The developments in sensor technology and computer technology permit the largely autonomous control of a technical system or of a vehicle that autonomously controls its destination.
The classification of autonomous driving is organized into six levels:                Level 0: “Driver only,” the driver himself drives, steers, accelerates, brakes, etc.        Level 1: Designated assistance systems help with vehicle operation (including ACC).        Level 2: Partial automation. Among others, automatic parking, lane-keeping function, general longitudinal guidance, acceleration, braking etc, are taken over by the assistance system (such as traffic jam assistance).        Level 3: High-level automation. The driver does not have to monitor the system continuously. The vehicle conducts independent functions such as triggering turn indicators, lane changes and lane tracking. The driver can attend to other things, but is required to take over driving from the system within a preliminary warning period, as needed. This form of autonomy is technically feasible on highways. The legislature is working towards permitting Level 3 vehicles. There is talk of a time frame by 2020.        Level 4: Full automation. The guidance of the vehicle is continuously taken over by the system. If the driving tasks are no longer managed by the system, the driver may be required to take over the driving.        Level 5: Full autonomy of the vehicle. The vehicle is provided without a steering wheel, the vehicle can move around without a driver.        
Level 2 has been currently realized in vehicles available on the market. At Level 2, the driver is required to continually monitor the proper functioning of the computer system and to intervene immediately in the event of a fault. At the higher automation levels, the computer system must be designed to be error tolerant in order guarantee the safety of the vehicle even in the event of an error in the computer system.
In the ISO 26262 standard, an electronic system (hardware plus software) in a vehicle must be assigned to one of four integrity levels (Level ASIL A to ASIL D), wherein the Level ASIL D represents the highest level of integrity. The integrity of electronic systems for fully automated vehicle operation (Level 4 and Level 5) must conform to ASIL D, Whereas the probability for an occurrence of a dangerous error having serious implications for the safety of a vehicle at Level ASIL B must be less than 10−6 per hour (d.s. 103 FIT) this probability at ASIL D must be less than 10−8 per hour (d.s. 10 FIT).
The cause for the occurrence of a failure of an electronic system may be an error due to hardware aging (physical fault) or a design error (design fault).
An aging error is present if an assembly that was fully functional at the beginning of its useful life fails because of aging processes of the hardware. For state of the art automotive chips, the permanent error rate for errors due to aging is <100 FIT. By using active redundancy (TMR or self-checking components), the required error rate for ASIL D (less than 10 FIT) can be achieved in the hardware.
Design errors may be present in the hardware or in the software. The consequences of hardware design errors can be mastered using the active redundancy of diverse hardware.
Measures that result in a reduction in the probability of the presence of an undetected design error in the software are a systematic design process, verification and validation, primarily by comprehensive testing. A significant cause for the occurrence of design errors in the software is the complexity of the software. According to the state of the art, it is possible to so thoroughly validate a complex software system that the required error rate for ASIL B can be achieved, but not that of ASIL D.