Safety Innovation - Zucs
Safety Innovation - Zucs
Safety Innovation - Zucs
INNOVATION
AT ZOOX
We believe that just as the combustion engine took society from the age of the horse
and carriage to the automobile, autonomous mobility technology will take us to the next
era in transportation.
Our vision is to connect people and places in wonderful ways, while at the same time
improving public safety and reducing harmful greenhouse gas emissions. Our goal is to
imagine this future and build it today, for a safer and more sustainable tomorrow.
This report will provide the reader with a better understanding of how autonomous
vehicle technology works, and specifically, how Zoox strives to set the bar for safety
in autonomous mobility. We appreciate the opportunity to share the safety foundation
we are building now, as we prepare to deploy autonomous vehicles for the public.
Innovating ways to keep people safe is fundamental to who we are at Zoox. We are on
a mission every day to invent and improve how people safely arrive at their destinations.
In this document, we outline the safety foundation that is built into everything we do
at Zoox: from testing and validation, to our vehicle design and autonomous software
stack, and eventually, a mobility service.
Today, Zoox is testing its software on conventional vehicles with safety operators on
public roads across the San Francisco Bay Area, and this is just our beginning. This is
Version 1.0 - it’s the first report in a series that will communicate the Zoox plan to set
the bar for safety in autonomous mobility. Future versions of this report will provide
further details of our approach and specific safety innovations as we deploy our fully
autonomous mobility service in the coming years.
37,133 42 96%
lives lost in car crashes in 2017 hours lost per commuter amount of time cars sit unused
in traffic per year
94% 53 1,113
crashes attributed to human error million adults with disabilities million tons of greenhouse gasses
in 2015 emitted by passenger vehicles
in 2016
CONTENTS
01 04
ZOOX OVERVIEW / PAGE 6 HOW ZOOX VEHICLES WILL
INTERACT SAFELY WITH THE PUBLIC / PAGE 24
History
Law Enforcement Engagement
Approach
Accessibility
Safety Philosophy
02 05
HOW AUTONOMOUS DRIVING TECHNOLOGY WORKS CONCLUSION / PAGE 26
/ PAGE 10
03 06
WHAT MAKES ZOOX VEHICLES SAFE / PAGE 15 APPENDIX / PAGE 27
Vehicle Architecture
Data Security
01. OVERVIEW
History
Approach
Safety Philosophy
HISTORY
e world is on the cusp of a new mobility age
APPROACH
Our vehicle platform integrates multiple types of sensors with enough redundancy that
driving can continue safely if any single component fails. This platform and approach
allow for safety and quality of service enhancements that surpass conventional car
designs, including those modified for autonomy.
Our full stack software, which is being developed entirely by in-house experts, includes
all relevant components of autonomous mobility technology, spanning perception,
prediction, planning, control, localization, and mapping.
In addition to developing each component, we will manage the delivery of the entire
autonomous mobility service. This will allow us to retain control of fleet safety through
our remote operations, operational design domain (ODD), and cybersecurity initiatives.
SAFETY PHILOSOPHY
For the past century, automotive safety has been fundamentally reactive.
Safety efforts have focused on after-the-fact measures intended to limit the
damage caused by crashes. The number of deaths and injuries that still occur
on our roads every day shows that this reactive approach to safety falls far
short in protecting the public.
Zoox has software, hardware, and vehicle engineers working together under one roof to build an
autonomous vehicle from the ground up. This integrated approach allows us to develop state-of-the-art
strategies for our vehicles to safely drive and interact with the public and other road users. Our engineers
address these questions:
Zoox is building a fully integrated autonomous mobility system to address these questions, and
we have made great strides since we started in 2014.
Our system allows Zoox to deliver a mobility experience with safety incorporated by design into
every aspect of our service.
Building a fully autonomous vehicle requires a significantly more robust suite of sensors than cars
with advanced driver assist features have today. There are no shortcuts to building a best-in-class,
next-generation sensor suite for our vehicles.
No sensor by itself is perfect. That’s why our sensor suite includes multiple cameras, lidar (Light
Detection and Ranging), radar (Radio Detection and Ranging), and proprietary sensors. Because
Zoox is building a vehicle from the ground up, we have optimally placed our sensors in a symmetric
configuration to form a real-time, 360-degree view of our vehicle’s surroundings. This provides
increased detection of other road users and objects near and far, and in all directions.
Our sensor suite is designed and tested for safe, reliable operations and provides redundant
coverage, should any individual sensor fail.
