Highly automated driving assumes the vehicle can rectify faults on its own until the driver is in a position to intervene. That means guaranteeing the fault tolerance of critical functions in the vehicle E/E system. To date for example, a mechanical brake has usually served as a backup whenever the electric motor takes over the braking system. Although a temporary solution, from a long-term perspective one must come to the conclusion that this approach is not only costly, but also makes the vehicle unnecessarily heavy. This approach is also at odds with the concept of energy efficiency, and in the end leads to an extremely complex vehicle with many parts.
With this in mind, in future vehicles it would be advantageous for the electric motor to take over the braking system by itself through interaction with the vehicle E/E system and software. This places other demands on safety however, particularly in the case of highly automated driving. The German Association of Automobile Manufacturers (VDA) defines this degree of automation as stage 3 because the driver is no longer required to constantly monitor the vehicle and traffic, which is the case with partially-automated driving. The vehicle thus acts as the first fallback level, rectifying the error until the driver takes over again. For example, when an electronic control unit (ECU) fails, the vehicle must initially compensate and notify the driver so that he can take over the wheel again. Until that happens however, the vehicle must continue to drive more or less autonomously for several seconds.