2.1 Motivation for the Consideration of Use Cases

Although autonomous driving is characterized (see Chap. 1) by the definition for “fully automated” according to BASt [1] as well as the quote by Feil [2] “self-determination within the scope of an higher (moral) law”, it is possible to come up with a large variety of usage scenarios and specifications for autonomous driving. In order to grasp this variety, proxies are sought, which on the one hand make use of distinguishing characteristics, and on the other hand describe typical usage scenarios for autonomous driving. In the following, these will be called use cases for autonomous driving. Besides the nomenclature, the use cases are defined by their distinguishing characteristics, so that a common understanding can be reached for all writing and reading these book chapters. In addition, the use cases are supposed to serve as reference scenarios for further discussion. It is not intended to exclude other examples. However it is recommended to use the defined use cases to avoid misunderstanding or oversight. The following definitions and assumptions can additionally be expanded for the different book chapters with detailed descriptions. As for the different book chapters, definitions and assumptions are relevant in different ways. For instance the owner relations are less important for a technical point of view than for taking a look at the market impact. Thus, definitions and assumptions are to be examined critically. Desired results from working with these use cases are a founded change of definitions and assumptions as well as possible controversy, which arise in between the different topics (different parameter sensitivity).

The following description of the use cases is structured in 4 sections. Section 2.2, general assumptions, describes the limitations and assumptions that are used and are supposed to apply for all use cases. Section 2.3 introduces the four selected use cases and defines the specific characteristics. Section 2.4 explains the selection and the level of detail for the characteristics describing the use cases. Section 2.5, general definitions, proposes definitions, which facilitate a unique description of the use cases.

2.2 General Assumptions

Besides the characteristics which distinguish the use cases, and which are listed in the following section, there are additional attributes, which apply to the chosen use cases as well. The following general assumptions describe these attributes.

Mixed operation: One basic assumption is that the use cases are deployed at the considered time in a mixed operation of transportation systems with different levels of automation. Road traffic consists of vehicles with all levels of automation ranging from “driver-only” to “assisted” to “fully automated”. During the stepwise introduction of automation, both human vehicle operation and driving robot operation are equally likely.

Failures: Hardware or software failures can also happen with autonomously driven vehicles. However, it is assumed that a vehicle designed according to the state of the art (e.g. ISO 26262) is, with regard to the failures mentioned, at least as reliable and safe as today’s vehicles.

Level of detail: The description of the use cases is not a detailed specification. Instead of a detailed description of weather conditions, light conditions, road surface conditions etc. the following simplification is assumed. The quality as well as the success rate with which the driving robot performs the driving task is similar to the human quality and success rate. For example, heavy rain leads only to transition to the safe state and discontinuation of the transportation task when a driver would discontinue the journey as well. This document does not tackle the question of whether this assumption from the user’s point of view, the society’s point of view etc. is sufficient. Furthermore, in this document the question of how this quality and success rate is quantified and proved remains unanswered.

Conformity with regulations: For all use cases it is assumed that the autonomous journey is performed compliant with the set of rules of the respective jurisdiction (federal/national level, state level in the United States), in which the driving actually takes place. The question about the action in dilemma situations directly arises from this assumption. Is the driving robot permitted, or is it even possible, to disregard rules in order to prevent major damage? For these use cases it is assumed that a legally valid set of rules, respectively meta-rules, exists, which the driving robot follows. In order to do so, the respective authority has granted permission to perform autonomous driving, while it is not further contemplated how such permission can be obtained and what the respective rules might be.

2.3 Description of the Use Cases

The motivations and general assumptions underlying the use cases are laid out above, and the characteristics considered for their description are explained in Sect. 2.4. The combination of these characteristics and/or their values leads to a very large number of use cases, which cannot be described in detail. The four use cases described in the following serve, as mentioned above, as proxies for this multitude of possible use cases. Other use cases are not disregarded but our focus is set on the following four:

  • Interstate Pilot Using Driver for Extended Availability.

  • Autonomous Valet Parking.

  • Full Automation Using Driver for Extended Availability.

  • Vehicle on Demand.

The partition of the driving task between human and driving robot, in which the four versions differ, has particularly contributed to the selection of the use cases. The first two use cases are seen as introductory versions, while the two latter use cases present widely developed versions of autonomous driving.

2.3.1 Interstate Pilot Using Driver for Extended Availability

An exemplary use case of the interstate pilot is depicted in Fig. 2.1.

