自动驾驶汽车法规制定与协调已经成为联合国世界车辆法规协调论坛（WP.29）的重点优先工作，受到各缔约方及相关政府、非政府组织的普遍关注。为系统推进自动驾驶相关法规的制定与协调，中国于2018年自动驾驶工作组（GRVA）成立之初，即提案建议制定联合国有关自动驾驶法规协调的规划性文件，确立自动驾驶法规制定的目标、原则和计划，得到相关各方的普遍支持并获得WP.29批准。

 2019年6月，在日内瓦举行的联合国WP.29第178次全体会议审议通过了中国、欧盟、日本和美国共同提出的《自动驾驶汽车框架文件》。会议同时决定由中国、德国、美国共同担任“自动驾驶汽车功能要求非正式工作组（FRAV IWG）”的联合主席。这是继中国担任自动驾驶工作组（GRVA）副主席后、在联合国自动驾驶法规协调中承担的又一重要职责。

《自动驾驶汽车框架文件》旨在确立L3及更高级别的自动驾驶汽车的安全性和相关原则，并为世界车辆法规协调论坛（WP.29）附属工作组提供工作指导。文件包含了自动驾驶汽车相关的工作准则、安全因素、以及世界车辆法规协调论坛（WP.29）就自动驾驶汽车法规制定与协调工作需要优先考虑的关键性、原则性等问题；此外，文件还确立了WP.29的工作重点，并明确了相关成果（交付物）、时间表和工作安排。

为使相关各方及时了解、掌握联合国法规协调趋势；为我国有序推进中国智能网联汽车标准体系及相关制度建设提供参考；促进自动驾驶汽车产业的创新发展和国际融合；汽标委智能网联汽车分标委（SAC/TC114/SC34）将《自动驾驶汽车框架文件》的内容进行翻译。以下为正文内容：

Submitted by the representatives of China, European Union, Japan and the United States of America

Informal document WP.29-178-10-Rev.2

178th WP.29, 25-28 June 2019

Agenda items 2.3 and 18

Proposal for amendments to ECE/TRANS/WP.29/2019/34

Framework document on automated/autonomous vehicles (levels 3 and higher)

关于修订ECE/TRANS/WP.29/2019/34的提案

（L3及更高级别）自动驾驶汽车框架文件

The text reproduced below was prepared by the representative of China, European Union, Japan and the United States of America containing proposed modifications to working document ECE/TRANS/WP.29/2019/34 (Framework document on automated/autonomous vehicles) based on views of other Contracting Party representatives. It is submitted to the World Forum for Harmonization of Vehicle Regulations (WP.29) and to AC.3 for consideration at their June 2019 sessions.  

以下文本由中国、欧盟、日本和美国代表共同准备完成。基于其他缔约方代表的意见，文件涵盖了对ECE/TRANS/WP.29/2019/34（自动驾驶汽车框架文件）工作文件的拟修改内容。本文件提交至世界车辆法规协调论坛（WP.29）和《1998年议定书》管理委员会（AC.3），于2019年6月的会议上进行审议。

 Framework document on automated/autonomous vehicles

自动驾驶汽车框架文件

Purpose

1.  目的

This Framework document’s primary purpose is to provide guidance to WP.29 subsidiary Working Parties (GRs) by identifying key principles for the safety and security of automated/autonomous vehicles of levels 3 and higher. The framework document also defines the work priorities for WP.29 and indicates the deliverables, timelines and working arrangements for those certain work products related to those priorities.

本框架文件旨在通过明确L3及更高级别自动驾驶汽车的安全性和安全防护的关键原则，为WP.29附属工作组（GRs）提供指导。本框架文件还确立了WP.29的优先工作事项，并指出了优先事项相关的某些工作成果的交付物、时间表和工作安排。

Working Principles

2.  工作原则

Technical provisions and/or guidance and resolutions for automated/autonomous vehicles shall be conducted within the contexts of both the 1958 Agreement and 1998 Agreement.