Our autonomous software takes the sensors’ data and seamlessly processes the information.
This allows our vehicles to deal with many scenarios that are challenging to human operators,
including adverse weather, construction zones, and the navigation of crowded city streets.
Cameras
Our cameras cover varying and overlapping fields of view and ranges. These
cameras produce reliable video images that help our vehicles identify objects.
The high resolution and color perception of camera images make them well-suited
for machine learning algorithms that classify objects by category, which is helpful
for prediction and planning. They also excel at detecting small or far-away objects
and are the only sensor that can perceive the state of traffic lights.
Other Sensors
We have additional sensors on our vehicles to more reliably and effectively
understand our vehicles’ surroundings. By using a range of visual and auditory
sensors, our redundant sensor systems enable our vehicles to drive safely.
Our autonomous vehicles are enabled by a seamless interaction between our physical sensor suite
and our sophisticated autonomous software.
Through cutting-edge software, our vehicles perceive their surroundings and can predict the likely
behavior of other road users, including vehicles, pedestrians, and cyclists. Using this information, our
vehicles plan and drive their paths. Underlying this software is a localization functionality, which
allows the vehicle to know precisely where it is at all times.
PERCEPTION PLANNING
Our vehicles can see their surroundings through Our planning methodology uses our software’s
computer vision technologies. They take the images perception and prediction of what other road objects
and data from sensors to detect, track, and avoid all will do to plan a path for our vehicle. This enables our
objects, such as other vehicles, traffic lights, cyclists, vehicles to drive where they need to go. Our software
motorcyclists, and pedestrians. Our state-of-the-art is constantly evaluating the vehicle’s surroundings
technology uses deep-learning methods to segment and predictions of other road objects’ paths to plan
and classify objects from our sensor data. its driving actions.
PREDICTION LOCALIZATION
Zoox vehicles predict the future actions of dynamic Our vehicles know where they are located at all times
road objects, such as other cars, pedestrians, and with centimeter-level localization software (i.e., we
cyclists, by using a complex software framework that can know our vehicle’s location down to a centimeter)
integrates the following: based on inertial sensors, lidars and cameras, GPS,
and our proprietary mapping data.
Domain-specific rules: Our software takes
the context of the situation into account MAPPING
(e.g. a car’s direction). High-fidelity maps are crucial for enabling autonomous
vehicles to know exactly where they are. We are
Physics-based modeling: The software developing our own mapping technology as well as
anticipates where a dynamic object will be, the maps themselves, which guarantees a high level
given its anticipated speed and acceleration of resolution and quality.
(e.g. a car’s direction and speed).
Since we manage our entire fleet, we can continuously
Data-driven machine-learned behavior modeling: update the maps on all of our vehicles as cities evolve
Our vehicles interpret human behavior and and grow.
use this information to anticipate the actions
of dynamic objects (e.g. a car is veering in a
certain direction).
Zoox uses a fleet of test vehicles to test and validate test tracks, and public roads to validate our vehicle’s
our core autonomous mobility technology. safety design.
Our testing fleet includes Toyota Highlanders and Our engineering teams use our vehicles as tools to test
Prius C’s, which are road-ready and meeting all and validate our sensor suite and autonomous driving
applicable Federal Motor Vehicle Safety Standards software, to continuously improve our technology.
(FMVSS). We retrofit these vehicles with our sensor
suite and compute hardware. Zoox has a California This tight feedback loop with real-world experience
DMV permit to test these vehicles on public roads. is crucial to the development of a safe autonomous
driving system.
Our experienced vehicle testing team performs daily
drives around the San Francisco Bay Area. Our current Today, our system can drive autonomously in a range of
safety protocols dictate that at least two operators conditions, from suburbs, to freeways at higher speeds,
must be in the vehicle at all times. We test in various and dense urban environments.
weather and road conditions on private roads,
Our vehicle operators undergo a thorough and rigorous Beyond that, our full training includes:
safety training program.
Driving School – Our vehicle operators go back
Each of our vehicle operators is carefully selected to driving school to re-learn driving fundamentals:
through a detailed screening process, which includes from the physics of driving to the effects of fatigue.
a thorough background check, interview, and
driving exam. Safety Training – Our vehicle operators are trained
in first aid and fire safety.
Our vehicle operators receive over 150 hours of training
before we certify them to drive autonomously, and we Incident Response Training – Our vehicle operators
continue to provide additional training on a regular basis. learn how to manage potential risky incidents they
We have included our Vehicle Operator Safety Training may encounter while testing our vehicles.