Fig. 2.1
figure 1

Interstate pilot using driver for extended availability

Full size image

2.3.1.1 Benefit

The driving robot takes over the driving task of the driver exclusively on interstates or interstate-like expressways. The driver becomes just a passenger during the autonomous journey, can take his/her hands off of the steering wheel and pedals, and can pursue other activities.

2.3.1.2 Description

As soon as the driver has entered the interstate, he/she can, if desired, activate the driving robot. This takes place most logically in conjunction with indicating the desired destination. The driving robot takes over navigation, guidance, and control until the exit from or end of the interstate is reached. The driving robot safely coordinates the handover to the driver. If the driver does not meet the requirements for safe handover, e.g. because he/she is asleep or appears to have no situation awareness, the driving robot transfers the vehicle to the risk-minimal state on the emergency lane or shortly after exiting the interstate. During the autonomous journey, no situation awareness is required from the occupant; the definition for fully automated driving according to BASt [1] applies. Because of simple scenery and limited dynamic objects, this use case is considered as an introductory scenario, even if the comparatively high vehicle velocity exacerbates accomplishing the risk-minimal state considerably.

2.3.1.3 Values of Characteristics

Table 2.1 summarizes the characteristics for the interstate pilot use case. Figure 2.2 shows the intervention possibilities for instances on the levels of the driving task for the use case Interstate Pilot. “The entities which can intervene into the driving task are depicted on the right side of the hierarchy and are sorted from dominant at the top to recessive at the bottom.” The vehicle user is the only entity which may intervene. It should be emphasized again that the handover is managed in a safe manner through the driving robot. Potential service providers, police and ambulance with specific authority, a traffic coordinator etc. do not have any possibility to intervene with the vehicle control.

Fig. 2.2
figure 2

Interstate pilot options for intervention

Full size image
Table 2.1 Values of characteristics for interstate pilot using driver for extended availability
Full size table

2.3.2 Autonomous Valet Parking

An exemplary use case of the autonomous valet parking is depicted in Fig. 2.3.

Fig. 2.3
figure 3

Autonomous valet parking

Full size image
Fig. 2.4
figure 4

Autonomous valet parking options for intervention

Full size image

2.3.2.1 Benefit

The driving robot parks the vehicle at a remote location after the passengers have exited and cargo has been unloaded. The driving robot drives the vehicle from the parking location to a desired destination. The driving robot re-parks the vehicle.

The driver saves the time of finding a parking spot as well as of walking to/from a remote parking spot. In addition, access to the vehicle is eased (spatially and temporally). Additional parking space is used more efficiently and search for parking is arranged more efficiently.

2.3.2.2 Description

If a driver has reached his/her destination (for example place of work, gym, or home), he/she stops the vehicle, exits, and orders the driving robot to park the vehicle. The vehicle can be privately owned, but might also be owned by a carsharing provider or similar business model. Therefore, the driving robot may now drive the vehicle to a private, public, or service-provider-owned parking lot. It is important to assign a parking lot to the driving robot. The search for the respective parking lot by the driving robot is not taken into consideration for this use case. Therefore a defined destination for the driving robot is always given. Because of the low velocity and the light traffic situation, the deployment of Autonomous Valet Parking is limited to the immediate vicinity of the location where the driver left the vehicle. On the one hand, this limitation reduces the requirements regarding the (driving-) capabilities of the driving robot significantly, because lower kinetic energy as well as shorter stopping distances results from lower velocity. On the other hand, this use case could potentially irritate or frustrate other road users. However, this use case seems to be suitable as an introductory scenario.

An authorized user in the vicinity of the vehicle can indicate a pick-up location to the driving robot. The driving robot drives the vehicle to the target destination and stops, so that the driver can enter and take over the driving task.

If desired by the parking lot administration, the driving robot can re-park the vehicle.

2.3.2.3 Values of Characteristics

Table 2.2 summarizes the characteristics for the autonomous valet parking use case. The entities which can intervene into the driving task are depicted on the right side of the hierarchy and are sorted from dominant at the top to recessive at the bottom (see Fig. 2.4). The vehicle user can change the driving mission from outside of the vehicle and instruct the driving robot to perform a safe exit. The service provider overrules the vehicle user and can also influence the driving mission and the safe exit. Both entities are overruled by the entities with exclusive rights. For example, the police or ambulance can decelerate the vehicle on the guidance level, change navigation and driving mission, and order a safe exit.