自动驾驶汽车的技术条款和/或指南以及决议都应在《1958年协定书》和《1998年协定书》框架下完成。 

Technical provisions, guidance resolutions and evaluation criteria for automated vehicles will to the extent possible, be performance based, technology neutral, and based on state of the art technology while avoiding restricting future innovation.

自动驾驶汽车的技术条款、指导决议和评价标准应尽可能做到基于车辆性能，保持技术中立，以前沿新技术为基础，同时避免制约未来创新发展。

Existing standards/guidelines of the contracting parties and in standardization bodies shall be reviewed as well as previous work and reference documents agreed in UNECE.

应对缔约方和标准化机构现有的标准/指南以及联合国欧洲经济委员会（UNECE）已通过的工作和参考文件进行审议。

This document shall be approved and managed by WP.29 as specific work items are expected to be prepared in multiple GRs with extensive cross-coordination between them. The implementation of each work item shall be monitored at each WP.29 session under a dedicated agenda item. Furthermore, this document shall be reviewed once a year and be updated, if necessary.

由于具体工作项目将在多个工作组中准备完成，并在工作组之间进行大量多方协调，本文件应由WP.29进行批准和管理。每个工作项目的实施，应在每次WP.29会议中专门的议程项目下接受监督。此外，如有必要，本文件应每年复审一次，必要时予以更新。

Safety Vision

3.  安全愿景

WP.29 recognizes that for automated/autonomous vehicles to fulfil their potential in particular to improve road transport, then they must be placed on the market in a way that reassures road users of their safety. If automated/autonomous vehicles confuse users, disrupt road traffic, or otherwise perform poorly then they will fail. WP.29 seeks to avoid this outcome by creating the framework to helping to deliver safe and secure road vehicles in a consistent manner, and to promote collaboration and communication amongst those involved in their development and oversight.

WP.29认为，要使自动驾驶汽车发挥其潜能，特别是能够改善道路运输情况，就必须以一种能保证道路使用者安全性的方式将自动驾驶汽车投放到市场上。如果自动驾驶汽车令使用者困惑、扰乱道路交通秩序或者表现不佳，那么该自动驾驶汽车就是失败的。WP.29努力避免出现该结果，建立该框架以帮助持续推出具备安全性和安全防护性的道路车辆，并增进研发和监管人员之间的协作和沟通。

The level of safety to be ensured by automated/autonomous vehicles implies that “an automated/autonomous vehicle shall not cause any non-tolerable risk”, meaning that automated/autonomous vehicle systems, under their automated mode ([ODD/OD]), shall not cause any traffic accidents resulting in injury or death that are reasonably foreseeable and preventable. Based on this principle, this framework sets out a series of vehicle safety topics to be taken into account to ensure safety.

自动驾驶汽车的安全水平指的是“自动驾驶汽车不会造成任何不可承受的风险”，这就意味着自动驾驶汽车系统在自动驾驶模式([ODD/OD])下，不会造成任何本来可以预见和预防的交通伤亡事故。基于这一原则，该框架提出了一系列车辆安全议题，以保证车辆安全。

Key issues and principles to be considered by WP29 subsidiary bodies as a priority

4.  WP.29附属机构优先考虑的关键问题和原则

The following list of issues and principles will guide discussions and activities on automated/autonomous vehicles within WP.29 and each of its relevant subsidiary Working Parties. The aim is to capture the shared interests and concerns of regulatory authorities, provide the general parameters for work, and to provide common definitions and guidance.

以下列出的问题和原则将在WP.29及每个相关附属工作组内指导对自动驾驶汽车的讨论和活动。目的是专注于各法规制定机构的共同利益与关注点，提供工作（需要）的通用参数，并提出通用定义和指南。

The following is a list of common principles with brief descriptions and explanation. It is expected these would form the basis for further development.

以下列出了一些共性原则并进行了简要说明和解释，将构成未来发展的基础。

System Safety:  When in the automated mode, the automated/autonomous vehicle should be free of unreasonable safety risks to the driver and other road users and ensure compliance with road traffic regulations.

