Resolution

Requirements for future EDR systems for conventional vehicles[1]

On an international level, the existing standard CFR 49 Part 563[2] can initially serve as a basis. However, at least the following supplements or amendments should be included to achieve an improvement of road safety through more precise accident research. Furthermore, these are used for the duty of product observation and legal security. According to the present version of the General Safety Regulations (GSR), data analysis is not possible. However, the following information is necessary for road safety. The DVR therefore demands:

1. Storage of longitudinal and lateral accelerations over a period of 5 seconds before and, if technically possible, 5 seconds after the event which triggers the recording of driving data. Storage of the data from the steering angle sensor if the vehicle is thus equipped, over a period of 5 seconds before the event.

2. Storage of interventions[3] by driver assistance systems if the vehicle is equipped with these, over a period of 5 seconds before and, if technically possible, 5 seconds after the event which triggers recording.

3. Triggering of a data record which can be overwritten (“non-deployment event”), for example by an intelligent acceleration analysis (jolt detection) to increase the probability of detection of relatively slight impacts with vulnerable road users, if this is technically possible.

4. Storage space for at least 6 instead of the present 3 events (of which one storage area is reserved for the last “non-deployment event”. Otherwise, “non-deployment events” can be overwritten by “deployment events” as was previously the case).

5. Ability to read out the stored data via a standardised vehicle interface (e.g. OBD[4]-2 interface); information about how the data can be retrieved and interpreted must be made available to authorised persons in a standardised format (e.g. ISO 22901).

6. It must be sustainably ensured that the EDR functions correctly, and this must be verifiable in the context of general inspections. Appropriate testing methods must be developed for this.

Additional requirements for EDR systems for automated vehicles[5]

1. Storage of further data records which are relevant for future functions of the driving action (e.g. C-ITS signals[6]) as well as images and object data. The necessary regulatory framework conditions must be created for this, e.g. on the basis of SAE J3197.
2. Accidents involving vulnerable road users must be detected as reliably as possible.
3. Manual triggering of a data record which can be overwritten (manually triggered event) should be possible.
4. The function of the EDR must also be sustainably ensured with regard to future driving functions and must be verifiable in the context of general inspections. Appropriate testing methods must be developed for this.
5. The open issues with regard to data storage as stated in the last section must be clarified.

Positions for the design of a Data Storage System for Automated Driving (DSSAD) for vehicle categories M1 and N1

On the international level, the technical requirements for the Data Storage System for Automated Driving (DSSAD) are developed by the UNECE Working Group EDR/DSSAD under WP.29 in association with the amendment to the new ALKS regulation (Automated Lane Keeping Systems according to SAE Level 3).

The UN regulation will soon be finalised. The technical requirements for the DSSAD are primarily limited to the events which trigger storing as well as the data elements to be stored. Here it must be taken into account that the requirement for a DSSAD is only stipulated for the highly automated driving function “lane keeping system” up to 60 km/h. Some of the provisions are explicitly subject to regional or national legislation and remain unaffected by the future UN regulation.

1. The interests of accident research must be taken into account in the design of future national or European DSSAD regulations.

2. Legal security for the use of data for accident analysis and research must be ensured.

Open issues to be clarified for EDR systems for conventional vehicles, EDR systems for automated vehicles and DSSAD:

In order to enable effective accident analysis and research, the DVR demands that the following points are clarified as a matter of urgency in the further considerations of the topics EDR and DSSAD:

1. Access to the data via a standardised vehicle interface (e.g. OBD / OTA[7]) and a tamper-proof storage location.

2. Requirements for data protection and privacy (e.g. in association with change of owner).

3. Availability of data, its legal legitimation and the read-out process.

4. Checking of the function of DSSAD, EDR systems for conventional vehicles and EDR systems for automated vehicles.

5. Transfer of data for research purposes in compliance with data protection regulations.

Explanation

In 2014 the DVR passed a resolution for the implementation of an accident data recorder (EDR = Event Data Recorder). The central recommendation is:

In the interests of improved accident research, accident clarification and accident analysis, the DVR recommends the voluntary installation of EDR in vehicles. This is understood as an accident data recorder which stores the data from a few seconds prior to and subsequent to an accident. 

