ISO 21448 SOTIF for Autonomous Driving

by Nick Clark | Published April 25, 2026 | PDF

ISO 21448 (SOTIF) addresses the safety of intended functionality — hazards arising from performance limitations of the intended function, not from system faults. SOTIF's structural requirements interact directly with governed actuation's reversibility-aware execution and operator-intent substrate.

SOTIF Frame

ISO 21448 addresses scenarios where the system functions as designed but the design itself produces hazardous behavior in unforeseen scenarios. The standard's structural challenge is that hazards arise from system-environment interaction rather than from bounded fault modes.

L3+ autonomous-driving certification increasingly cites SOTIF compliance as architecturally relevant.

Architecture Implications

SOTIF compliance requires structurally-supported scenario coverage analysis, residual-risk evaluation, and emerging-scenario classification. Implementation-level handling produces ongoing engineering cost.

Architectural reversibility classification, stage-gated commitment, and composite admissibility all produce SOTIF-supporting architectural evidence.

Architectural Mapping

Reversibility-aware execution maps to SOTIF's residual-risk classification. Stage-gated commitment maps to scenario-class admissibility. Operator-intent substrate maps to meaningful-human-control-class SOTIF requirements.

SOTIF Evolution

ISO 21448 enforcement maturation and emerging integration with ISO 26262 push toward structurally-supported architecture.

Nick Clark Invented by Nick Clark Founding Investors: Devin Wilkie