系统安全：在自动驾驶模式下，自动驾驶汽车应该使驾驶员和其他道路使用者免于不合理的安全风险，并要确保符合道路交通法规。

Failsafe Response:  The automated/autonomous vehicles should be able to detect its failures or when the conditions for the [ODD/OD] are not met anymore. In such a case the vehicle should be able to transition automatically (minimum risk manoeuvre) to a minimal risk condition.

失效保护响应：自动驾驶汽车应该能够检测车辆故障或何时不再满足设计运行范围/运行范围条件（ODD/OD）。在这种情况下，车辆应该自动（采用最低风险策略）切换到最低风险状态。

Human Machine Interface (HMI) /Operator information:  Automated/autonomous vehicle should include driver engagement monitoring in cases where drivers could be involved (e.g. take over requests) in the driving task to assess driver awareness and readiness to perform the full driving task. The vehicle should request the driver to hand over the driving tasks in case that the driver needs to regain a proper control of the vehicle. In addition, automated vehicle should allow interaction with other road users (e.g. by means of external HMI on operational status of the vehicle, etc.)  

人机交互界面（HMI）/操作者信息：在驾驶任务可能需要驾驶者参与的情况下，如（发出）接管请求，自动驾驶汽车应具备对驾驶者参与的监控（功能），评估驾驶者执行完整驾驶任务的意识和准备状态。当驾驶员对车辆采取不适当控制时，车辆应该要求驾驶员交出驾驶任务。此外，自动驾驶汽车应允许与其他道路使用者进行交互（例如，车辆运行状态下利用外部人机交互界面等）。

Object Event Detection and Response (OEDR):  The automated vehicles shall be able to detect and respond to object/events that may be reasonably expected in the OD.

目标事件探测与响应（OEDR）：自动驾驶汽车应可对在其运行范围（OD）内可合理预见的物体/事件进行检测与响应。

[Operational Design Domain (ODD/OD)] (automated mode):  For the assessment of the vehicle safety, the vehicle manufacturers should document the [ODD/OD] available on their vehicles and the functionality of the vehicle within the prescribed [ODD/OD].  The [ODD/OD] should describe the specific conditions under which the automated vehicle is intended to drive in the automated mode.  The [ODD/OD] should include the following information at a minimum:  roadway types; geographic area; speed range; environmental conditions (weather as well as day/night time); and other domain constraints.

[设计适用范围(ODD/OD) ]（自动驾驶模式）：为了评估车辆安全，车辆制造商应记录车辆的 [ODD/OD ]和在规定的[ODD/OD ]内车辆的功能性。[ODD/OD ]应描述自动驾驶汽车采用自动驾驶模式进行行驶的具体情况。[ODD/OD ]应包括至少以下信息：道路类型、地理区域、速度范围、环境条件（天气和日/夜时间）以及其他的范围约束条件。

Validation for System Safety:  Vehicle manufacturers should demonstrate a robust design and validation process based on a systems-engineering approach with the goal of designing automated driving systems free of unreasonable safety risks and ensuring compliance with road traffic regulations and the principles listed in this document. Design and validation methods should include a hazard analysis and safety risk assessment for Automated Driving System (ADS), for the OEDR, but also for the overall vehicle design into which it is being integrated and when applicable, for the broader transportation ecosystem. Design and validation methods should demonstrate the behavioural competencies an Automated/autonomous vehicle would be expected to perform during a normal operation, the performance during crash avoidance situations and the performance of fall back strategies. Test approaches may include a combination of simulation, test track and on road testing.

系统安全验证：车辆制造商应该以设计出免于不合理安全风险的自动驾驶系统和保证符合道路交通法规与本文件列出的原则为目标，根据系统工程方法呈现一个健全的设计和验证过程。设计和验证方法应包括对以下方面的威胁分析和安全风险评估：自动驾驶系统（ADS），目标事件探测与响应（OEDR），包含上述内容的整车设计，以及更广泛的交通生态系统（如适用）。设计和验证方法应展示出自动驾驶汽车正常运行期间的预期行为能力，避免碰撞的性能以及后备支援的性能。试验方法可以包括模拟组合测试、场地测试和实际道路测试。

Cybersecurity:  The automated/autonomous vehicle should be protected against cyber-attacks in accordance with established best practices for cyber vehicle physical systems. Vehicles manufacturers shall demonstrate how they incorporated vehicle cybersecurity considerations into ADSs, including all actions, changes, design choices, analyses and associated testing, and ensure that data is traceable within a robust document version control environment.

