Functional & AI Safety for Off-Highway and Industrial Vehicles

The off-highway and industrial vehicle sector is undergoing a profound transformation. From autonomous harvesters and electrified fleets to mining trucks and robotic construction equipment, machines are becoming more intelligent, connected, and automated.

With greater intelligence comes greater risk. A modern forestry harvester or excavator is not just a machine – it is a rolling combination of sensors, embedded software, and AI decision-making. If these systems malfunction or misinterpret their environment, the results can be catastrophic: damage to equipment worth millions, costly downtime, or even, in worst case scenarios, it can result in serious injuries and loss of life.

The challenge is twofold:

Machines must remain safe when components fail. This is the domain of Functional Safety (FuSa).
Machines must also remain safe when they are functioning correctly, but their AI or sensors encounter performance limitations. This is the role of Safety of the Intended Functionality (SOTIF).

Until now, most manufacturers have focused on the first challenge. Standards such as ISO 13849, IEC 61508, and ISO 19014 ensure that hardware and control systems fail in a safe and predictable way. But as autonomy increases, the second challenge (SOTIF) has become impossible to ignore. An AI-driven sprayer may be working perfectly, yet still miss weeds in heavy shadows. A dozer’s sensors may be fully operational, but still fail to recognize a surveyor in dusty conditions.

In short: FuSa ensures systems don’t break unsafely. SOTIF ensures they don’t behave unsafely. Both are essential.

For OEMs, Tier 1s, and system integrators, the implications are clear. Safety is no longer just about compliance. It is a strategic differentiator. Companies that can prove their machines are both compliant and trustworthy in the real world will win the confidence of regulators, investors, and customers.

1. The Regulatory Landscape: What You Need to Know

Today’s Reality: Functional Safety as a Baseline

Right now, compliance for off-highway and industrial vehicles in the EU is driven by functional safety. Manufacturers must demonstrate that systems are designed to avoid hazardous situations even when hardware or software faults occur. The most relevant standards today include:

IEC 61508 – The umbrella standard for functional safety of electrical, electronic, and programmable systems across all industries.
ISO 13849 – Safety of machinery control systems. Defines Performance Levels (PL a–e) that measure how reliably a system can reduce risk.
IEC 62061 – Functional safety of machinery using electronic and programmable control systems. Tailored more complex systems using electrical and electronic technologies.
ISO 19014 – Functional safety standard for earth-moving machinery, adapted from ISO 26262, focusing on hazards like stability and rollover.
ISO 25119 – Safety standard for agricultural and forestry machinery. Introduces Agricultural Performance Levels (AgPL).

For example, if an excavator arm must not move while the cab door is open, ISO 13849 requires that the safety circuit can reliably cut hydraulic power, even if an electronic component malfunctions. This is FuSa in action.

The Future: EU Machinery Regulation (2027)

On January 20, 2027, the EU Machinery Regulation (EU) 2023/1230 will fully replace the old Machinery Directive. This new regulation is a game changer for the industry.

While the text does not explicitly name SOTIF or AI safety standards, it mandates their principles. Key changes include:

Explicit coverage of AI and evolving logic
Systems must remain safe even when their “behaviour or logic evolves” after being placed on the market. In other words, machines using AI or ML must manage unforeseen situations safely.
System-level validation of safety components
A sensor, algorithm, or software module can no longer be validated in isolation. Safety must be demonstrated in the context of the entire machine.
Performance beyond component failure
It’s not enough to show a system fails safely when broken (FuSa). Manufacturers must now prove that it doesn’t create hazards while functioning as intended (SOTIF).

For OEMs and Tier 1s, this means the bar is rising. Simply meeting ISO 13849 is no longer enough. By 2027, a machine that cannot demonstrate SOTIF principles will not be market-ready in the EU.

Beyond Compliance: Best Practices Emerging Now

Forward-thinking manufacturers are already going beyond today’s baseline to prepare for tomorrow’s standards. The most relevant best-practice frameworks include:

ISO 21448 (SOTIF) – Ensures safety in the absence of malfunctions, focusing on performance limitations of perception and decision-making systems.
ISO/PAS 8800 – Safety of AI/ML systems in road vehicles; complements SOTIF by covering risks from black-box AI behaviour. While automotive-focused, it is highly relevant for autonomous off-highway vehicles.
UL 4600 – Standard for evaluating the safety of autonomous products, covering both on-road and off-road domains.
ISO/IEC TR 5469:2022 – Guidance on applying functional safety principles (IEC 61508) to AI systems.
ISO/IEC 42001:2023 – AI management systems standard, supporting governance of AI in industrial contexts.

These standards are not yet mandatory. But they are increasingly becoming de facto requirements for manufacturers that want to demonstrate due diligence, attract investors, and reassure customers.

2. Functional Safety (FuSa): Building Reliability into Every System

Functional Safety (FuSa) is the foundation of all machine safety frameworks. It ensures that a system can detect, control, or mitigate failures in hardware or software before they lead to harm.

For decades, functional safety has been the backbone of compliance in sectors like automotive, industrial machinery, and process control. It’s equally essential in the off-highway domain.

When applied effectively, FuSa transforms risk management from a reactive process into a strategic design advantage. It enforces rigorous engineering discipline, traceability, and system redundancy. This helps manufacturers deliver more reliable, longer-lasting, and certifiable products.

Why Functional Safety Matters for Off-Highway and Industrial Vehicles

Off-highway and industrial machines operate in unstructured environments — unpredictable terrains, heavy loads, and human proximity. A malfunction that might be minor in a passenger car could be catastrophic in a 60-ton autonomous haul truck.

Functional Safety ensures these machines remain safe even when something breaks.

Key objectives include:

Detect faults early and move to a safe state.
Ensure redundancy in critical systems like braking or steering.
Maintain predictability in behavior under any fault condition.

This approach minimizes operational downtime, protects operators, and increasingly, forms a core part of OEM brand value.

Real-World Examples of FuSa in Action

1. Mining Haul Truck – Steering Sensor Failure
A massive haul truck autonomously following a route in a mine experiences a fault in its steering angle sensor.

Without FuSa: The truck might continue on a misaligned path, risking collisions or drop-offs.
With FuSa: Redundant sensors and cross-check logic detect the discrepancy, trigger a safe stop, and alert the operator.

2. Tractor – Hydraulic Control Fault
A short circuit in a joystick sends a continuous “lift implement” command.

Without FuSa: The implement could swing dangerously, damaging equipment or endangering workers.
With FuSa: The system detects an irrational signal duration, ignores it, and moves to a safe position.

3. Excavator – “Person Detection” Sensor Stuck
A person-detection sensor freezes in the “all-clear” state.

Without FuSa: The excavator could move its arm toward a worker.
With FuSa: Continuous diagnostics identify the fault and lock the arm until inspection.

Each scenario illustrates the same principle: FuSa doesn’t prevent faults, it ensures faults don’t lead to harm.

FuSa as a Business Asset

For many OEMs, FuSa compliance is still seen as a box to tick. But leading manufacturers are realizing it’s also a market differentiator:

Shorter certification cycles and fewer redesigns.
Stronger relationships with regulators and integrators.
Increased trust among clients and end-users.

By embedding FuSa early in the design lifecycle, you build resilience not just into machines — but into your business.

3. Safety of the Intended Functionality (SOTIF): Managing the Unknown

If FuSa protects you when systems fail, SOTIF protects you when they don’t.

SOTIF (Safety of the Intended Functionality) addresses risks arising from performance limitations or insufficient understanding of complex environments. It is particularly relevant as AI-driven perception and automation become standard in off-highway equipment.

Unlike traditional safety, SOTIF assumes the hardware and software are functioning correctly. The question it asks is:

“What could go wrong when the system works as designed — but not as expected?”

Why SOTIF Matters Now

The new generation of off-highway machines depends heavily on computer vision, sensor fusion, and AI-based decision-making. These systems don’t fail in binary ways — they fail in nuance.

A LiDAR might misread fog as a solid object.
A neural network might mistake a shadow for an obstacle.
A camera might overexpose in sunlight, missing a worker’s silhouette.

These are not “malfunctions.” They’re limitations of intended functionality, and they can be just as dangerous as mechanical faults.

SOTIF provides a structured framework to identify, test, and mitigate these situations before deployment.

How SOTIF Works

The process revolves around six stages:

Identify potential hazards from system performance limitations or misuse.
Define triggering conditions – environmental or operational situations that may cause unsafe behavior.
Improve system design to mitigate or detect these limitations.
Validate and verify through simulation and real-world testing.
Evaluation of known/expected use scenarios.
Estimation of residual risk caused by unknown scenarios.

In practice, this means subjecting AI systems to edge-case scenarios far beyond normal test conditions: poor visibility, complex terrain, unpredictable human actions, or novel objects in the environment.

Real-World Examples of SOTIF

1. Forestry Harvester – Misidentifying a Boulder
A harvester uses LiDAR and vision AI to detect trees for cutting. It mistakes a moss-covered boulder for a tree trunk.

SOTIF approach: Train models on wider datasets, define confidence thresholds, and halt when uncertainty is high.

2. Agricultural Sprayer – Failing in Changing Light
AI-driven sprayer struggles to detect weeds under rapidly changing light between open fields and tree shade.

SOTIF approach: Recognize lighting as a triggering condition and slow operation or switch to safe mode when conditions exceed the AI’s reliable range.

3. Construction Dozer – Failing to Detect Non-Reflective Clothing
Vision system trained only on high-visibility vests fails to recognize a surveyor in standard clothing.

SOTIF approach: Expand training data, define operational design domain (ODD) rules requiring visibility standards, and implement operator alerts.

Each case demonstrates how SOTIF expands safety thinking from “What if it breaks?” to “What if it misunderstands?”

SOTIF as a Strategic Enable

The industry’s most forward-looking OEMs are treating SOTIF not as a compliance burden, but as a strategic framework for autonomy readiness.

It accelerates validation of AI perception stacks.
It demonstrates due diligence in case of incidents or audits.
It reassures regulators and partners that autonomy is being deployed responsibly.

By investing in SOTIF now, companies future-proof their products for the 2027 EU Machinery Regulation — and position themselves as leaders in AI-safe machinery.

5. From Compliance to Competitive Advantage

Safety is a core pillar of competitive differentiation.

As automation, AI, and electrification transform off-highway and industrial vehicles, the companies that embed Functional and AI Safety early are the ones building lasting market advantages.

Turning Regulation into Opportunity

Most organizations approach Functional Safety (FuSa) and SOTIF to “satisfy the auditor.” But the true leaders see it differently:

Shorter time-to-certification by integrating safety from concept to design.
Customer trust through transparent safety cases and validated autonomy.
Reduced liability and better resilience when incidents occur.
Future readiness for 2027 EU Machinery Regulation and AI safety harmonization.

When OEMs, Tier 1s, and integrators align safety engineering with product innovation, they unlock efficiency, not bureaucracy. Safety frameworks like FuSa and SOTIF become a shared language across engineering, compliance, and business, enabling faster decisions and better designs.

Business Value of Doing Safety Right

Brand credibility: A proven safety case is a trust signal to investors, partners, and customers.
Operational reliability: Safer systems are more predictable and easier to maintain.
Innovation confidence: Teams can develop autonomous features knowing validation is in place.
Market access: Compliance with upcoming AI safety frameworks becomes a market entry requirement.

In a landscape where industrial autonomy is accelerating, safety excellence becomes a strategic moat – the difference between being compliant and being competitive.

6. The Road Ahead: Safety as a Foundation for Intelligent Machines

The future of off-highway and industrial vehicles will be defined by autonomy, connectivity, and intelligence, but these advances bring unprecedented safety challenges.
The next generation of machines won’t just need to fail safely; they’ll need to think safely.

Across the industry, we’re seeing a clear convergence:

Functional Safety (FuSa) remains the non-negotiable foundation for all control and hardware systems.
SOTIF and AI Safety are rapidly becoming the differentiators for systems driven by perception, learning, and adaptation.
Regulations like the EU Machinery Regulation (2027) are bridging these two worlds, requiring proof that AI can operate within defined safety boundaries, even as it evolves.

The companies that will lead in this new era are not those merely meeting compliance, but those building safety intelligence into every level of design, validation, and deployment.

As technology evolves, collaboration will become just as critical as compliance.
Partnerships between OEMs, suppliers, and safety specialists will shape the frameworks and shared validation methods needed for trustworthy autonomy.

At Visage Technologies, our role in that ecosystem is to help bridge today’s standards with tomorrow’s AI-driven requirements, combining functional safety expertise, validation capability, and real-world AI experience to help the industry move forward safely and responsibly.

📣 Talk to our safety experts
Whether you’re preparing for the new EU Machinery Regulation, strengthening your FuSa processes, or validating AI-driven systems, we can help you get there faster and safer.

What we cover:

Safety Consulting

We support clients through design and analysis, including:

Gap analysis and safety process assessment.
Functional and AI safety roadmap creation.
Workshops, audits, and tool recommendations.
Support for certification readiness and external assessments.

Safety Engineering

Hands-on implementation and integration support:

Execution of risk assessment techniques (HARA, FMEA, FMEDA).
Development of safety architectures and mechanisms.
Verification, validation, and test planning.
AI testing, performance evaluation, and SOTIF scenario simulation.

Safety Training

Building internal competence across teams:

Custom training on FuSa, SOTIF, and AI Safety.
Executive workshops explaining regulatory impacts.
Employee certification preparation programs.

Talk to our safety experts

Tags Functional Safety (FuSa) Industrial Vehicles Off-Higway SOTIF