Table 2.2 Values of characteristics for autonomous valet parking
Full size table

2.3.3 Full Automation Using Driver for Extended Availability

An exemplary use case of the full automation using driver for extended availability is depicted in Fig. 2.5.

Fig. 2.5
figure 5

Full automation using driver for extended availability

Full size image

2.3.3.1 Benefit

If the driver desires to do so, he/she hands over the driving task to the driving robot in permitted areas. The driver becomes just a passenger during the autonomous journey, can take his/her hands off of the steering wheel and pedals, and can pursue other activities.

2.3.3.2 Description

If the driver desires, he/she can always hand over the driving task to the driving robot, whenever the current scenery is cleared to do so. Almost the entire traffic area in the permitted country is approved for the vehicle; however, such approval is subject to restrictions. If, for instance, the traffic flow is rerouted, a new parking structure opens, or similar changes are undertaken to the infrastructure, then the respective areas cannot be navigated autonomously until further approval. It also appears to be reasonable in this scenario that road sections are excluded from approval permanently or temporarily, e.g. roads with a high frequency of pedestrians crossing. Here again, the handover between driver and driving robot has to be managed in a safe manner.

This use case might come as close as it gets to today’s visions for autonomous driving, as it corresponds strongly with today’s passenger vehicle usage, and the driving task is almost completely delegated to the driving robot while the traditional main user and driver still participate in the journey.

2.3.3.3 Values of Characteristics

Table 2.3 summarizes the characteristics for the full automation using driver for extended availability use case. Figure 2.6 shows, which entity (right) intervenes with a certain driving task (left) on a certain level. If desired, the vehicle user can drive the vehicle the same way as driving a classic driver only automobile, provided that the driving task has been handed over safely from the driving robot. Furthermore, the vehicle user can intervene on the level of the navigation, guidance and control tasks. The vehicle user dominates the entities with exclusive rights. The vehicle user can therefore overrule police or ambulance, which can exclusively intervene on the guidance level. The same is true for the service provider. The service provider can intervene on the navigation and guidance level, as long as not overruled by the vehicle user. It is left open in this document for which services the service provider needs access. Some concepts propose services where the service provider takes over the navigation for commercial use and partly pays for fuel and travel expenses.

Fig. 2.6
figure 6

Full automation using driver for extended availability options for intervention

Full size image
Table 2.3 Values of characteristics for full automation using driver for extended availability
Full size table

2.3.4 Vehicle on Demand

An exemplary use case of the vehicle on demand is depicted in Fig. 2.7.

Fig. 2.7
figure 7

Vehicle on demand (scenery marked red is not part of the operating area)

Full size image
Fig. 2.8
figure 8

Vehicle on demand options for intervention

Full size image

2.3.4.1 Benefit

The driving robot drives the vehicle autonomously in all scenarios with occupants, with cargo, but also completely without any payload. The driving robot makes the vehicle available at any requested location. Passengers use the travel time completely independently for other activities than performing the driving task. The cabin is designed completely independently from any restrictions of a driver workplace whatsoever. Cargo can be transported with the aid of the driving robot continuously for 24 h a day, as long as it is not restricted by the energy supply for driving.

2.3.4.2 Description

The driving robot receives the requested destination from occupants or external entities (users, service provider, etc.), to which the vehicle proceeds autonomously. Humans do not have any option to take over the driving task. The human can only indicate the destination or activate the safe exit, so that he/she can exit the vehicle safely as quickly as possible. With this driving robot, a wealth of different business models is conceivable. A mix of taxi service and car sharing, autonomous cargo vehicles or even usage models that goes beyond the pure transportation task. One example could be a vehicle for social networks that uses information from the network directly in order to plan routes, match people or enables further services which have not yet been thought of.

2.3.4.3 Values of Characteristics

Table 2.4 summarizes the characteristics for the vehicle on demand use case. The possibilities for intervention regarding the use case vehicle on demand are especially broad (see Fig. 2.8), due to the enormous (driving) abilities of the driving robot. The driving robot always carries out the control level. An entity with exclusive rights (e.g. police or ambulance) and the entity for traffic management can both intervene on navigation and guidance levels. Vehicle users and service providers can influence the safe exit and therefore instruct the driving robot to a fast and safe stop in order for a passenger to leave the vehicle. It is especially noticeable that service providers and the authority with exclusive rights can overrule the vehicle user. If one authority overrules the user, he/she cannot perform the safe exit anymore and has to stay in the vehicle. This constellation is similar to that of current taxi concepts. The taxi driver can stop as fast as possible, if the passenger so requests. Generally though, he (the taxi driver) also has the possibility to disregard this request and drive the vehicle as he/she own desires.