信息安全：基于已建立的网络车辆物理系统最佳实践方案，自动驾驶汽车应免受网络攻击。车辆制造商应表明他们如何将车辆信息安全考虑整合到自动驾驶系统中，这些考虑包括所有的行动、变化、设计选择、分析和相关测试；以及确保数据在强大的文档版本控制环境中是可追溯的。

Software Updates:  Vehicle manufacturers should ensure system updates occur as needed in a safe way and provide for after-market repairs and modifications as needed.

软件更新：车辆制造商应确保系统更新可根据需要、以安全的方式进行，并可根据需要应用于售后修理和修改。

Event data recorder (EDR) and Data Storage System for Automated Driving vehicles (DSSAD):  The automated/autonomous vehicles should have the function that collects and records the necessary data related to the system status, occurrence of malfunctions, degradations or failures in a way that can be used to establish the cause of any crash and to identify the status of the automated/autonomous driving system and the status of the driver.  The identification of differences between EDR and DSSAD to be determined.

事件数据记录议（EDR）和自动驾驶汽车数据存储系统（DSSAD）：自动驾驶汽车应具有采集和记录与系统状态、故障发生、降级或失效相关必要数据的功能，其采用一种可用来确定任何碰撞发生的原因、自动驾驶系统状态以及驾驶员状态的方式。如何识别EDR和DSSAD之间的差异尚待确定。

Additional issues not listed in the currently agreed WP29 work priorities

WP.29目前通过的优先工作中未列出的其他问题

Vehicle maintenance and inspection:  Vehicle safety of in-use vehicles should be ensured through measures such as related to maintenance and the inspection of automated vehicles etc. Additionally, vehicle manufacturers are encouraged to have documentation available that facilitates the maintenance and repair of ADSs after a crash. Such documentation would likely identify the equipment and the processes necessary to ensure safe operation of the automated/autonomous vehicle after repair

车辆维护和检查：应利用自动驾驶汽车维护和检查等相关措施，确保在用车辆的安全。此外，鼓励车辆制造商提供可用文件，便于对碰撞后自动驾驶汽车的维护和修理。这些文件将确定能保证自动驾驶汽车在修理后可安全运行的必要装备和过程。

Consumer Education and Training:  Vehicle manufacturers should develop, document and maintain employee, dealer, distributor, and consumer education and training programs to address the anticipated differences in the use and operation of automated vehicles from those of conventional vehicles.

消费者教育和培训：车辆制造商应制定、记录和维护对于员工、经销商、分销商以及消费者的教育和培训方案，解决自动驾驶汽车与传统汽车在使用和操作方面产生的预期差异问题。

Crashworthiness and Compatibility:  Given that a mix of automated/autonomous vehicles and conventional vehicles will be operating on public roadways, automated/autonomous vehicle occupants should be protected against crashes with other vehicles.  

防撞性和兼容性：鉴于自动驾驶汽车和传统汽车将共同在公共道路上行驶，应该保证自动驾驶汽车与其他车辆发生碰撞时对其乘员进行保护。

Post-crash AV behaviour:  Automated/autonomous vehicles should be able to return to a safe state immediately after being involved in a crash. Things such as shutting off the fuel pump, removing motive power, moving the vehicle to a safe position off the roadway, disengaging electrical power, and other relevant actions should be considered. A communication with an operations center, collision notification center, or vehicle communications technology should be used.  

碰撞后自动驾驶汽车行为：发生碰撞后，自动驾驶汽车应该立即返回至安全状态。可考虑（相关动作）诸如关闭燃油泵，切断动力，将车辆移至路边安全位置，切断电力以及其他相关动作。应启用与操作中心、碰撞通知中心的通信或者启用车辆通信技术。