Autonomous systems (AS) are systems that have the capability to take decisions free from direct human control. AS are increasingly being considered for adoption for applications where their behaviour may cause harm, such as when used for autonomous driving, medical applications or in domestic environments. For such applications, being able to ensure and demonstrate (assure) the safety of the operation of the AS is crucial for their adoption. This can be particularly challenging where AS operate in complex and changing real‐world environments. Establishing justified confidence in the safety of AS requires the creation of a compelling safety case. This guidance introduces a methodology for the Safety Assurance of Autonomous Systems in Complex Environments (SACE). SACE comprises a set of safety case patterns and a process for:
The aim of this document is to provide guidance on how to systematically integrate safety assurance into the development of AS. A primary outcome of this integration is an explicit and structured safety case. More specifically, SACE offers a set of argument patterns, and the underlying assurance activities, that can be instantiated and specialised in order to develop the AS safety cases.
This document is aimed at
When using this document it is recommended that the reader is aware of other sources of complementary guidance on best practice for the safety of autonomous systems such as UL4000  or SCSC‐153B .
Throughout the document, the use of ”shall” indicates a required element of the guidance. Information marked as a “NOTE” or “EXAMPLE” is only used for clarification of the associated activities. A "NOTE” provides additional information, for clarification or advice purposes. An “EXAMPLE” is used to illustrate a particular point that is specific to a domain or technology. An example presented in this document is not meant to be exhaustive. Planned case studies and future experiments will provide fuller examples.