Table 2.4 Values of characteristics for Vehicle on Demand
Full size table

2.4 Selected Characteristics to Describe the Use Cases

In this section, the characteristics describing the use cases and their values are explained in more detail. Besides the following few technical characteristics of autonomous driving, it is possible to define further distinguishing attributes, for example regarding the business model or market position. This will be disregarded for now because of the as-yet little knowledge in this area.

The characteristics, in alphabetical order A to I, were derived from the three-level-model for the driving task according to Donges [3] and chosen for the description. In that model, the driving task is divided into the three levels navigation, guidance, and control.

2.4.1 Characteristic A: Type of Occupant

2.4.1.1 Motivation

For today’s individual mobility with a vehicle, a human is required to be permanently in the vehicle and to control it under all circumstances [4]. This constraint could change with the automation of the driving task. Thus the vehicle concept and the safety concept depend on the type of occupant.

2.4.1.2 Values of the Characteristic

Here, the following values are distinguished:

  1. 1.

    no cargo and no persons, therefore no specific occupant or cargo protection interests

  2. 2.

    cargo approved for transportation

  3. 3.

    person/s with agreed destinations

  4. 4.

    persons with non-agreed destinations.

One use case can be covered by several values of this characteristic. The distinction between value 3 and 4 is made in order to distinguish between individual and public transportation. A vehicle of individual transportation carries persons with agreed destinations. In contrast, a vehicle of public transportation carries multiple persons who have not previously agreed upon a destination. However, persons reach their destinations with public transportation, because a schedule with destinations and intermediate stops is established.

2.4.2 Characteristic B: Maximum Permitted Gross Weight

2.4.2.1 Motivation

The maximum permitted gross weight influences safety considerations via kinetic energy. Besides safety considerations, looking at gross weight extends the discussion beyond individual transportation to public transportation, freight transportation as well as road infrastructure. In addition, this characteristic addresses the question of vehicle types, which potentially are not compatible with current vehicle types because of the autonomous driving functions and changing requirements, on a high level. Instead of considering the boundaries of often country-specific vehicle classes, four mass attributes are chosen. They range in values from ultra-light vehicles to heavy trucks and each step spans a factor of 4 between types.

2.4.2.2 Values of the Characteristic

Discrete distinctions have been established in order to describe the imagined use cases and to roughly categorize their mass. An exact determination of the mass is possible for existing use cases and specified deployment. Characteristic B covers the following values:

  1. 1.

    ultra-light vehicles around 500 kg

  2. 2.

    passenger vehicle around 2 t

  3. 3.

    light commercial trucks and vans around 8 t

  4. 4.

    trucks around 32 t.

2.4.3 Characteristic C: Maximum Deployment Velocity

2.4.3.1 Motivation

The characteristic of maximum deployment velocity (to be precise the square of the velocity) determines, multiplied with the mass, the kinetic energy of a vehicle, and therefore also needs to be distinguished. In addition, stopping distance is calculated using the square of the velocity. Accordingly, the autonomous system’s requirements regarding a risk-minimal state in case of failure or when reaching functional limitations grow with the velocity squared.

Besides safety considerations, travel time and the range achievable in a given time at a given deployment velocity are also values that influence individual mobility. In addition, the deployment velocity directly defines the road type which can be used if a minimum velocity is required for using it.

2.4.3.2 Values of Characteristic

The maximum deployment velocity, characteristic C, has five proxy values, one for walking speed, and four in steps with a factor of two (= factor 4 in terms of kinetic energy and stopping distance). For concrete use cases the values and regulations need to be adapted to the respective deployment. Discrete distinctions have been established in order to describe the imagined use cases and to roughly categorize their velocity. An exact determination of the velocity is possible for existing use cases and defined deployments.

  1. 1.

    up to 5 km/h

  2. 2.

    up to 30 km/h

  3. 3.

    up to 60 km/h

  4. 4.

    up to 120 km/h

  5. 5.

    up to 240 km/h.

2.4.4 Characteristic D: Scenery

2.4.4.1 Motivation

Which spatial areas accessible to the driver through the driver-only automobile will also be made accessible with the described use case of autonomous driving? The scenery characteristic describes the spatial deployment in which the vehicle drives autonomously. For instance, do standardized structures exist, how many lanes are available, and do other markings exist?

