ASIL
Understanding ASIL
When a 77 GHz radar sensor on an autonomous vehicle detects an obstacle and triggers emergency braking, the consequence of that sensor failing to detect the obstacle is potentially fatal. The ASIL classification system quantifies this risk and mandates the engineering rigor required to reduce it to an acceptable level.
ASIL Classification
ASIL is determined by a Hazard Analysis and Risk Assessment (HARA) that evaluates three factors:
- Severity: How serious is the harm if the system fails? (S0–S3, from no injury to life-threatening.)
- Exposure: How often is the system in a situation where failure matters? (E0–E4, from incredible to high probability.)
- Controllability: Can the driver or another system prevent harm after the failure? (C0–C3, from controllable to uncontrollable.)
The combination of S, E, and C values maps to an ASIL level. A forward-collision warning radar (S3, E4, C3) is typically ASIL D — the highest level.
Impact on RF Component Design
ASIL D requirements cascade to every component: the radar MMIC must have built-in self-test capability to detect internal failures, the antenna must maintain beam integrity despite manufacturing variation, and the signal processing algorithm must handle sensor degradation gracefully — all documented with formal safety analysis and independent verification.
Key Equations
Automotive Safety Integrity Level (ASIL) is the risk classification system defined in ISO 26262 (Road vehicles — Functional safety) that determines the rigor of hardware...
Key specifications:
77 GHz | 32.44 dB | 60 km | 99.999 % | 45 dB
Power: P(dBm) = 10log(PmW), 0dBm = 1mW
Comparison
| Aspect | ASIL Spec | Typical Range | Impact | Design Note |
|---|---|---|---|---|
| Primary function | The ASIL classification cascades from th... | Application-dep. | Critical | Verify in sim |
| Operating range | The ASIL classification system quantifie... | Application-dep. | Critical | Verify in sim |
| Performance | A forward-collision warning radar (S3, E... | Application-dep. | Critical | Verify in sim |
| Integration | See specification | Application-dep. | Critical | Verify in sim |
| Trade-off | See specification | Application-dep. | Critical | Verify in sim |
Frequently Asked Questions
What is the difference between ASIL and SIL?
SIL (Safety Integrity Level) is defined in IEC 61508 for industrial functional safety, with levels SIL 1–4. ASIL is the automotive-specific adaptation defined in ISO 26262, tailored to the unique characteristics of road vehicles. While conceptually similar, the two systems have different risk assessment methodologies, different quantitative failure rate targets, and different process requirements. ASIL D is roughly comparable to SIL 3 in terms of required hardware failure probability.
Does ASIL apply to 5G V2X communication modules?
Yes, when the V2X function contributes to a safety-related vehicle function. A V2X module used only for traffic information display is QM (non-safety). A V2X module used for cooperative collision avoidance — where the vehicle relies on V2X data to trigger emergency braking — may be classified ASIL B or C, depending on the availability of independent sensor verification. The ASIL classification drives the V2X module's hardware diagnostic coverage and software development process requirements.
What is ASIL decomposition?
ASIL decomposition allows a high-ASIL safety requirement to be allocated across two or more independent subsystems, each carrying a lower ASIL level. For example, an ASIL D forward-collision function can be decomposed into a radar sensor at ASIL B and a camera sensor at ASIL B, provided the two sensors are sufficiently independent. This reduces the development cost of each individual subsystem while maintaining the overall safety integrity through redundancy.