Regarding the operation of motor vehicles, automated driving processes are increasingly coming to the fore, wherein in particular automated parking and/or unparking are being discussed, during which a driver does not necessarily have to be in the motor vehicle. In this case, it must be ensured that the motor vehicle can automatically pass into a safe state at all times, even in the event of a fault. In the event of an automated driving process, in this case the safe state is always defined as a standstill. This is preferably achieved by means of an automatic, hydraulic build-up of brake pressure, for example by means of an electronic braking force distribution system or an electrical or electronic brake booster, therefore by means of a service brake of the motor vehicle. An operating system of this type is also referred to below as a service brake unit and constitutes a first braking device of the motor vehicle. For the case in which said service brake unit is unable to build up a braking pressure because of a fault, and as a result to decelerate the motor vehicle to a standstill, a fallback level must be available, in particular in the form of a second, driver-independent brake unit.
In this case, it is typically provided that the fallback level is only activated if a component defect is actually detected in the first braking device. This means in particular that the first braking device downgrades itself, i.e. the presence of a fault must be actively detected and signaled to a higher-level control unit before the fallback level is activated. However, this requires—if it can be carried out at all with sufficient safety—a certain time in which the motor vehicle continues unbraked and can endanger other road users.
All faults that prevent a hydraulic build-up of brake pressure are recognized as critical. Furthermore, long fault detection times are critical, in particular if ambient conditions accelerate the motor vehicle further, for example on an upslope or a downslope.