AV Fail-Safe Architecture 2026 — PatSnap Eureka
Autonomous Vehicle Fail-Safe Architecture
A patent landscape spanning 2016–2026 mapping hardware redundancy schemes, software safety supervisors, fallback planning mechanisms, and failure recovery strategies across SAE Level 4 and Level 5 deployments globally. From cortex/cerebellum splits to SOTIF-aware hierarchical control, this report surfaces the key assignees, design patterns, and emerging IP positions defining the field.
What Is AV Fail-Safe Architecture?
Autonomous vehicle fail-safe architecture encompasses the hardware redundancy schemes, software safety supervisors, fallback planning mechanisms, and failure recovery strategies that ensure continued safe operation or controlled degradation when primary system components fail. As SAE Level 4 and Level 5 deployments expand globally, the ability to guarantee a minimal risk condition — or maintain fail-operational capability — has become a defining technical and regulatory challenge.
The field splits across several overlapping sub-domains: redundant compute architectures with primary/backup system pairs; sensor failure handling that switches to degraded sensing modalities while maintaining navigation; fallback trajectory planning for safe-stop or safe-path maneuvers; recovery and restart sequencing; and edge/infrastructure-integrated safety control that offloads decision-making to roadside or cloud infrastructure.
Additional emerging approaches include blockchain and distributed trust mechanisms for immutable mission-state records, and hierarchical safety supervision with nested control layers (mission/task/safety) with escalating override authority. Standards bodies such as ISO have codified functional safety in ISO 26262 and SOTIF in ISO 21448, both of which directly shape architecture requirements. The NHTSA and UNECE are actively developing regulatory frameworks that will mandate demonstrable fail-safe capability for Level 4+ deployments.
This landscape is derived from a limited set of patent and literature records retrieved across targeted searches, spanning 2016 to early 2026. It represents a snapshot of innovation signals within this dataset only and should not be interpreted as a comprehensive view of the full industry. PatSnap’s IP analytics platform enables deeper landscape analysis across the full global patent corpus.
- Redundant compute architectures
- Sensor failure handling
- Fallback trajectory planning
- Recovery and restart sequencing
- Edge/infrastructure-integrated safety
- Blockchain-backed failsafe
- Hierarchical safety supervision
Four Clusters Defining the Architecture Landscape
Patent filings in this dataset group into four distinct technical clusters, each representing a different strategy for achieving safe vehicle behavior under component failure.
Redundant and Asymmetric Compute Architecture
The most heavily filed approach pairs a full-capability primary AV compute stack with a lighter-weight backup that activates on primary failure. The backup is deliberately asymmetric — handling a defined subset of vehicle functions (steering, braking, collision avoidance) rather than replicating the full stack. Volkswagen Group / Argo AI’s 2024–2025 filings in US and WO jurisdictions cover dynamic mission-level-configurable backup activation. Apollo Intelligent Driving’s EP patent deploys a master/slave computing unit where the slave assumes control on master failure detection.
VW Group / Argo AI · Apollo · US, WO, EPHierarchical Safety Supervision and Cortex/Cerebellum Split
A second approach divides the AV software into a high-capability “mission/cortex” layer for full autonomous driving and a minimal, highly reliable “safety/cerebellum” layer that maintains lane-keeping, obstacle avoidance, and safe-stop capability independently. VAY Technology GmbH filed the foundational patent in 2017 (US), with the cerebellum operating safely even when cortex-level processing shuts down. Robert Bosch’s 2025 US filing extends this to address both ISO 26262 functional safety and ISO 21448 SOTIF failure modes through layered behavioral degradation.
