Join our free webinar with Juniper Systems - March 25th, 9am PT - and learn how easy it is to get an RTK fix. Join our free webinar March 25th @ 9am PT. Register.
Point One Nav White Logo
Contact Sales
Try for Free

SOTIF

SOTIF (Safety of the Intended Functionality) is a safety engineering concept and standard, formalized in ISO 21448, that addresses hazards arising from functional insufficiencies or limitations in system design rather than from component failures or malfunctions. SOTIF complements traditional functional safety (ISO 26262) by recognizing that systems can behave exactly as designed yet still create unsafe situations due to inherent limitations in sensing, perception, decision-making, or control algorithms.

The SOTIF concept is particularly relevant for Advanced Driver Assistance Systems (ADAS) and autonomous vehicles, where complex sensor fusion and machine learning systems must interpret diverse real-world situations that may not have been fully anticipated during development. A correctly functioning camera may misinterpret road markings in unusual lighting; a properly operating radar may not detect certain obstacles; a correctly implemented positioning system may provide degraded accuracy in specific environments. These are SOTIF concerns, hazards from intended functionality limitations rather than random hardware failures.

SOTIF analysis involves systematically identifying scenarios where functional insufficiencies could lead to hazardous outcomes, evaluating whether these scenarios are known (identified during development) or unknown (not yet discovered), and implementing verification strategies to uncover unknown unsafe scenarios. For GNSS positioning systems, SOTIF analysis might examine: urban canyon multipath degradation, ionospheric storm effects, correction service outages, and other conditions where positioning performance degrades within normal system operation.

Addressing SOTIF requires extensive testing and validation to discover and characterize system limitations. Statistical arguments demonstrate that residual risk from unknown scenarios is acceptably low. Operational design domains (ODD) define the conditions under which systems are designed to operate safely. Runtime monitoring detects conditions outside the validated ODD. The SOTIF framework ensures that safety engineering extends beyond preventing failures to understanding and bounding the safe operating envelope of correctly functioning systems.