According to the General Safety Regulations (GSR)[8] which came into effect on 5 January 2020, equipment with an Event Data Recorder (EDR) will become mandatory for new passenger vehicles, vans, heavy commercial vehicles and buses in the European Union[9]. Among other things, use of an EDR serves for clarification of the causes of accidents as well as for accident research and prevention. In addition, with increasing automation Level 3 and above (automated mode)[10] the question of liability for accidents or traffic violations will gain in importance. In future it will need to be clarified whether the driving task was performed by the driver or the automated driving function at a particular time. Implementation of a Data Storage System for Automated Driving (DSSAD) which stores individual data records for defined events contributes both to the legal determination of liability as well as to the rapid remedy of possible malfunctions of the vehicle technology.

With Art. 63A StVG (German Road Traffic Act)[11] the German legislator specified the basis for data storage from a Data Storage System for Automated Driving (DSSAS). Due to the urgency for uniform global regulations for automated and autonomous driving, in 2019 representatives of the UNECE WP.29 produced a framework document with the title “Framework document on automated/autonomous vehicles”[12]. Among other things, for the development of future UNECE regulations relating to automated and autonomous driving, the topics “Event Data Recorder (EDR) and Data Storage System for Automated Driving Vehicles (DSSAD)” were specified for consideration. The remit of the EDR/DSSAD Working Group is the definition of technical requirements as the prerequisite content for corresponding UN regulations for

• EDR systems for conventional vehicles (Level 0 – 2)
• EDR systems for automated vehicles (Level 3 and above)
• DSSAD for automated vehicles (Level 3 and above)

The three aforementioned storage systems serve for the determination of responsibility and liability in case of accidents and traffic offences. This is also relevant from the point of view of road safety. The purpose of the DSSAD is primarily to determine whether the driver or the driving function of the vehicle was in control.

The DVR states its opinion with regard to this.

Data storage and road safety

Results of road accident research are an important element for the improvement of vehicle and traffic safety. The greater the precision of the general accident data[13], the more thoroughly analyses can be performed with the objective of presenting proposals for the improvement of vehicle technology, the conduct of road users or traffic infrastructure. In the case of vehicles with automated driving functions, the results of accident research gain further importance if it is found that these functions do not record and control the driving situation correctly or optimally, or even contribute to the cause of accidents.

A robust accident data recorder/Event Data Recorder (EDR) installed in the vehicle, can record the data immediately before and after an accident, which are necessary for accident analysis. The DVR also expresses its opinion regarding the procedure which is necessary for this.

Positions for the design of an Event Data Recorder (EDR) for vehicle categories M1 and N1

Regulation (EU) 2019/2144 stipulates that as of July 2022 event-related data recording will initially be mandatory for vehicle classes M1 and N1[14]. At present, the technical requirements for EDR are also being developed at an international level in the EDR/DSSAD Working Group of WP.29. Due to the short time frame for finalisation, the requirements of the US standard for EDR of 2011 (US 49 CFR 563) have initially been adopted in the basic document. The data elements which are required there fall short of the specifications of Regulation (EU) 2019/2144[15].

In order to achieve a just reconciliation of interests - improvement of road safety and legal security through improved accident analysis, clarification and research - the DVR is presently campaigning at an international level for a two-stage introduction of EDR. In view of the fact that as early as 2022, new vehicles will need to meet the regulations which are being discussed at present, not all of the requirements which are demanded from the point of view of road safety will be able to be implemented in the time which remains. The stated requirements for EDR systems for conventional vehicles therefore present the expectations to be fulfilled in the medium term. Additional requirements will be made for all automated vehicles.

Signed
Dr. Johann Gwehenberger
Deputy Chairman of the Executive Committee Vehicle Technology

[1] This relates to Level 0 – 2 (SAE) vehicles. Level 0 = no automation, Level 1 = assistance systems which assist longitudinal or lateral control, Level 2 (partial automation) = one or more driver assistance systems which simultaneously assist longitudinal or lateral control.