Curriculum in the appendix.
Software Operations Training – Our vehicle
Our safety culture starts by sharing some key values operators are trained on our autonomous mobility
with our operators, which include: software to ensure proper testing and validation.
— Initiate a vehicle disengagement any time Autonomous Driving – Our vehicle operators learn
a potential safety risk is perceived. how to engage with our vehicles by training on
— Keep vigilant watch on the road (including private roads and tracks.
a ban on mobile devices while operating).
— Escalate any potential concerns observed Public Road Testing - After our vehicle operators
in real-world testing. master autonomous vehicle fundamentals, they
begin driving in autonomous mode on public roads.
SAFETY INNOVATION AT ZOOX 17
03 / WHAT MAKES ZOOX VEHICLES SAFE
Safety goes beyond the development and testing of our vehicle by ensuring that our
vehicles operate safely in a precise operational design domain (ODD). This sets out
the conditions and constraints in which our vehicles are designed and validated to
operate safely.
Our ODD is designed to ensure our vehicles are prepared to navigate roadways,
comply with local traffic laws and regulations, maintain safe speed ranges, and
navigate environmental conditions (e.g. weather and time of day).
Once we deploy our fleet of vehicles into service, we will continue to use the ODD
to provide clear driving parameters for our vehicles. Zoox’s ODD will expand to include
more locations and conditions as we continue to gather data validating that we can
drive safely in more areas and situations.
Since Zoox will manage its own fleet, we will know the condition and status of all of
our vehicles. If needed, we will be able to adjust the ODD across the entire fleet to
ensure safe operations.
When our fully autonomous vehicles are on the road, Here is an example:
they may encounter an unknown situation and not be
sure how to maneuver in a way they have not been taught
(e.g. negotiating an intersection with a traffic light out
and a police officer directing traffic). If this happens,
the vehicle will signal a remote Zoox operator to assist
and guide the vehicle safely and efficiently until normal
conditions resume.
The cybersecurity of our vehicles is a very serious concern, and we are always vigilant
for potential threats - and solutions. Zoox has a dedicated team that oversees and
continually tests our security infrastructure and strategy to ensure that we are making
full use of the latest security technology.
Cybersecurity Architecture
We incorporate cybersecurity into our architecture by design.
Zoox vehicles are not connected to and cannot be accessed from
the Internet. Instead, they send and receive data exclusively on a
dedicated and encrypted mobile network. All software updates are
pulled via a local repository; no external entity can initiate contact
with the vehicle’s autonomous mobility software or directly control
the vehicle’s driving capabilities.
Functional Security
Another advantage of developing our vehicles from the ground up
is that we have designed them to have no physical access points
or ports to our network or hand controls - preventing anyone
inside or outside the vehicle from hacking into our vehicles.
Since Zoox manages all aspects of our fleet, no outside entity can
take ownership of a Zoox vehicle to reverse engineer our security
software. We know where our vehicles are and will be able to
regularly test and diagnose our vehicles for any security threats.
VEHICLE ARCHITECTURE
The full realization of autonomous mobility will Here are some vehicle innovation areas:
dramatically change how vehicles look, feel, and drive.
Given this historic opportunity, we are revolutionizing Our fundamentally redesigned vehicle platform
vehicle safety from the ground up. includes bidirectional driving and four-wheel
steering. This provides our vehicles with
Our next generation all-electric vehicle will be built from innovative ways to navigate city driving safely.
scratch with innovative designs and safety principles
incorporated throughout the design and manufacturing Our electric powertrain enables our vehicles
production process. to drive more precisely and safely in the areas
where we operate.
Setting the bar for safety in autonomous mobility
means that where possible, our vehicle design will We have reimagined cabin safety features to
exceed many existing safety standards. better protect all passengers in the unlikely
event of a collision.
Our vehicles are designed to operate safely even if any Here’s how we are using redundancies
single system were to fail, because we have designed for safety:
fault tolerant redundancies throughout. We started by
incorporating best practices of systems engineering Our innovative steering system and bidirectional
and functional safety from aviation, automotive, and driving platform gives our vehicle primary and
industrial applications into our system. backup steering systems.
We have a specialized ‘System Design and Mission Our braking system features multiple technologies
Assurance’ (SDMA) team, whose mission is to analyze, to ensure we have backup functionality whenever
design, and implement functional safety into our needed.
system. SDMA focuses its energy and resources into
searching for points where failures may occur. With Our battery and powertrain are designed to avoid
that knowledge, Zoox determines ways to safely a single point of failure that could leave our
mitigate these risks, and we build in appropriate passengers and vehicle without power.
redundancies to increase system safety.
