Safety Domain Control Unit

Continental is adding a further safety level to highly automated driving in the form of a specific electronics architecture. In addition to a central control unit for automated driving – the Assisted & Automated Driving Control Unit – the technology company uses a Safety Domain Control Unit (SDCU) as a fallback path in order to stop the vehicle safely, even in the event of a functional failure in the primary automation path.

As such, Continental is systematically using the principle of redundancy and diverse design that has already proven itself in the aviation sector. There are one or more fallback paths for every central system and they are independent of each other. Since the SDCU also acts as the airbag control unit, its priority availability – including energy reserve and a crashproof installation location in the vehicle – is guaranteed.

With the additional fallback path of the SDCU, Continental ensures that the vehicle can still be brought to a safe stop if the main automation functionality fails. Conventional safety-relevant systems currently in use have been designed with fail-safe in mind. This means that if the system malfunctions, safety is maintained by identifying the fault and putting the faulty system out of operation. This approach is possible because the driver is still at hand as a fail-safe to brake and steer manually, for example, if required.

If, despite being requested, the driver does not take action, the car performs a minimum risk maneuver. This means that the vehicle automatically drives to the breakdown lane and stops there. If there is no breakdown lane or if it is blocked, it stops in the lane with the hazard lights on or it drives on, slowing down gently until it finds a suitable place, where it can stop safely.

Both the central control unit and the SDCU monitor each other continuously with regard to availability and functionality. If just one path is no longer capable of controlling the vehicle or perform the minimum risk maneuver safely, the other path initiates the safe stop in an emergency consistencies.

Source: Continental