Minimap of introduction diagram
Minimap of stage diagram

AMLAS outline

ML safety assurance scoping argument pattern

The argument pattern relating to this stage is shown in Figure 5 below and key elements from the pattern are described in the sections below the diagram.

Figure 5: [F] : Argument pattern for ML safety assurance scoping


The top claim in this argument pattern represents the starting point for the safety argument for the ML component by claiming that the system safety requirements that have been allocated to the component are satisfied in the defined environment. As such, this claim provides the link to the higher level system safety argument of which it is a part. The safety claim for the ML component is made within the context of the information that was used to establish the safety requirements allocation including the descriptions of the system and software architectures ([C]) and operational environment ([B]), and the description of the ML component ([D]). The allocated system safety requirements ([E]) are also provided as context. It is important to be able to show that the allocated safety requirements have been correctly defined, however this is part of the system safety process and is therefore outside of the scope of the ML safety assurance argument. An assumption to this effect is therefore made explicitly in this argument in A1.1. It should be noted that to assure the validity of this assumption, a full argument and evidence regarding the system safety requirements should be provided in the safety case for the overall system. The primary aim of the ML Safety Assurance Scoping argument is to explain and justify the essential relationship between, on the one hand, the system‐level safety requirements and associated hazards and risks, and on the other hand, the ML‐specific safety requirements and associated ML performance and failure conditions (as detailed in Stage 2).


The approach that is adopted to support the ML safety claim is to split the argument into two parts. Firstly the development of the ML component is considered. This argument begins through the development of the ML safety requirements argument as discussed in Stage 2 of the process. Secondly, the deployment of the ML component is addressed. The deployment argument is considered in Stage 6 of the process.

The instantiated ML safety assurance scoping argument and references to artefacts shall be documented for the ML component ([G]). Along with the instantiated arguments resulting from the other stages of the AMLAS process, this will constitute the safety case for the ML component.

Our site depends on cookies to provide our service to you. If you continue to use this site we will assume that you are happy with that. View our privacy policy.