Skip to main content

Overview

Exposure quantifies how often a vehicle is in the operational situation where a hazard could occur. It reflects the frequency, duration, and likelihood of being in the state where a failure could lead to harm. Unlike Severity (which is intrinsic to the failure), Exposure depends on vehicle usage patterns, driving modes, environmental conditions, and operational context.
  • Severity (S): How severe is the harm if the hazard occurs? (S0-S3)
  • Exposure (E): How often is the vehicle in a situation where the hazard could occur? (E0-E4)
  • Controllability (C): Can the driver prevent harm once the hazard event occurs? (C0-C3)
  • ASIL: Combination of all three → S × E × C lookup in ISO 26262-3 Table 4

Exposure Classification Scale (E0-E4)

LevelLabelProbability RangeQualitative DescriptionTypical Duration/Frequency
E0Incredible< 0.001%Extremely unlikely hazardous situation; represents operational conditions that occur with virtually zero probability during normal vehicle lifecycleVirtually never (theoretical edge cases only)
E1Very Low0.001% – 0.01%Rare hazardous situation; specific combinations of driving mode, environment, and vehicle state seldom coincideVery infrequent (once every several years of operation)
E2Low0.01% – 0.1%Occasional hazardous situation; occurs under specific but realistic conditions (e.g., particular weather, traffic, driving maneuvers)Infrequent (several times per year)
E3Medium0.1% – 1%Frequent hazardous situation; occurs regularly during typical driving (e.g., lane changes, cruise control, normal speeds in common conditions)Regular (multiple times per week or day in specific driving modes)
E4High> 1%Very frequent or continuous hazardous situation; persists during large portions of vehicle operation or affects critical continuous systemsContinuous or near-continuous (always active during typical operation)

Exposure Assessment Methodology

Factors Influencing Exposure Classification

1. Operational Phase / Driving Mode
  • Primary driving (highway, urban, parking)
  • Secondary functions (cruise control, lane-keeping, obstacle detection)
  • Environmental conditions (day/night, weather, terrain type)
  • Vehicle state (speed range, acceleration, turning)
2. Frequency of Operational Situation
  • How often the operational context occurs during a typical vehicle lifecycle
  • Example: Highway driving at >60 km/h occurs in ~30% of operating time (E3-E4), while parking in snow occurs <5% of time (E2)
3. Duration in Hazardous State
  • How long the vehicle remains in the condition where the hazard could occur
  • Continuous-duty systems (power steering, brake pressure) → Higher E
  • Intermittent systems (reversing camera, windshield wiper) → Lower E
4. Driver Population Impact
  • Does the hazard affect all drivers equally, or only specific usage profiles?
  • Fleet-wide usage patterns vs. edge-case scenarios

Exposure Assessment Decision Tree

Exposure LevelRatingDescriptionDuration/Frequency Criteria
E1IncredibleExtremely rare exposureLess than 1% of operating time
E2Very LowRare but possible exposure1-5% of average operating time
E3LowModerate frequency exposure5-50% of average operating time
E4HighHigh probability exposureGreater than 50% of operating time

Exposure Levels with Automotive Examples

E0 — Incredible (< 0.001%)

Definition: Hazardous situation occurs with virtually zero probability. Represents theoretical edge cases or extreme combinations that are unrealistic during normal vehicle operation. Characteristics:
  • Multiple independent rare events must occur simultaneously
  • Extreme environmental or vehicle-state combinations
  • Outside typical lifecycle usage patterns
  • May only occur in testing or experimental scenarios
Automotive Examples:
  • Simultaneous failure of primary and backup brake systems during normal braking (multiple independent failures)
  • Loss of engine power while driving underwater (no vehicle operates in water)
  • Extreme thermal failure of all ECU components during normal ambient conditions (-40°C to +85°C)
  • Failure to detect a stationary object when headlights, cameras, and radar all fail simultaneously in daylight (three independent sensor failures)
Configuration: Used rarely in HARA; typically only for theoretical completeness or when multiple redundant failures are required before harm occurs.