VAY Technology · Bosch · ISO 26262 / SOTIFFallback Planning, Safe-Stop Trajectory, and Recovery Sequencing
This cluster addresses how the vehicle navigates to safety once a failure is detected. Applied Intuition’s 2022 US patent detects hardware resource errors, fails over to a reduced-resource second ADS, then reconfigures remaining healthy hardware. GM Cruise’s 2025 US patent applies restart operations in increasing order of disruptiveness — node restart, subsystem restart, full stack restart — gating each step on safety condition confirmation. BMW’s EP patent generates updated fail-safe trajectories using convex optimization with collision-avoidance constraints. Nokia’s 2025 US patent assigns location-specific “failsafe homes” — safe stopping destinations — dynamically updated based on vehicle position.
Applied Intuition · GM Cruise · BMW · NokiaDistributed, Infrastructure-Linked, and Blockchain-Backed Failsafe
A smaller but notable cluster integrates external infrastructure, fleet coordination systems, or blockchain immutability into the failsafe design. KIAPI’s EP patent triggers scenario-based safety control with fallback managed in coordination with edge infrastructure nodes. ParallelChain Lab’s 2022 US patent leverages blockchain to provide tamper-proof failsafe control triggers for AI/ML-governed autonomous systems, addressing the statistical uncertainty of learned models. Walmart Apollo’s 2019 US/WO filings use blockchain-stored mission profiles with iterative third-party and regulatory pre-approval.
KIAPI · ParallelChain · Walmart Apollo · V2XAssignee Concentration and Filing Timeline
May Mobility’s ~10 records from a single priority chain represent an unusually concentrated continuation portfolio. The 2020–2022 period shows the most concentrated filing cluster in this dataset.
Top Assignees by Patent Record Count
May Mobility dominates with ~10 records; VAY Technology GmbH holds 4–5 records from 2017–2025 — the earliest persistent single-architecture lineage.
Filing Activity by Era (2016–2026)
The 2020–2022 period shows the most concentrated filing cluster; 2023–2026 filings shift toward granular, system-specific mechanisms including SOTIF, deadlock prevention, and ML-based detection.
Where AV Fail-Safe Architecture Is Being Deployed
Patent filings map to five distinct application contexts, each with different failure tolerance requirements and operator intervention models.
IP Positions and R&D Priorities
Key signals for IP strategists, R&D teams, and AV operators assessing the competitive landscape as of 2026.
May Mobility’s Continuation Portfolio Is a Blocking Risk
With ~10 related US filings from a single priority chain (Dec. 2020), May Mobility’s fallback planning and low-level safety platform claims represent a significant potential blocking position for any AV operator deploying similar primary/fallback mode switching logic. Clearance analysis is warranted before entering this design space.
Asymmetric Backup Compute Is the Dominant Design Pattern
Full primary-stack duplication is giving way to resource-efficient backup systems that handle a defined mission-critical subset. IP strategists should assess freedom-to-operate around Volkswagen/Argo AI’s asymmetric architecture claims, which are now active in both US and WO jurisdictions.
Five Converging Directions from 2024–2026 Filings
The most recent filings in this dataset reveal a shift from hardware fault tolerance toward behavioral safety, predictive intelligence, and algorithmic redundancy.
SOTIF-Integrated Hierarchical Architecture
Robert Bosch’s 2025 US filing explicitly extends fail-safe architecture to cover ISO 21448 SOTIF failures — situations where the system functions correctly but produces unsafe outcomes due to insufficient specification or performance limits. This signals a maturation beyond pure hardware fault tolerance toward managing AI/ML behavioral uncertainty. Learn more about ISO standards and PatSnap’s solutions for safety-critical industries.
ISO 21448 · Behavioral safety · AI/ML uncertaintyPredictive and ML-Based Failure Detection
A 2025 Indian filing introduces a machine learning-based predictive failure detection framework with multi-sensor fusion, real-time context analysis, and adaptive retraining — moving the architecture from reactive (detect-then-failsafe) to proactive (predict-then-prevent). This approach represents a fundamental shift in how fail-safe systems are conceptualized.
ML predictive · Multi-sensor fusion · Adaptive retrainingDeadlock Prevention as a First-Class Safety Function
GM Global Technology Operations’ 2024–2026 filings introduce deadlock precaution and prevention as an explicit safety mechanism — addressing situations where an AV cannot select a valid action and becomes indefinitely stopped, which may itself be a hazardous condition in certain road contexts. This is an underpatented space relative to its operational importance.
