Harm Minimization Under Autonomous Driving

Domain Context

The regulatory landscape for harm minimization in autonomous driving has crystallized over the past several years into a small set of formal frameworks, each of which presupposes that an autonomous vehicle's harm-tradeoff behavior is inspectable. The U.S. National Highway Traffic Safety Administration's Automated Vehicle Safety, Transparency, and Evaluation Program (AV STEP), launched as a voluntary framework and now functioning as a de facto reference for federal oversight, asks operators to characterize how their systems behave in conflict scenarios and how that behavior is governed. Mobileye and Intel's Responsibility-Sensitive Safety (RSS) model proposes a formal mathematical framework — minimum safe distances, response times, and reasonable-foresight envelopes — that produces a verifiable definition of "fault" in a collision. UN ECE Regulation 157, the Automated Lane Keeping System (ALKS) regulation, prescribes specific harm-minimization behaviors in named scenarios and has been adopted across the EU, Japan, and Korea.

Beneath these frameworks sit harder ethical instruments. Germany's 2017 Ethics Commission on Automated and Connected Driving issued twenty rules, several of which directly address harm ordering: a prohibition on personal-feature-based discrimination among potential victims, a requirement that unavoidable harm be minimized in aggregate, and a general principle that harm-ordering rules be transparent rather than emergent. The European Commission's 2020 Ethics of Connected and Automated Vehicles report and the 2024 IEEE 7000-series standards on ethically aligned design extend the same posture into international guidance.

These frameworks share a structural assumption that current AV stacks largely fail to satisfy: that the harm ordering against which the vehicle acts is a declared, externalizable, and replaceable artifact, not a property emergent from millions of lines of planner and prediction code.

Architectural Requirement

A harm-minimization-honest autonomous driving stack must expose three artifacts to its regulator, its operator, and its post-incident investigator. First, the active harm ordering — the priority lattice over outcome classes (occupant safety, vulnerable-road-user safety, property damage, traffic-flow disruption, comfort) that the vehicle is currently using — must be a named, signed object retrievable for any moment in operational history. Second, every decision in which two or more orderable harms were in tension must produce a structural event recording which orderings were evaluated, which alternative trajectories were considered, and which deviation from the declared ordering, if any, was incurred. Third, deviations must themselves be credentialed: a vehicle that departs from its declared ordering (because, say, sensor uncertainty triggered a fallback) must record the credential under which the deviation was authorized.

Without these three artifacts, RSS conformance becomes a statistical claim, ALKS conformance becomes a scenario-coverage exercise, and Ethics Commission compliance becomes rhetorical. With them, each becomes a verifiable architectural property.

Why Procedural Compliance Fails

The dominant industry posture toward harm minimization is procedural and post-hoc. Operators publish safety case documents that describe, in natural language, how their systems prefer to behave; they accumulate scenario libraries demonstrating in-distribution behavior; they reconstruct, after incidents, what the stack did and why it appeared reasonable. None of these mechanisms exposes the harm ordering as an inspectable object, and none of them survives the conditions under which harm-minimization regulation actually bites: a fatal collision in which two harm classes were in tension, a regulator who asks which ordering was active, and a courtroom in which the answer must be defensible against expert scrutiny.

The procedural posture also cannot survive jurisdictional pluralism. A vehicle operating in Munich is subject to a harm ordering shaped by the German Ethics Commission's twenty rules; the same physical vehicle, driving across the border into France or Switzerland, is subject to a different ethical and legal substrate; the same model, deployed in California, Texas, or Singapore, encounters yet other priority lattices. An implementation-embedded ordering forces the operator to either ship a single global compromise (and accept that the compromise is illegal somewhere) or maintain divergent codebases per jurisdiction (and accept the verification cost). Neither is sustainable as deployment scales.

The deepest failure is in incident review. When a regulator asks why the vehicle preferred occupant deceleration over evasive steering in a near-miss with a vulnerable road user, a procedural stack answers with a planner-trace reconstruction: feature weights, predicted-trajectory rankings, cost terms. The regulator cannot tell whether the answer represents a declared ordering honored or an emergent ordering after-the-fact rationalized. The asymmetry of evidence is itself the regulatory exposure.

