Skip to main content

Safety Case Studies: Learning from Incidents

The path to autonomy is paved with lessons learned. These cases show common failure modes and offer quick mitigations for riders, cities, and AV teams.

Why Analyze Failures?

In the aviation industry, every crash leads to an investigation that makes the entire system safer. The autonomous vehicle industry is adopting this safety culture. By studying edge cases, sensor failures, and software bugs, we can create robust standards for the future.

Incident TypePrimary Failure ModeKey Mitigation
Uber Tempe (2018)Classification delay, disabled emergency brakingDriver Monitoring Systems, active AEB
Phantom Braking (ADAS)Photometric error, false positive object detectionCamera-radar early fusion, HD mapping
Robotaxi StallsEdge case triggering Minimum Risk Condition (MRC)Controlled pullovers vs. in-lane stops
Level 3 HandoffsDriver distraction during takeover requestEscalating alerts, redundant braking

Case Study 1: The Uber ATG Incident (Tempe, AZ)

Date: March 2018
Context: A prototype Uber autonomous vehicle struck a pedestrian crossing the street at night outside of a crosswalk.

Key Failures Identified:

  • Classification Delay: The software oscillated between classifying the pedestrian as an unknown object, a vehicle, and a bicycle, resetting its trajectory prediction each time.
  • Disabled Emergency Braking: The factory emergency braking system was disabled to prevent conflicts with the autonomous system, and the autonomous braking was also disabled to reduce "jerky" rides, relying entirely on the human safety driver.
  • Human Factor: The safety driver was distracted and not monitoring the road.

Industry Lessons:

This tragedy underscored the critical need for Driver Monitoring Systems to ensure safety drivers are attentive. It also led to stricter protocols for when and how emergency braking systems can be suppressed.

Case Study 2: Phantom Braking Investigations (2024-2025)

Context: Various incidents involving ADAS systems (like Tesla Autopilot or Honda AEB) braking unexpectedly on highways.

The Real-World Impact:

In 2022, the National Highway Traffic Safety Administration (NHTSA) logged 758 complaints about Teslas suddenly decelerating for no reason on American highways. This issue, under NHTSA investigation (PE 22-002), potentially affects up to 416,000 Model 3 and Model Y vehicles. The severity of these incidents led a U.S. District Judge to greenlight a class-action lawsuit, while in Australia, 10,000 owners joined a Federal Court class action over similar "rear-ender nightmares."

Similarly, NHTSA expanded a probe in 2024 into Honda Insight and Passport vehicles after receiving 106 consumer complaints of phantom braking. Investigators reviewed a total of 475 reports, including incidents indicating unexpected AEB activation resulting in rear-end collisions.

Mitigation Strategies:

  • Sensor fusion: Early-fuse camera and 4D radar to confirm elevation and speed before braking. Do not rely on vision alone in glare-prone corridors.
  • High-definition maps: Map overhead structures so they are ignored as obstacles; keep them fresh for construction zones.
  • Rider tip: Keep cameras and LiDAR clean; smudges increase false positives.

Case Study 3: The "Stalled" Robotaxi

Context: Incidents where fully driverless vehicles (Cruise, Waymo) stop in the middle of intersections or block traffic.

The "Minimum Risk Condition"

When an AV encounters a situation it cannot handle (an "edge case" or connectivity loss), its programmed safe state is often to come to a controlled stop. This is known as the Minimum Risk Condition (MRC).

The Dilemma:

While stopping is safer than driving blindly, stopping in an active lane can create new hazards (rear-end collisions, blocking emergency vehicles). The industry is working on "pullover" maneuvers as a more advanced MRC, rather than just stopping in place.

Mitigations and reporting:

  • Fleet action: Build "slow roll to shoulder" behaviors; monitor connectivity and HD map confidence to avoid known dead zones.
  • City action: Share construction feeds and curb closures via API so AVs can reroute before stalling.
  • Rider tip: If stalled, stay belted, call support from the vehicle interface, and report the exact intersection for rapid remote assistance.

Case Study 4: Level 3 Handoff Failure

Context: In stop-and-go traffic, Level 3 systems allow eyes-off but may request takeover when speeds rise or weather degrades.

Risk pattern:

Drivers engrossed in screens miss the takeover countdown, creating gaps before control returns. Liability sits with the OEM while active, but the human must retake when asked.

Mitigations:

  • Driver monitoring: Eye-tracking and seat sensors escalate alerts (visual > audio > haptic) before dropping to MRC.
  • Graceful fallback: If no response, perform a controlled pullover using redundant braking, not an abrupt stop.
  • Rider tip: Treat Level 3 like flight autopilot; be ready to fly the plane when notified.

Frequently Asked Questions

What is phantom braking?

Phantom braking occurs when advanced driver assistance systems (ADAS) misread shadows, bridges, or roadside objects as obstacles and brake unexpectedly on highways.

What is the "Minimum Risk Condition" (MRC) for robotaxis?

When an autonomous vehicle encounters an edge case or connectivity loss, its programmed safe state is often to come to a controlled stop, known as the Minimum Risk Condition.

Who holds liability in a Level 3 handoff failure?

In Level 3 systems, liability sits with the OEM while the system is active, but the human driver must retake control when requested.

How to use these case studies

  • Brief riders and city partners on expected behaviors (cautious creep, MRC).
  • Fold mitigations into checklists: sensor cleaning, occlusion alerts, takeover drills.
  • Publish incident learnings in your VSSA to build public trust.