As we prepare to deploy our technology safely for the public, we appreciate the
opportunities to collaborate and share knowledge with regulators at the federal,
state, and local level as they devise effective safety policies.
DATA SECURITY
We store data on our vehicles securely. It is also backed up at our operations centers.
In addition, we know how important personal data security is. We will maintain the
public’s trust by keeping customers personal data secure and in compliance with
industry and regulatory standards. We are also committed to being transparent
with our customers about privacy and our use of their data.
We are collaborating with law enforcement and first We are developing an integrated engagement program
responders to increase public safety as we build our for law enforcement and first responders to become
autonomous electric vehicle fleet. informed about autonomous technology and our
vehicles. We will offer a range of training materials
These dedicated safety professionals are aware of and services:
the consequential changes that autonomous mobility
technology will soon bring to transportation. It is vital Immersive educational information provided
that they are well informed about how these new in-person and online to train first responders how
technologies function and how to effectively interact to safely interact with our autonomous vehicles.
with these vehicles.
Operational training exercises simulating realistic
To address these important safety opportunities, scenarios to train on best practices.
Zoox continually interacts with law enforcement
professionals and first responders. We engage diverse Vehicle disengagement guide which will provide
groups of local officials to learn what features are most first responders with a quick reference on how
helpful for them to interact with our technology - and to interact with our vehicles.
how to correct for the most common and dangerous
human errors they see in their daily work. Their insights Ongoing interactions to ensure information and
and experience are informing our design of a more training are continually enhanced.
robust autonomous mobility system.
ACCESSIBILITY
05. CONCLUSION
We believe that our autonomous mobility technology can fundamentally improve city
living by increasing road safety, providing mobility solutions for people, and reducing
carbon emissions.
Please learn more about our efforts to build a safe autonomous mobility system
at zoox.com .
06. APPENDIX
NHTSA’s Automated Driving Systems 2.0 Safety Design Elements
Vehicle Operator Safety Driving Curriculum
In the Safety Innovation at Zoox report, we have addressed the 12 Safety Design
Elements included in NHTSA’s “Automated Driving Systems 2.0: A Vision for Safety”
with the location of each identified on the following list.
1. Vehicle Overview - The vehicle inspection module 4. Incident Response Procedures - The emergency
will cover basic OEM operation, exterior inspection module will review contingency plans in the event
of hardware (OEM and proprietary), inspection of of an incident. We will cover minor to major incident
interior controls, actuation and validation of Zoox’s protocol, response, emergency and management
systems, including the sign-off process. contacts.
a. OEM equipment overview - Standard vehicle a. Injury vs. No injury
controls, actuation and test b. Insurance card and coverage
b. Zoox proprietary vehicle system controls, c. Notifying management and key contact
actuation and test information
c. Vehicle alerts - Audible, visual, and haptic
d. Equipment Checklist - Inspection process, 5. Behind the Wheel: Driving - This module is a practical
sign-off and “clear to operate” evaluation of driving skill, attention to pedestrians,
traffic and rules of the road. It will then progress to
2. State of California: Rules of the Road - This module hands-on training on the use of Zoox’s proprietary
reviews California traffic and street regulations. systems and contingency use.
It will focus additionally on pedestrian and cyclist a. Manual driving
awareness, and proactive vs. reactive driving. This — Vehicle physics
module will also cover the CA DMV Autonomous — Understeer/Oversteer
vehicle regulation, protocols and acknowledgement. — Braking capability/ABS
a. California Driver Handbook — High speed lane change
b. Speed limits — Awareness, fatigue
c. Pedestrian and cyclist right of way b. Autonomous Driving
d. Defensive driving practical — Engaging/Disengaging autonomous mode
e. Autonomous vehicle DMV regulations — When to take over manual control
— Roles and responsibilities/Communication
3. Autonomous Driving System Technology: Vehicle
systems - This module covers Zoox proprietary c. Field reporting
systems in detail.
6. Vehicle Test Plan
a. Operational Design Domain a. Test plan overview
b. Software b. Checking in a vehicle - Autonomous system
c. Operator guidelines shutdown, Chocking tires, Post-drive inspection
d. Cutoff/manual control take-over c. CA DMV Reporting Requirements
e. Data logging
f. Autonomous capabilities and limitations