What the AQ Primitive Provides

Governed actuation in the Adaptive Query model treats every actuation decision as graduated through continue / defer / refuse / partial modes, each gated by harm-minimization evaluation against an explicitly declared ordering. The harm ordering is a first-class object: a signed policy artifact that names the protected classes (occupants, pedestrians, cyclists, other vehicles, property, traffic flow), defines the priority lattice over them, and specifies the deviation authorities permitted under named conditions. The vehicle, at any moment, is operating against exactly one such ordering, and the ordering's identity, version, and signature are part of every actuation event.

In a tension scenario — the planner has identified that no available trajectory leaves all harm classes uncompromised — the architecture evaluates candidate trajectories against the active ordering and produces a structural decision record: which trajectories were considered, which harm classes each implicated, which ordering rule selected the chosen trajectory, and what counterfactual the alternative orderings would have produced. Post-actuation verification compares the executed trajectory to the predicted-and-selected one and flags any divergence as itself a harm-minimization event. Reversibility evaluation distinguishes decisions whose harm consequences are bounded and recoverable from those whose consequences are unbounded, enabling the architecture to refuse rather than continue when irreversible harm exceeds the credential's authority.

The continue / defer / refuse / partial graduation gives the architecture vocabulary for cases that procedural stacks cannot articulate cleanly. A defer outcome — execute a maximally-safe holding action while requesting clarification or human-in-loop input — is a legitimate harm-minimization response in many ALKS-relevant scenarios but rarely surfaces explicitly in current stacks. A partial outcome — execute the lower-harm subset of a requested action — captures behaviors that today are buried in cost-function tuning.

Compliance Mapping

The primitive maps directly onto the major regulatory and standards frameworks. Against NHTSA AV STEP, the declared ordering and the per-decision deviation events supply the transparency the program requests, in a form that survives incident-driven scrutiny rather than accreting to it. Against RSS, the harm ordering encodes the safety-distance and response-time properties RSS requires, while the deviation record makes RSS conformance a verifiable per-event property rather than a statistical aggregate. Against UN R157 ALKS, each named scenario maps to a specific decision class within the ordering, and per-decision records demonstrate scenario conformance directly.

Against the German Ethics Commission's twenty rules — particularly the prohibition on personal-feature discrimination and the aggregate-harm-minimization rule — the policy-signed ordering becomes the artifact under which conformance is asserted. A regulator can read the ordering and verify that no protected attribute appears as a priority criterion; an operator can demonstrate, across millions of decisions, that the active ordering was the one signed by the appropriate authority. Against ISO 21448 (Safety of the Intended Functionality, SOTIF) and ISO 26262 (functional safety), the harm-ordering object provides the explicit hazard-prioritization layer those standards require but do not architecturally specify.

Jurisdictional pluralism resolves naturally: the same vehicle, crossing a regulatory boundary, loads the ordering signed by the receiving jurisdiction's authority, and the transition is itself a credentialed event. There is no global compromise and no codebase fork.

Adoption Pathway

Adoption begins where the regulatory pressure is sharpest: in the operator's primary deployment jurisdiction, on the harm-classification axis the local regulator is most likely to interrogate. For a U.S. robotaxi operator, this typically means vulnerable-road-user prioritization under the NHTSA Standing General Order regime; for an EU operator, ALKS-named scenarios under R157; for a Chinese operator, the harm-minimization clauses of the GB/T autonomous-vehicle standard series. Initial deployment surfaces the active ordering as a signed artifact, instruments tension scenarios with structural decision records, and replaces planner-trace reconstruction with credentialed evidence.

The second adoption step extends the ordering to cover the operator's full deployment surface and adds the deviation-credential infrastructure that lets the architecture record fallback behavior under sensor degradation, edge-case detection, or operator-commanded mode change. The third step generalizes to cross-jurisdictional operation: the ordering is signed by the receiving jurisdiction's authority on entry, and the architecture's transition record satisfies the cross-border auditability that current stacks cannot meet.

The cumulative effect is that the operator's harm-minimization posture becomes a regulatory asset rather than a regulatory liability. Incident review becomes a verification exercise against declared orderings; jurisdictional expansion becomes an ordering-signature engagement rather than a software fork; ethical scrutiny becomes a question about which ordering is authorized rather than about which behavior emerged. The hard ethical questions remain — they belong to the policy-signers, not to the autonomy stack — but the architecture stops obscuring where they live.