability from hazards to ML safety requirements. For specifying loss scenarios, we propose to refer to erroneous outputs of the ML component due to the ML functional insufficiencies, while adhering to the guidelines of the STPA handbook.


  • Safety requirements
  • Machine Learning
  • Functional insufficiencies
  • STPA
  • ISO 26262
  • ISO/FDIS 21448

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.


  1. Abdulkhaleq, A., Wagner, S., Lammering, D., Boehmert, H., Blueher, P.: Using STPA in compliance with ISO 26262 for developing a safe architecture for fully automated vehicles. In: Automotive - Safety & Security. LNI, vol. P-269, pp. 149–162. Gesellschaft für Informatik, Bonn (2017)

    Google Scholar 

  2. Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Depend. Secur. Comput. 1(1), 11–33 (2004)

    CrossRef  Google Scholar 

  3. Becker, C., Brewer, J.C., Yount, L., et al.: Safety of the intended functionality of lane-centering and lane-changing maneuvers of a generic level 3 highway chauffeur system. Tech. rep, US National Highway Traffic Safety Administration (2020)

    Google Scholar 

  4. Berk, M., Schubert, O., Kroll, H.M., Buschardt, B., Straub, D.: Assessing the safety of environment perception in automated driving vehicles. SAE Int. J. Transp. Saf. 8(1), 49–74 (2020)

    Google Scholar 

  5. Gauerhof, L., Hawkins, R., Picardi, C., Paterson, C., Hagiwara, Y., Habli, I.: Assuring the safety of machine learning for pedestrian detection at crossings. In: Casimiro, A., Ortmeier, F., Bitsch, F., Ferreira, P. (eds.) SAFECOMP 2020. LNCS, vol. 12234, pp. 197–212. Springer, Cham (2020).

    CrossRef  Google Scholar 

  6. ISO: ISO 26262 - Road vehicles - Functional safety (2011)

    Google Scholar 

  7. ISO: ISO/FDIS 21448 - Road vehicles - Safety of the intended functionality (2022)

    Google Scholar 

  8. KI-Familie Newsletter,

  9. Kirovskii, O.M., Gorelov, V.A.: Driver assistance systems: analysis, tests and the safety case. ISO 26262 and ISO PAS 21448. IOP Conf. Ser. Mater. Sci. Eng. 534, 012019 (2019)

    Google Scholar 

  10. Kramer, B., Neurohr, C., Büker, M., Böde, E., Fränzle, M., Damm, W.: Identification and quantification of hazardous scenarios for automated driving. In: Zeller, M., Höfig, K. (eds.) IMBSA 2020. LNCS, vol. 12297, pp. 163–178. Springer, Cham (2020).

    CrossRef  Google Scholar 

  11. Leveson, N.G.: Engineering a Safer World: Systems Thinking Applied to Safety. The MIT Press, Cambridge (2016)

    Google Scholar 

  12. Leveson, N.G., Thomas, J.P.: STPA Handbook. MIT Partnership for Systems Approaches to Safety and Security (PSASS) (2018)

    Google Scholar 

  13. Salay, R., et al.: The missing link: Developing a safety case for perception components in automated driving. arXiv:2108.13294 (2021)

  14. Sämann, T., Schlicht, P., Hüger, F.: Strategy to increase the safety of a DNN-based perception for had systems. arXiv:2002.08935 (2020)

  15. Schwalbe, G., et al.: Structuring the safety argumentation for deep neural network based perception in automotive applications. In: Casimiro, A., Ortmeier, F., Schoitsch, E., Bitsch, F., Ferreira, P. (eds.) SAFECOMP 2020. LNCS, vol. 12235, pp. 383–394. Springer, Cham (2020).

    CrossRef  Google Scholar 

  16. Sulaman, S.M., Beer, A., Felderer, M., Höst, M.: Comparison of the FMEA and STPA safety analysis methods-a case study. Softw. Qual. J. 27(1), 349–387 (2019)

    CrossRef  Google Scholar 

  17. Vaicenavicius, J., Wiklund, T., Grigaitė, A., Kalkauskas, A., Vysniauskas, I., Keen, S.: Self-driving car safety quantification via component-level analysis. arXiv:2009.01119 (2020)

  18. Willers, O., Sudholt, S., Raafatnia, S., Abrecht, S.: Safety concerns and mitigation approaches regarding the use of deep learning in safety-critical perception tasks. arXiv:2001.08001 (2020)

  19. Zhang, S., Tang, T., Liu, J.: A hazard analysis approach for the SOTIF in intelligent railway driving assistance systems using stpa and complex network. Appl. Sci. 11(16), 7714 (2021)

    CrossRef  Google Scholar 

Download references


The research leading to these results is funded by the German Federal Ministry for Economic Affairs and Energy within the project “KI Absicherung - Safe AI for Automated Driving”. The authors would like to thank the consortium for the successful cooperation. C. Cârlan worked on this paper during her time as a researcher at fortiss Research Institute of the Free State of Bavaria.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Esra Acar Celik .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Acar Celik, E., Cârlan, C., Abdulkhaleq, A., Bauer, F., Schels, M., Putzer, H.J. (2022). Application of STPA for the Elicitation of Safety Requirements for a Machine Learning-Based Perception Component in Automotive. In: Trapp, M., Saglietti, F., Spisländer, M., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2022. Lecture Notes in Computer Science, vol 13414. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-14834-7

  • Online ISBN: 978-3-031-14835-4

  • eBook Packages: Computer ScienceComputer Science (R0)