This paper addresses safety assurance for BMW’s first SAE Level 3 automated driving system, tackling risks arising from hardware/software faults, performance limitations, and specification gaps across the entire product lifecycle. Method: We propose the first holistic safety integrity framework integrating functional safety (ISO 26262) and safety of the intended functionality (ISO 21448). It uniquely couples Bayesian analysis, statistical learning, and the V-model, unifying design-of-experiments, real-world vehicle data, and expert knowledge. Scenario uncertainty is quantified via stochastic simulation and sensitivity analysis to rigorously assess residual risk. Contribution/Results: The framework enabled systematic, verifiable risk balancing and supported full development, series production, and global regulatory approval of the system. Safety arguments are transparent, independently verifiable, and underpinned by quantitative assurance—establishing a new benchmark for certification-ready autonomy safety engineering.

This paper describes the comprehensive safety framework that underpinned the development, release process, and regulatory approval of BMW's first SAE Level 3 Automated Driving System. The framework combines established qualitative and quantitative methods from the fields of Systems Engineering, Engineering Risk Analysis, Bayesian Data Analysis, Design of Experiments, and Statistical Learning in a novel manner. The approach systematically minimizes the risks associated with hardware and software faults, performance limitations, and insufficient specifications to an acceptable level that achieves a Positive Risk Balance. At the core of the framework is the systematic identification and quantification of uncertainties associated with hazard scenarios and the redundantly designed system based on designed experiments, field data, and expert knowledge. The residual risk of the system is then estimated through Stochastic Simulation and evaluated by Sensitivity Analysis. By integrating these advanced analytical techniques into the V-Model, the framework fulfills, unifies, and complements existing automotive safety standards. It therefore provides a comprehensive, rigorous, and transparent safety assurance process for the development and deployment of Automated Driving Systems.