Degrees of Autonomy

Degrees of Autonomy is a structured classification system defining a system's ability to perform tasks without human intervention. Originating from engineering fields like automotive and maritime, it provides a common language for automation capabilities. For instance, the International Maritime Organization (IMO) defines four degrees for Maritime Autonomous Surface Ships (MASS), ranging from Degree One (seafarer on board) to Degree Four (fully autonomous). This framework is crucial for risk governance under standards like ISO 31000, as higher autonomy levels shift risks from human error to systemic issues like algorithmic bias, cybersecurity vulnerabilities, and Safety of the Intended Functionality (SOTIF, ISO/PAS 21448). This shift fundamentally alters liability, moving it from the operator to the system's developer, manufacturer, and owner, thus impacting corporate governance and compliance strategies.

Applying degrees of autonomy in ERM involves a systematic process. First, classify the system using a recognized standard (e.g., IMO's four degrees for ships) to define its Operational Design Domain (ODD) and identify level-specific risks. For a Degree Three system, the critical risk is the human-machine handover, whereas for Degree Four, it's cybersecurity resilience. Second, design tailored risk controls. For a remotely controlled Degree Two system, controls focus on communication link stability and operator training. For highly autonomous systems, implementing a cybersecurity management system compliant with ISO/SAE 21434 is essential. Third, establish continuous assurance and monitoring. This includes logging system decisions and conducting regular audits to validate performance against SOTIF (ISO/PAS 21448) principles and ensure regulatory compliance. This approach can yield measurable benefits, such as reducing human-error-related incidents and meeting insurer requirements.

Taiwanese enterprises face three primary challenges. First, regulatory ambiguity: the lack of specific laws for autonomous systems creates legal uncertainty regarding liability, certification, and accident investigation. To mitigate this, firms should actively participate in government-led regulatory sandbox programs. Second, a system integration and validation gap: many companies excel at hardware but lack the expertise for complex system-level validation, including functional safety (ISO 26262) and SOTIF (ISO/PAS 21448). Partnering with international verification bodies and investing in simulation tools are key solutions. Third, supply chain cybersecurity resilience: managing security risks across a global supply chain is difficult. Implementing a 'Security by Design' approach and requiring supplier compliance with standards like ISO/SAE 21434 are critical first steps to building a robust product security incident response team (PSIRT).

Winners Consulting specializes in degrees of autonomy for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact