Under CopyrightBeyerer, JürgenJürgenBeyererDoll, J.J.DollDuerr, F.F.DuerrFlad, M.M.FladFrey, M.M.FreyGauterin, F.F.GauterinHohmann, S.S.HohmannKnoch, E.E.KnochKohlhaas, R.R.KohlhaasLauber, A.A.LauberPistorius, F.F.PistoriusRoschani, MasoudMasoudRoschaniRuf, MiriamMiriamRufSax, E.E.SaxStrasser, S.S.StrasserZiehn, JensJensZiehn2022-03-1418.2.20212019https://publica.fraunhofer.de/handle/publica/40821710.24406/publica-fhg-408217From SAE level 3 onwards, automated vehicles must be able to resolve sudden system failures without driver intervention, including failure modes that are difficult or impossible to address by redundancy alone. Causes of hazardous multiple-point faults-beyond internal failures-include lightning strikes or deliberate attacks by electromagnetic pulses. Stopping the vehicle under such conditions is challenging: A full braking maneuver may risk rear-end collisions or loss of traction; likewise, any other constant braking profile will pose considerable risk of not achieving a true ""safe state"". This paper presents an emergency stopping system to execute a situation-dependent braking maneuver that can resolve system failures up to(but not limited to) a full electrics/electronics failure, with the aim of providing a baseline safety solution for all failure modes (short of mechanical failures) for which no dedicated solution is available. The system is composed of an electronic planning unit and a hydraulic/mechanical subsystem, both of which are implemented and tested in simulated and in real environments.en004670presentation