Technology
NX Next Motion Drive-by-Wire Steer-by-Wire Safety concept Secondary functions Hardware & software development Production Vehicle dynamics estimator
Industries
Automotive Logistics applications Agricultural & forestry machinery Construction & Mining Commercial vehicles Public transport & mover Mobility for people with disabilities Motorhomes Motorsport
Applications
Autonomous driving Platooning Teleoperated driving Force Feedback Semi-autonomous Simulation NX NextTwin
Innovation hub
Next Mobility Campus New Mobility Campus High-tech laboratory race track
Company
About us Our partners Career / Jobs Press Blog
Contact us
02/14/2025

Safety & Redundancy – Why Drive-by-Wire Must Be Fail-Operational

[Translate to English:] LKWs auf einem Speditionsparkplatz

1. Introduction: Why Safety is the Biggest Challenge for Drive-by-Wire

Drive-by-Wire systems offer major advantages in terms of design flexibility, weight reduction, and autonomous vehicle integration. However, while mechanical steering systems provide a natural fail-safe mechanism through their physical link between the steering wheel and the wheels, a fully electronic system must ensure continuous control, even in the event of a failure.

This is where Fail-Operational architecture comes in. Unlike a Fail-Safe system, which shuts down in case of a fault, a Fail-Operational system remains functional even if a component fails.

In this blog, we explain why redundancy concepts are essential for Drive-by-Wire safety, explore the technology behind Fail-Operational architectures, and show how Arnold NextG has developed one of the safest Steer-by-Wire architectures available today.

2. What Does "Fail-Operational" Mean & Why is Redundancy Critical?

In a traditional mechanical steering system, even if power steering fails, the driver can still control the vehicle manually. A Drive-by-Wire system, however, requires an alternative safety strategy to ensure the same level of reliability.

A Fail-Operational system ensures that the vehicle remains steerable even in the event of an electrical or sensor failure.

Without Fail-Operational capabilities, an electrical failure could render the steering system inoperable—an unacceptable risk in real-world driving.

The solution lies in a multi-layered redundancy strategy:

  1. Sensor Redundancy (2oo3 principle) – Three independent sensors validate steering inputs; at least two must agree for a signal to be accepted.
  2. ECU with A/B Side Processing – A single ECU with dual independent processing paths selects the most reliable signal.
  3. Redundant Steering Actuators – If one actuator fails, a backup unit seamlessly takes over steering functions.

This ensures that a Drive-by-Wire system can continue operating safely, even if one component experiences a failure.

3. Fail-Operational Architectures & Safety Concepts

Sensor Redundancy (2oo3 Architecture)

The Two-out-of-Three (2oo3) principle ensures that erroneous sensor data is detected and excluded. In this system:

  • If all three sensors match, the signal is accepted.
  • If one sensor deviates, it is ignored as long as the remaining two agree.
  • If two sensors provide conflicting data, the system enters a safety mode.

This prevents faulty sensor readings from affecting steering decisions and guarantees that only verified data is used.

ECU with A/B Side Processing – Selecting the Most Reliable Path

The Electronic Control Unit (ECU) in a Drive-by-Wire system features dual independent processing paths (A and B). These parallel computing structures analyze incoming sensor data separately and calculate the optimal steering response.

The ECU then selects the most reliable path, ensuring stable steering even if one processing channel detects an anomaly.

Redundant Steering Actuators

If a primary steering actuator fails, a backup actuator immediately takes over. This transition occurs in milliseconds, preventing any loss of control for the driver or autonomous system.

4. Real-World Safety Scenarios & Redundancy in Action

Scenario 1: Sudden Sensor Failure While Driving

A Drive-by-Wire-equipped vehicle is traveling on a highway when one of its steering sensors suddenly fails.

Without Redundancy:
The ECU receives faulty data and cannot compute a reliable steering response, resulting in a loss of steering control.

With 2oo3 Sensor Architecture:
The system detects the faulty sensor, ignores its data, and relies on the remaining two sensors to maintain proper steering.

Scenario 2: Steering Actuator Malfunction During a Turn

A vehicle is navigating a sharp curve when one of its steering actuators fails.

Without Redundancy:
The steering system fails entirely, potentially leading to a dangerous situation.

With Fail-Operational Architecture:
The backup actuator takes over in milliseconds, ensuring that the driver or autonomous system remains in full control.

5. Regulatory Requirements & Industry Standards for Drive-by-Wire Safety

Ensuring the safety of Drive-by-Wire systems requires compliance with strict automotive regulations and safety standards. Arnold NextG's Fail-Operational architecture meets the highest global safety requirements, including:

United States (FMVSS & NHTSA)

  • FMVSS 126 – Electronic Stability Control (ESC) performance standards
  • SAE J3016 – Levels of driving automation (including Level 5 full autonomy)
  • NHTSA Safety Guidelines – Cybersecurity & functional safety best practices for Drive-by-Wire systems

European Union (UNECE & ISO)

  • ISO 26262 (ASIL-D) – Functional safety for road vehicles
  • UNECE R79 – Regulations for Steer-by-Wire systems
  • UNECE R156 – Safety requirements for software updates in vehicles

By meeting these standards, Arnold NextG ensures that its Drive-by-Wire system is ready for both conventional and autonomous vehicle applications worldwide.

6. Conclusion & Preview of Blog 3 (Autonomous Driving & Drive-by-Wire)

A Drive-by-Wire system can only be considered a viable alternative to mechanical steering if it is Fail-Operational. The combination of 2oo3 sensor validation, an ECU with A/B processing paths, and redundant steering actuators ensures that the system remains functional even under extreme conditions.

But why is Drive-by-Wire not just an alternative but a necessity for fully autonomous driving? Blog 3 coming soon!