E1 — Very Low (0.001% – 0.01%)

Definition: Hazardous situation occurs under rare, specific conditions that happen infrequently during vehicle operation. Characteristics:
  • Specific driving maneuver or environmental condition required
  • Occurs in limited operational phases
  • Requires uncommon combination of circumstances
  • May depend on driver behavior or rare weather
Automotive Examples:
  • Vehicle operating in extreme cold (< -30°C) combined with high-speed acceleration and traction loss → Rare in most climates
  • Driving on icy mountain roads at night during sudden fog → Specific geography and weather combination
  • Extended operation at maximum rated power with continuous high load → Occurs occasionally in extreme use (racing, towing in mountains)
  • Sensor malfunction during simultaneous loss of CAN network communication → Requires two independent failures
  • Parking brake engaged during accidental throttle application while reversing → Rare driver-initiated scenario
Configuration: Used for edge-case scenarios that require specific operational conditions or rare environmental factors.

E2 — Low (0.01% – 0.1%)

Definition: Hazardous situation occurs occasionally under realistic but non-routine conditions; typically a few times per year for average driver. Characteristics:
  • Occurs in specific driving scenarios (e.g., particular maneuvers, traffic conditions, weather)
  • Happens regularly but not continuously
  • Affects significant portion of driver population under certain conditions
  • Often depends on environmental factors (weather, terrain, traffic type)
Automotive Examples:
  • Degraded braking performance during heavy rain on wet roads → Occurs several times per year in rainy climates
  • Sensor blinding due to direct sunlight reflection → Regular occurrence for drivers exposed to high sun angles
  • Vehicle operation in heavy snow with poor road markings → Seasonal, occurs multiple times per winter in cold climates
  • Extended idling in congested urban traffic with climate control active → Regular for city drivers
  • Skid on wet pavement during emergency lane change → Occurs occasionally in adverse weather
  • Loss of traction during acceleration on gravel or unpaved surface → Regular for off-road or rural users
Configuration: Common classification for environmental or weather-dependent scenarios; typical for failure modes affecting vehicle handling or sensor performance.

E3 — Medium (0.1% – 1%)

Definition: Hazardous situation occurs frequently and regularly during typical driving patterns. Affects most vehicles regularly or occurs continuously during specific driving modes. Characteristics:
  • Occurs multiple times per week or several times per day in active driving
  • Part of normal operational pattern for most drivers
  • Regular or routine driving scenarios
  • Affects vehicle during common maneuvers or traffic conditions
Automotive Examples:
  • Lane change maneuver on multi-lane highway → Occurs dozens of times per day in highway driving
  • Engagement of cruise control at highway speeds → Regular during highway use
  • Vehicle operation in heavy urban traffic with frequent braking → Daily occurrence for city drivers
  • Operation of windshield wipers during rain → Regular during rainy season
  • Activation of reverse gear with sensors active → Daily for commercial or fleet vehicles
  • Steering input during cornering or turning → Continuous during typical driving
  • Engine idling at traffic signals or congestion → Routine in urban driving cycles
  • Sensor operation in direct sunlight → Regular during daytime operation
Configuration: Most common classification for routine operational scenarios; typical for active safety systems and primary control functions.

E4 — High (> 1%)

Definition: Hazardous situation occurs very frequently or nearly continuously during normal vehicle operation. Represents a core operational mode or persistent system state. Characteristics:
  • Occurs continuously or occupies significant portion of driving time
  • Essential to vehicle operation; affects all or nearly all drivers
  • Core system functionality affected
  • Present during large portion of typical driving cycle
Automotive Examples:
  • Primary power supply active and functional → Continuous during all engine operation (E4)
  • Steering system engaged and responsive → Continuous while vehicle is in motion (E4)
  • Brake pressure reservoir maintaining pressure → Continuous during all operation (E4)
  • Engine fuel supply system operational → Continuous during engine running (E4)
  • Obstacle detection system active in Automatic Emergency Braking (AEB) → Nearly continuous during normal driving in typical traffic
  • Transmission engaged in drive or reverse → Continuous during normal operation
  • Electrical power distribution active → Continuously present
  • Sensor operation during daylight hours → E4 for permanent daytime operation; E3 if considering day/night average
Configuration: Used for failure modes affecting core vehicle functions, primary safety systems, or critical continuous-operation components; may result in ASIL C or D when combined with high Severity and Controllability constraints.

Exposure in ASIL Determination

The HARA Exposure parameter directly feeds into the ISO 26262-3 ASIL matrix. Combined with Severity and Controllability, it determines the required Automotive Safety Integrity Level: ASIL Matrix Query Pattern: 
ASIL = Matrix[Severity, Exposure, Controllability]
Example ASIL Outcomes:
  • S3 (Life-threatening) × E4 (High frequency) × C1 (Controllable) → ASIL D (Highest integrity required)
  • S2 (Serious injury) × E3 (Medium frequency) × C2 (Moderately controllable) → ASIL B (Moderate integrity)
  • S1 (Minor injury) × E1 (Very rare) × C3 (Difficult to control) → ASIL A (Low integrity)
  • S0 (No injury) × E0 (Incredible) × C0 (Not applicable) → QM (No ASIL requirement)
A single Exposure level difference can change ASIL by one to two levels. Underestimating Exposure leads to insufficient safety requirements; overestimating wastes resources on unnecessary controls. Use data-driven assessment (fleet statistics, use-case analysis, safety studies) rather than assumptions.

Exposure Configuration in TestAuto2

Risksheet HARA Column Binding

The Exposure field appears as a column in the HARA Risksheet configuration:
Column PropertyValue
Field NameharaExposure
TypeEnum dropdown
Linked Work Item FieldCustom field on Hazard work item type
Available Valuese0, e1, e2, e3, e4
Display FormatLabel (E0, E1, E2, E3, E4) + Color-coding (gray→green→orange→red→purple)
Cell DecoratorexposureLevel — applies CSS class for visual styling
ValidationRequired for HARA Classification stage

Linking Exposure to Operational Situation

The TestAuto2 HARA workflow links Operational Situation text field to Exposure rating:
  • Operational Situation Column: Describes the specific driving scenario, weather, vehicle state, or environmental condition
  • Exposure Enum: Quantifies how frequently that operational situation occurs during vehicle lifecycle
  • Relationship: Operational Situation text justifies the Exposure rating chosen
Example Association: 
Operational Situation: "Vehicle operation in heavy rain on wet highways at speeds > 80 km/h"
Exposure Classification: E3 (Medium)
Rationale: Occurs regularly during rainy seasons in highway driving, multiple times per week for affected drivers

ASIL Inheritance from Exposure

When a Hazard work item is linked to a Safety Goal via the derivedFrom relationship, the Safety Goal inherits the ASIL calculated from parent Hazard’s S × E × C combination: 
// Formula in risksheet.json
inheritASIL: (row) => {
  if (row.safetyGoal) {
    return row.asil;  // Inherit parent ASIL from S×E×C calculation
  }
  return null;
}
The Exposure value contributes directly to this calculation.
ParameterReference PagePurpose
Severity (S0-S3)HARA Severity (S0-S3)Measures severity of potential harm (minor injury to life-threatening)
Controllability (C0-C3)HARA Controllability (C0-C3)Measures driver’s ability to prevent harm once hazard occurs
ASIL (QM/A-D)ASIL Classification (QM, A-D)Output ASIL level determined by S × E × C matrix lookup
Action Priority (H/M/L)Action Priority (H/M/L)FMEA-specific risk rating (similar concept, different formula)
  • Hazard — Contains Exposure as custom field; primary entity for HARA analysis
  • Safety Goal — Derived from hazard; inherits ASIL classification (which uses Exposure)
  • Risk Record — Broader risk assessment work item; may reference HARA exposures

Data Model Field Definition

Work Item Type: Hazard
Custom Field Name: haraExposure
Field Type: Enumeration
Cardinality: 1..1 (Required during HARA Classification stage)
Used In:
  • Risksheet HARA Configuration (Level 4 — Hazard-specific column)
  • ASIL Calculation Formula (S × E × C lookup)
  • Safety Goal Inheritance (ASIL propagation)
  • ISO 26262 HARA Report (exposure distribution statistics)

Quick Reference Matrix

This abbreviated matrix shows which ASIL levels are possible for each Exposure rating when combined with typical Severity and Controllability:
ExposureS1 + C1S1 + C3S2 + C1S2 + C3S3 + C1S3 + C3
E0QMQMQMQMQMQM
E1AAAABA
E2AABABB
E3BABBCB
E4BACBDC
Note: For complete ASIL determination, consult HARA Controllability (C0-C3) and ASIL Classification (QM, A-D) references, or refer to ISO 26262-3 Table 4 (normative ASIL matrix).

Summary

The Exposure (E0-E4) enumeration quantifies how frequently a hazardous situation occurs during vehicle operation. It is essential to ASIL determination and must be assessed based on:
  1. Operational context (driving mode, environment, vehicle state)
  2. Frequency data (fleet statistics, use-case analysis, safety studies)
  3. Duration (continuous vs. intermittent system involvement)
  4. Driver population (widespread vs. edge-case usage)
Combined with Severity and Controllability in the ISO 26262-3 ASIL matrix, Exposure determines the required functional safety integrity level and drives allocation of safety requirements downstream.