Even static scenery can be diverse and present a challenge for the driving robot. One example of this, as is often mentioned, is traffic lanes covered with snow, or traffic signs hidden by bushes or trees. Such conditions, which are potentially unknown and non-changeable at the beginning of a journey, will not be considered with this characteristic. Determining the extent to which the driving robot can deal with scenery and conditions rests on the assumption that the robot can accomplish the driving task as well as a human driver.

This characteristic therefore describes scenarios that are predictable and that follow existing rules on a high level (location, environment and function of the road).

2.4.4.2 Values of the Characteristic

Dimension: type of scenery

  1. 1.

    off-road terrain

  2. 2.

    agricultural road

  3. 3.

    parking lot or parking structure

  4. 4.

    access road

  5. 5.

    main traffic roads

  6. 6.

    urban arterial road

  7. 7.

    country road

  8. 8.

    interstate

  9. 9.

    special areas.

The scenery characteristic in its first dimension covers 9 values (the scenery types from the German guidelines for integrated network design [5] were expanded) (Table 2.5):

Table 2.5 Scenery values description
Full size table

Besides this value that describes the scenery within which a specific use case can be performed, the characteristic has a second dimension, which is the condition whether access to the scenery has to be permitted explicitly or not. The respective values are the following:

  1. a.

    Without permission allowed: All sceneries of this kind are permitted for driving robot operation.

  2. b.

    Only with permission allowed: Only selected and permitted sceneries of this kind permit a driving robot to operate autonomously in this area.

For now, it is left open who grants this permission and whether that is a private or public administration. In that sense, the type of permission is not further specified, for example the infrastructure could be in maintenance mode or a map could be provided, enriched with additional information. And also, the permission could include a temporary component and statistical or dynamic cutoff times for specific scenery areas.

2.4.5 Characteristic E: Dynamic Elements

2.4.5.1 Motivation

Besides the scenery, the complexity of a scene depends largely on dynamic elements. The dynamic elements in the scene with the autonomously driving vehicle extend the requirements on the driving abilities of the driving robot. Therefore this characteristic describes to what extent the use case can be deployed in the current traffic situation and if limitations or exclusions for the dynamic elements are considered.

2.4.5.2 Values of the Characteristic

Four values of the characteristic are distinguished (Table 2.6):

  1. 1.

    without exclusion

  2. 2.

    only motor vehicles

  3. 3.

    only autonomously driving vehicles

  4. 4.

    no other dynamic elements.

The exclusion of other dynamic elements for the values 2–4 is not determined in an absolute way. The scene on a contemporary interstate is described for instance through value (2) only motor vehicles. However, while the situation that one person or cyclist steps on the interstate applies in theory, it is disregarded here due to the respective probability of occurrence. According to the assumption in Sect. 2.2 that most likely there will be a mixed operation, only the values 1 and 2 will be used for the use cases.

Table 2.6 Dynamic elements values description
Full size table

2.4.6 Characteristic F: Information Flow Between the Driving Robot and Other Entities

2.4.6.1 Motivation

As described in Sect. 2.5, the driving robot carries out the tasks of perception, cognition, behavior decision and behavior execution. To do so, information about the state of the vehicle driven by the robot is required, such as position and velocity, but also information about the environment and occupants. This information is derived either from sensors, reading from memory systems, or through communication. How and which information is exchanged between the driving robot and respective entities is defined by the purpose of the information flow. In order to describe the information flow for one use case, the purposes of information exchange are assigned to the use cases.

The availability of the information, its transmission, and the communication partner all have to be suitable for the deployment purpose. As already mentioned, it is additionally assumed that the technology is only introduced onto the market slowly. Therefore not all dynamic elements in the vicinity are able to participate in the information exchange, so that a mixed operation has to be assumed.

The information flow of the driving robot considered herein is a subset of the entire information flow of the vehicle. We shall for the moment disregard purposes that are part of infotainment and convenience systems. Current news, access to social networks, or music streaming may as specific services increase the additional benefit of the autonomous journey; however, the information flow of these services is not primarily relevant for autonomous driving. Therefore only purposes impacting traffic safety, traffic efficiency, as well as purposes that are potentially prerequisites for the autonomous journey, are described as distinguishing attributes.

