Context 

The need for safe development of vehicles has been strengthened due to the continuous advancement in vehicle technology. With increasing levels of sophistication and technology being pushed to vehicles at such rapid pace, a strong demand for achieving safer technology within compressed timelines has become a baseline expectation across the industry.  Safety-related activities are frequently cited as a source of delay within the development lifecycle due to the additional process overhead they introduce.  Achieving efficiency and effectiveness within the safety domain has always been a topic of debate; however, no widely adopted solution has emerged to reconcile process rigor with development speed. 

Addressing these efficiency constraints requires tooling that can absorb repetitive analytical effort without compromising rigor. Generative AI (GenAI) offers a potential path forward — but not without significant caveats.  Generative AI has demonstrated transformative potential across multiple industries, including automotive.  By applying Generative AI within the safety lifecycle, the potential benefits include reduced analysis cycle time, improved consistency across work products, and lower effort on non-technical overhead. However, there has been strong criticism concerning the usage and reliance on AI within safety work products from safety experts. Blind reliance on any form of technology would result in negligence-related issues. If they go unnoticed, this could result in the loss of lives and property. In high-stakes disciplines such as Functional Safety, AI outputs require expert validation — unsupervised use introduces unacceptable risk of undetected errors propagating into safety-critical work products. Keeping the points mentioned above in mind, this article presents an expert-driven Generative AI solution for Functional Safety.  

Introduction to Functional Safety 

Functional Safety, as per ISO 26262-1, refers to the absence of unreasonable risk due to hazards caused by malfunctioning behavior of electrical and/or electronic (E/E) systems. For a given item to be developed as per ISO 26262, a hazard analysis and risk assessment (HARA) must be performed. The HARA is produced by Functional Safety experts using the item definition. The item definition contains all the information concerning the system or combination of systems to which Functional Safety is being applied. The HARA and the item definition are mandatory work products produced in accordance with ISO 26262-3. Furthermore, they serve as the base for the proposed development activities required as per the Functional Safety lifecycle.  

Motivation for GenAI based solution 

HARAs are known to be quite detailed and time-consuming. With every new iteration of a given system, the HARA must be updated, resulting in a continuous loop between safety engineers and system developers/function owners. The efficiency of the process is dependent on multiple factors, with the work product quality being the most important one. The overall time spent on the analysis can also be correlated with the complexity of the item under analysis. Complex items may require detailed analyses, which in turn would result in more time and effort being allocated towards the completion of the analyses. The additional efforts have a downstream effect impacting review-related processes. The roll-over effect of time consumption from the analysis to the review is quite significant, thereby becoming a bottleneck in the efficiency of the overall process.  

It is vital to ensure that the HARA performed has significant hazard coverage that may occur due to the malfunctioning behavior of the item.  Complete hazard coverage is not achievable within the scope of Functional Safety alone — hazards arising from performance limitations of the intended functionality fall under SOTIF (ISO 21448) rather than ISO 26262.  However, achieving sufficient hazard coverage to satisfy ISO 26262-3 Clause 7 demands expert knowledge, time, and oversight — all of which are constrained resources. When an expert performs a manual HARA, they are responsible for technical and non-technical activities concerning the analysis. Non-technical activities majorly include tasks such as document/template management, correct carry-over/transfer of content, versioning, etc. Effort spent on these tasks’ scales disproportionately with item complexity. The safety expert’s time would theoretically be spent on non-technical topics which could have been directed towards the content of the analysis itself. 

One of the major issues that has plagued Functional Safety is the subjective element of HARA. The subjective element mainly concerns the output of the analysis itself. The various steps to be performed within the HARA may be well defined within ISO 26262-3. However, due to the subjective nature of each step, results  frequently vary between analysts, even when the same item definition and operational situations are used as input. This results in mismatches and disagreements between authors. If a given item is to be analyzed by a group of safety experts, there is a high probability that the result will vary significantly. These inconsistencies must then be resolved through additional review cycles. 

Our proposed solution 

FEV has developed a Generative-AI based tooling, which is called the HARA Agent.  The HARA Agent is an interactive, AI-based tool that assists safety engineers by automating repetitive analysis steps while preserving expert control over all outputs.  The interactive workflow ensures that the engineer reviews and adapts each output in real-time, reducing cycle time across multiple stages of the analysis. By automating the trivial tasks and generating a draft version of the analysis, the experts can freely focus on the review and moderation of the analysis content. Figure 1 highlights the required inputs and the output produced by the HARA Agent, which will be broken down in the next section. 

How is it being solved? 

This newsletter provides a high-level description of FEV HARA Agent. Figure 2 depicts an overview of the architecture. The tool uses a modular, chain-based design in which each module performs a defined step of the HARA process. The HARA Agent automates the following steps: function Identification, functional hazard analysis, vehicle hazard summarization, hazard-to-operating scenario mapping, exposure/severity/controllability rating assignment, ASIL determination, and safety goal derivation.

Each step is encapsulated as an independent module within the chain, forming the foundation of the system’s modular architecture. Each module uses an LLM to generate its output based on defined inputs: item definition, module-specific system messages (i.e., prompts) and, where applicable, external reference databases. Each module’s output feeds directly into the next; for example, function identification results serve as an input to the Functional Hazard Analysis module.  

Relevant modules reference external databases that serve both as guardrails and   as retrieval context for the LLM during the output generation. For example, the FHA modules retrieve prior functional hazard analyses from an internal FEV knowledge library, which constrains the LLM output to established patterns and terminology.  

The HARA Agent can operate in two modes. In automatic mode, a full HARA is generated end-to-end from the item definition. In incremental mode, the engineer reviews and approves each module’s output before the next step executes. This gives the safety expert direct control over output quality at each stage. For example, after the FHA module has completed, its outputs are displayed in an editable table.  The expert can modify individual entries and attach comments per cell. Once the review is complete, the expert advances to the next module and repeats the same review cycle. 

After all steps are complete, the HARA Agent exports results into a FEV-specific HARA template for systematic review by the responsible HARA owner.  If the results are unsatisfactory, the expert can re-execute the analysis on the same item definition.  The re-execution can be performed directly on the same input document without having to ingest it. If the item definition has been updated, it must be ingested by the tooling first which is then followed by the execution process. Additionally, during the review of the final output, if the user is unsatisfied with the result of any module, the tooling can detect changes made within the tooling’s output and this automatically prompts an option to the user to restart the execution from that specific module once they have completed making updates.

Conclusion: 

The HARA Agent integrates Generative AI into the Functional Safety workflow. The tool enables safety experts to achieve greater efficiency through automated output generation. Across multiple projects, an average efficiency gain of 50% was observed in the HARA Completion flow. These efficiency gains propagate downstream through the safety lifecycle faster HARA completion reduces lead time for subsequent safety activities such as technical safety concept development and review. The ability to review and edit intermediate outputs gives the engineer direct control over result quality. The expert-in-the-loop design ensures that all exported output is validated by qualified experts, maintaining consistent quality across analyses.  

Contact: 

HARA Agent is now also available to external customers, offering a powerful solution for organizations seeking to enhance their functional safety risk analysis with greater speed, consistency, and confidence. Contact us to learn more about how HARA Agent can support your organization: solutions@fev.io 

Authors:
Vishwanath Nagnath Pai
Lars Kevin Kamphausen
Tobias Brünker
Dr. Hendrik Ruppert
Dr. Bastian Holderbaum