Three closely interlinked disciplines are at the heart of this: functional safety, redundancy architectures, and cybersecurity. They define whether autonomous systems are not only technically feasible, but also regulatory approvable and socially acceptable.

Functional safety: Predictable behavior instead of error-free operation

Functional safety does not aim to completely avoid errors. It ensures that systems react in a controlled, traceable, and low-risk manner even in the event of a fault. International standards form the binding framework for autonomous vehicles.

ISO 26262 defines requirements for the functional safety of electrical and electronic vehicle systems, while ISO/PAS 21448 (SOTIF) specifically addresses scenarios in which systems function correctly from a technical standpoint but could still make incorrect decisions due to external influences such as glare, fog, or incomplete environmental data. For highly and fully automated vehicles, UL 4600 supplements these requirements with systemic safety verification without a human fallback level.

NX NextMotion was designed at Arnold NextG from the outset to meet the highest safety requirements. The platform is developed for ASIL D and SIL 3 and forms a certifiable execution layer between decision-making software and physical vehicle movement. This means that functional safety is implemented not as an add-on, but as a fundamental architectural principle. As functional safety expert Dr. Thomas Schneider (AVL) aptly puts it: "At Level 4, you don’t develop to avoid errors. You develop to continue functioning despite errors."

Redundancy as a system principle: Fail-operational instead of fail-safe

Redundancy is the key lever for keeping autonomous systems operational even in the event of partial failure. In practice, this means not only duplicate components, but also consistently separate functional paths. At Arnold NextG, drive-by-wire systems are not only multiple, but also physically and logically decoupled. Multiple control paths, separate power supplies, and independent monitoring mechanisms prevent a single error from compromising the entire system. If one path fails, another takes over – without any loss of control.

This fail-operational behavior is essential for applications such as autonomous public transport shuttles without safety drivers, high-availability port logistics, or military convoys, where downtime or uncontrolled reactions pose significant risks. In such scenarios, NX NextMotion enables controlled continuation of the journey or safe arrival at defined stopping points – even under degraded conditions.

Cybersecurity: Security does not end with sensors and actuators

With the growing connectivity of autonomous vehicles, cybersecurity is becoming an integral part of system safety. A functionally safe system loses its effectiveness if control paths can be manipulated or software can be compromised over the air. These requirements are clearly defined by regulations. UNECE Regulations R155 and R156 mandate a holistic cybersecurity management system for new vehicle types, as well as the securing of software updates and over-the-air mechanisms. Vehicles must detect attack attempts, ensure software integrity, log events in an auditable manner, and clearly separate safety-critical functions from non-critical domains.

NX NextMotion implements these requirements on several levels: through segmented networks, secure boot mechanisms, encrypted communication protocols such as SAFE_CAN, and clearly defined security domains for steering, braking, and drive. Cybersecurity is thus not added downstream, but is part of the control architecture.

Certification as proof: Safety must be verifiable

In regulated markets, it is not enough to describe security concepts – they must be proven. Type approvals according to UNECE and ISO standards require complete documentation, systematic fault injection, simulation, laboratory validation, and testing in real operation. Methods and frameworks such as PEGASUS or ASAM OpenSCENARIO have been established to test scenarios in a standardized manner and make them comparable. NX NextMotion supports these processes through continuous logging of control pulses, state changes, and safety responses. This provides OEMs and system integrators with a robust basis for audits, approval, and the operation of safety-critical vehicle fleets.

Trust by design: Trust is created in the design

Trust in autonomous systems cannot be added retrospectively. It is built into the design – through redundant control paths, secure communication, certified software interfaces, and clearly defined behavior in the event of a fault. NX NextMotion follows precisely this approach: as a deterministic execution layer that does not make autonomous decisions, but implements them securely, traceably, and in compliance with standards. This makes autonomy manageable for operators, regulatory authorities, and end users – even without a human driver on board.

Conclusion: Safety is not a feature – it is the system.

Autonomous driving is not a competition for the best AI. It is a question of systems. Functional safety, redundancy, and cybersecurity form the cornerstones of trust, scalability, and the real-world deployment of autonomous vehicles. Arnold NextG addresses these requirements with NX NextMotion, a holistic motion platform that is fail-operational, certifiable, and designed for the safety-critical applications of today and tomorrow.

We control what moves!

More information: www.arnoldnextg.com