2.4.6.2 Values of the Characteristic

Eight purposes of the information flow are distinguished (Table 2.7):

  1. 1.

    navigation optimization

  2. 2.

    path-tracking optimization

  3. 3.

    control optimization

  4. 4.

    provision of environmental information

  5. 5.

    updating the driving robot’s capability

  6. 6.

    monitoring the driving robot

  7. 7.

    monitoring occupants

  8. 8.

    occupant emergency call.

The first three values might also lead to interactions to negotiate the temporal or spatial usage of the traffic infrastructure. For now this interaction is disregarded.

Table 2.7 Information flow between driving robot and other entities values description
Full size table

2.4.7 Characteristic G: Availability Concept

2.4.7.1 Motivation

During normal operation the driving robot controls the vehicle within the permitted area. If the driving robot reaches a generally non-predictable functional limitation, the driving robot hands over to a specified availability concept. This availability concept defines how to continue the driving mission. Such functional limitations can be unknown obstacles on the road, which no longer permit a continuation within the autonomy of decision-making. An example for such an obstacle is a branch extending to the road, so that the vehicle needs to touch the branch in order to continue the journey. The extent to which the availability concept takes over the entire driving task, or just takes over the decision-making, is left open intentionally.

2.4.7.2 Values of the Characteristic

The following availability concepts are distinguished (Table 2.8):

  1. 1.

    no additional availability

  2. 2.

    availability through driver

  3. 3.

    tele-operated driving

  4. 4.

    pilot service

  5. 5.

    electric towing.

The handover from the driving robot to the alternative availability concept is to be implemented risk-minimally. The driving robot transfers the vehicle for the handover to that risk-minimal state which is suitable for the transfer to the availability concept.

The respective interfaces for the availability through driver, remote control, a pilot, or towing need to be available.

Table 2.8 Availability concept values description
Full size table

2.4.8 Characteristic H: Extension Concept

2.4.8.1 Motivation

Not necessarily all areas necessary for the transportation task will be covered with the help of autonomous driving, especially not at the beginning of its introduction. Subdomains will remain which cannot be controlled autonomously. Nevertheless, in order to fulfill the mobility needs of customers, portions outside the regime of automated driving can be covered with extension concepts. The extension concept describes whether and with what aid it becomes possible to perform the vehicle control outside the area specified for autonomous driving.

2.4.8.2 Values of the Characteristic

Characteristic H has 5 values (Table 2.9):

  1. 1.

    No substitute beyond the operating area, i.e. the autonomous driving area covers the specified transportation tasks completely. The vehicle with this value is an exclusive-autonomous vehicle. If the deployment also covers the entire deployment of current vehicles, it is a fully autonomous vehicle.

  2. 2.

    Driver: A human takes over the driving task.

  3. 3.

    Tele-operated driving: The driving task is performed by an external operator.

  4. 4.

    Pilot service: An especially trained person takes over the driving task in a specific regime.

  5. 5.

    Extra transportation device: At the boundaries of deployment, the driving robot coordinates the handover of the vehicle to an extra transportation device so that this transportation device can continue the transportation task. Possible examples would be the long-distance transport of urban vehicles with the help of a road train or a concept similar to an electronic tow-bar.

If the driver is considered (the driver value), it is inevitably necessary that a vehicle control interface (driver workplace) is available. In addition it is assumed that a capable person holding a driver’s license is an occupant for the journey outside the autonomous driving area. For other cases, values that are futuristic from today’s perspective (tele-operated driving as well as pilot service), a necessary service/interface needs to be provided for these alternatives.

Table 2.9 Extension concept values description
Full size table

2.4.9 Characteristic I: Options for Intervention

2.4.9.1 Motivation

According to Donges [3], the three primary driving tasks of navigation, guidance, and stabilization need to be fulfilled in order to guide a vehicle to the desired destination of the journey. Löper and Flemisch [6] as well as others replaces stabilization by the term control. The task of control covers the stabilization and in addition vehicle control in situations of vehicle-dynamics instability. Therefore, the primary driving tasks will be navigation, guidance, and control.

According to the definition of fully automated driving, this driving task is transferred completely to the driving robot. When a destination is indicated to the driving robot, it fulfills the navigation, guidance, and control tasks and guides the vehicle to the desired destination. Although the driving robot will execute these tasks, the internal system architecture is not necessarily structured in such a way.

In contrast, with the exception of hazardous situations (electronic stability control, anti-lock braking system, automated emergency braking), the driver is in control of current production vehicles (overwrite capability). The human fulfills the driving tasks at the driver workplace in the vehicle. Thus he/she currently has the option to correct the actions of assistance systems, i.e. to override them.