[2] Code of Federal Regulations; Title 49 – Transportation; Volume: 6 Date: 2019-10-01Original Date: 2019-10-01Title: PART 563 - EVENT DATA RECORDERS Context: Title 49 - Transportation. Subtitle B - Other Regulations Relating to Transportation (Continued). CHAPTER V - NATIONAL HIGHWAY TRAFFIC SAFETY ADMINISTRATION, DEPARTMENT OF TRANSPORTATION. 

[3] Interventions are understood to be the operating state and degree of activation in the period to be stored.

[4] On Board Diagnosis

[5] This relates to vehicles of Level 3 and above (SAE). Level 3 = conditional automation with the expectation that the driver can intervene at all times, Level 4 = high automation during which the driver does not need to intervene, Level 5 = full automation, in which the system performs all aspects of the driving task under all roadway and environmental conditions that can be managed by a human driver.

[6] Co-operative Intelligent Transport Systems

[7] Automotive Over-The-Air

[8] Regulation (EU) 2019/2144 of the European Parliament and of the Council of 27 November 2019 on type-approval requirements for motor vehicles and their trailers, and systems, components and separate technical units intended for such vehicles, as regards their general safety and the protection of vehicle occupants and vulnerable road users.

[9] Date of introduction for M1, N1: 6 July 2022 for new vehicle models, 7 July 2024 for new registrations. This statement only relates to class M1 and N1 vehicles.

[10] With the standard J3016, the SAE (Society of Automotive Engineers) classifies six levels of automation for vehicles which are equipped with systems for automated driving. These range from Level 0 (no automation) to Level 5 (full automation). Level 3 describes conditional automation, where the driver must always be able to respond appropriately to a request to intervene.

[11] (1) Motor vehicles according to Art. 1a store the position and time details determined by a satellite navigation system if control of the vehicle changes from the driver of the vehicle to a highly automated or fully automated system. 2 Such storage is also performed if the system requires the driver of the vehicle to take over control of the vehicle, or if a technical malfunction of the system occurs.

(2) According to German federal state law, the data stored according to Paragraph 1 may be communicated to the competent authorities on demand for the prosecution of traffic offences. 2 The communicated data may be saved and utilised by the latter. 3 The scope of data communication is to be reduced to the extent which is necessary for the purpose of determination according to Paragraph 1 in association with which the investigation procedure is initiated by this authority. 4 This does not prejudice the general regulations for the processing of personal data.

(3) The owner of the vehicle must allow communication of the data recorded according to Paragraph 1 to third parties, if

1. the data is necessary for the assertion, settlement or defence of legal claims in association with an event which is regulated by Art. 7 (1), and
2. the corresponding motor vehicle with an automated driving function was involved in this event. 2, paragraph 2 (3) applies accordingly.

(4) The data which is stored according to Paragraph 1 must be deleted after six months unless the vehicle was involved in an event regulated by Art. 7 (1); in this case the data must be deleted after three years.

(5) In association with an event regulated by Art. 7 (1), the data which is recorded in accordance with Paragraph 1 can be communicated to third parties in an anonymised form for the purposes of accident research.

[12] See UNECE Inland Transport Committee WP.29: 180th session, Geneva 10-12 March 2020, Document: ECE/TRANS/WP.29/2019/34/Rev.2

[13] Accident data includes EDR data, statements by witnesses as well as investigations at the site of the accident.

[14] Class M1 for motor vehicles which are designed and constructed for the transport of passengers with a maximum of eight seats excluding the driver’s seat. 
Class N1 for motor vehicles which are designed for the transportation of goods, with a maximum total weight of up to 3.5 tons. 

[15] See also: VERONICA – II; Vehicle Event Recording based on Intelligent Crash Assessment; Final Report; EUROPEAN COMMISSION DIRECTORATE-GENERAL FOR ENERGY AND TRANSPORT; 06-10-09