Deadlock prevention · Action selection · Hazard avoidanceSafety-Layered Redundancy Without Hardware Duplication
Shanghai Youdao Zhitu Technology Co., Ltd.’s 2025 CN patents articulate a task-layer/safety-layer split architecture specifically designed to achieve safety redundancy through algorithmic rather than hardware means, enabling safety assurance on low-cost embedded platforms. This direction is significant for cost-sensitive mass-market deployment. Chinese domestic AV fail-safe IP is emerging rapidly — Changan and Youdao Zhitu filings (2024–2025, CN) signal active domestic portfolio building.
Algorithmic redundancy · Low-cost embedded · CN filingsLocation-Aware Dynamic Failsafe Destination Management
Nokia’s 2023–2025 filings introduce the concept of dynamically maintained “failsafe homes” — geofenced safe-stop destinations that are continuously re-evaluated as the vehicle moves, accounting for visibility zones and constraint areas that may block access. The active failsafe home is updated based on vehicle position and traversability constraints.
Failsafe homes · Geofencing · Dynamic re-evaluationThis landscape is derived from a limited set of patent and literature records. It represents a snapshot of innovation signals within this dataset only and should not be interpreted as a comprehensive view of the full industry. Use PatSnap Eureka to run your own searches across the full global corpus of 2B+ data points from 120+ countries.
See how customers use PatSnap →AV Fail-Safe Architecture — key questions answered
AV fail-safe architecture is the set of system-level designs, protocols, and algorithms that govern an autonomous vehicle’s behavior when one or more components — sensors, compute units, actuators, communication links, or software stacks — fail or degrade below acceptable thresholds. The foundational concern is avoiding an uncontrolled failure state — either by maintaining degraded autonomous capability (fail-operational) or by executing a controlled transition to a stopped, safe state (fail-safe/minimal risk condition).
Fail-safe refers to a controlled transition to a stopped, safe state (minimal risk condition) when a failure occurs. Fail-operational means the vehicle maintains degraded autonomous capability after a component failure — for example, through a backup compute system that handles a defined subset of vehicle functions like steering, braking, and collision avoidance.
Within this dataset, May Mobility, Inc. (US) is the dominant patent filer, accounting for approximately 10 distinct records across US and WO jurisdictions spanning 2020–2025. VAY Technology GmbH (Germany) contributes 4–5 records dating from 2017 to 2025, representing one of the earliest and most persistent single-architecture lineages — the cortex/cerebellum split.
SOTIF stands for Safety of the Intended Functionality, defined in ISO 21448. It addresses situations where the system functions correctly but produces unsafe outcomes due to insufficient specification or performance limits — particularly relevant for AI/ML-based driving systems. Robert Bosch’s 2025 US filing explicitly extends fail-safe architecture to cover ISO 21448 SOTIF failures, signaling a maturation beyond pure hardware fault tolerance toward managing AI/ML behavioral uncertainty.
The cortex/cerebellum architecture divides the AV software into a high-capability mission/cortex layer responsible for full autonomous driving and a minimal, highly reliable safety/cerebellum layer that maintains basic lane-keeping, obstacle avoidance, and safe-stop capability independently of whether the upper layer is operational. VAY Technology GmbH filed the foundational patent for this approach in 2017 (US), with extended embodiments filed through 2025.
The most recent filings (2024–2026) reveal five converging directions: SOTIF-integrated hierarchical architecture (Robert Bosch, 2025), predictive ML-based failure detection (Noida Institute, 2025), deadlock prevention as a first-class safety function (GM Global, 2024–2026), safety-layered redundancy without hardware duplication (Shanghai Youdao Zhitu, 2025), and location-aware dynamic failsafe destination management (Nokia, 2023–2025).
PatSnap Eureka searches patents and research literature to answer instantly.