Therefore there are two entities, the occupant as well as the driving robot, which basically have the capability to control the vehicle.

In addition, ideas and concepts for remote vehicle operation (tele-operated) exist, in which entities external to the vehicle intervene in the vehicle guidance. If a communication link as well as a respective interface for the world outside of the vehicle exists, these external entities also have the capability to influence the vehicle control. Therefore, in total three groups of entities—internal, vehicle, and external—can be distinguished which can intervene with the vehicle control during the autonomous journey.

To simplify the description of this characteristic, the occupants (adults, minors, people with limiting disability etc.) are summarized as the internal group. Influences outside the vehicle (law enforcement (e.g. police), registered vehicle owners (if not part of internal group), authorized agents etc.) are summarized as the external group.

If the entities are considered independently, the following questions regarding their options for intervention apply:

  1. 1.

    On which level of vehicle control does the entity have the option to intervene?

  2. 2.

    For which level of vehicle control does the entity have the authorization to intervene?

The first is answered via the vehicle concept of the use case. If the entity is supposed to have the option for intervention, an appropriate interface in the vehicle concept is provided to the entity.

The second question requires a statutory rule that defines which authorization is assigned to entities according to their properties and responsibilities. At this point it will not be further elaborated who sets and checks these rules, whether there is a driving test of some sort for the different levels, and if authorizations such as a driver’s license or access codes are needed.

From this, the following combinations of options for interventions that the vehicle provides and the authorization for intervention that the entity possesses result:

  1. a.

    The vehicle concept offers the option for intervention on one of the three levels (navigation, guidance and control) and the entity is authorized to intervene on the same level of the driving task. Therefore the entity can intervene.

  2. b.

    The vehicle concept offers the option, but the entity is not authorized to intervene on one level. This situation correlates to a child that is in the driver’s seat. For the use cases, it is assumed for this situation that the law for this situation regulates the intervention by the entity.

  3. c.

    The vehicle concept does not offer the option, but the entity is authorized to intervene on one level. This correlates to a driver in the back seat, who cannot intervene.

  4. d.

    The use case offers the option on one level, however the entity is authorized to intervene on a different level of the driving task. Also with this combination, the intervention is not permitted to the entity.

Only with combination (a) can the driving robot be influenced and/or overruled by the entity on one level of the driving task.

For the description of the use cases it follows that those entities are listed for which at least one authorization matches one available option of the vehicle concept.

In addition, it is assumed that statutory regulation will punish and therefore preclude misuse. This assumption also applies to current vehicle concepts. For example, it is not technology that prevents children from driving a vehicle, but rather the respective statutory regulation in combination with required supervision.

If the entities are now considered simultaneously and the entities are therefore able to act simultaneously on the three levels, the third question applies.

  1. 3.

    Which entity is dominant and how is the hierarchy of the entities defined in case of a conflict because of simultaneous interventions (Fig. 2.9)?

    Fig. 2.9
    figure 9

    Driving task conflict of interventions between entities

    Full size image

In order to answer this question for the description of the use cases, the intervention of the entities has to be attributed with a certain hierarchy. Which entity dominates others and thereby decides the vehicle behavior on the different levels of the driving task? A hierarchy of the entities needs to be implemented in the vehicle design.

In this it needs to be acknowledged that, in addition to the hierarchy of the entities, there also needs to be a hierarchy of the levels for the driving task. Control always overrules guidance and guidance always overrules navigation. Therefore it is additionally defined that internal or external entities can intervene only on one level. The entity with the highest priority suppresses other interventions.

Through autonomous driving it is also possible to exclusively transport persons who are not able to perform the driving task or to change the driving mission. However, in order to provide occupants with the option to exit safely as fast as possible, the safe exit is introduced as a special driving mission. If the occupant gains access to the safe exit with the highest priority, he/she might not necessarily be able to change the destination of the journey, but can exit the vehicle as fast as possible.

2.5 General Definitions

Some basic terms, which will be used in the following sections, are defined as follows:

navigation—according to Donges [3], navigation includes choosing an appropriate driving route from the available road network as well as an estimation of the expected time requirement. If there is information about current interferences, such as accidents, road works or traffic jams, a change in route planning may be necessary.

guidance—according to Donges [3], the task of guidance is basically to derive the advisable command variables, such as the intended track and the set-point speed, from the road situation ahead as well as from the planned route. Part of the guidance is also to anticipatorily intervene the open-loop control to create favorable conditions for the lowest possible deviations between set and actual values.

stabilization (control)—to fulfill the stabilization task, according to Donges [3], the driver has to ensure with corrective actions that the deviations in the closed-loop control are stabilized and compensated to a level for which the driver is capable of handling.

driver only—ground (0) level of automation according to BASt [1]: “the driver continuously (throughout the complete trip) accomplishes longitudinal (accelerating/braking) and lateral (steering) control.”

assisted—the first (1) level of automation according to BASt [1]: “the driver continuously accomplishes either lateral or longitudinal control. The other/remaining task is accomplished by the automating system to a certain level only.

  • The driver must permanently monitor the system.

  • The driver must at any time be prepared to take over complete control of the vehicle.”

fully automated—the fourth (4) level of automation according to BASt [1]: “the system takes over lateral and longitudinal control completely within the individual specification of the application.

  • The driver does not need to monitor the system.

  • Before the specified limits of the application are reached, the system requests the driver to take over with a sufficient time buffer.

  • In the absence of a takeover, the system will return to the minimal risk condition by itself.

  • All system limits are detected by the system, the system is capable of returning to the minimum risk condition in all situations.”

autonomous driving—for autonomous driving, the driving task [3] is performed in a way that is called fully automated (level 4 automation according to BASt [1]). This definition is extended by the assumption that the machine behavior stays within an initially set behavioral framework.

machine driving capabilities—the machine (driving) capabilities are capabilities related to perception, cognition, behavior decisions as well as behavior execution.

driving robot—a driving robot is the implementation of the machine’s (driving) capabilities. The driving robot consists of hardware components (sensors, processors, and actuators) and software elements. It acts as the hardware and software, equivalent to the role of a driver in today’s vehicles as subjectFootnote 1 (the definition term for this system is still incomplete, so alternative suggestions are welcomed).

fully autonomous vehicle—a fully autonomous vehicle is a vehicle which can drive almost all routes autonomously, on the same level as driver-only vehicles. This definition is beyond the BASt [1] definition as it defines the vehicle and not the degree of automation.

exclusively autonomous vehicle (autonomous-only vehicle)—an exclusively autonomous vehicle is a vehicle which can drive all routes for which the vehicle has been specified autonomously from start to destination. This definition is beyond the BASt [1] definition as it defines the vehicle and not the degree of automation.

transportation task—the driving task describes a defined transportation object (vehicle, cargo, passenger etc.) that is transported from one start location to a destination location. Examples of the transportation task include park vehicle or get passenger to the requested destination.

driving mission—the driving mission describes the journey from start to destination in execution of the transportation task.

safe exit—the safe exit is a special driving mission. It leads the vehicle in the fastest way to a system status which allows the passengers to safely exit the vehicle.

driver—a driver is the human operator of a vehicle, without further specifying the driving capability. This means within a range of humans who have a driver’s license. The driver is the subject of autonomy in case of non-fully automated driving.

scenery—the term scenery according to Geyer et al. [8] refers to the static environment of the vehicle. This takes into consideration the geometry of pre-defined road types, number of lanes, curvature, position of traffic signs and traffic lights, as well as additional stationary objects such as construction areas and natural (e.g. bushes and trees) or man-made objects (e.g. buildings, walls).

dynamic elements—dynamic elements according to Geyer et al. [8] are temporary and spatially variable elements such as other road users, states of traffic lights, light as well as traffic conditions.

scene—the scene according to Geyer et al. [8] is built by the scenery, dynamic elements and optional driving instructions. A scene starts with the end of the earlier scene or—in case of the first scene—with a defined starting scene. Within a scene the elements, their behavior as well as the position of the autonomously driving vehicle are defined. The dynamic elements change their states within a scene.

situation—a clear definition of the term situation for the use-case description is still to be determined. In particular, an “objective, complete situation (description)” has to be distinguished from a “subjective, projective situation (description)”.

operating area—a spatial and/or temporal area, specified explicitly via the scenery and implicitly via the velocity, in which the vehicle can be moved autonomously through the operation of the driving robot.

operating limit Footnote 2—the operating limit is specified explicitly through the scenery and implicitly through the velocity, and is therefore a predictable boundary at which the driving task is handed over.

functional limit Footnote 3—a condition that appears in the permitted operation range but is not predictable in detail, which contradicts with continuing the autonomous journey. Even if the limit is not foreseeable, the driving robot recognizes it at an early stage.