For the 2024 Paris Dakar race, an innovative Hydrogen race car will be presented to compete. FEV oversaw the Functional Safety of the Fuel Cell System (FCS) with four hydrogen-tanks. Automotive Functional Safety is the study of the design, the equipment, and the application of the different regulations to minimize the consequences of the risks linked to the use of E/E (Electronic & Electric) components. Using the ISO26262 and ECE-R134 (Hydrogen Safety Standard), FEV has identified the potentially dangerous situations resulting from failures at hydrogen and electrical level and have provided technical solutions (hardware and software) to prevent these risks. The safety of the Fuel Cell System has been addressed in accordance with the ISO 26262 standard. First, a Hazard Analysis and Risk Assessment (HARA) is conducted to identify the Hazards induced by the FCS and their ratings depending on the exposure, controllability, and severity of the event. The main Hazards identified are: Electrical shock, unintended activation of FCS and inflammation of H2/air mixture. From this HARA a list of Safety Goals (SGs) has been identified. To build the Functional Safety Concepts covering these Safety Goals, Fault Tree Analyses have been conducted. Cybersecurity analysis will be an important part of the project in case the vehicle or technologies are to be integrated into commercial vehicle to be compliant with required automotive security regulations. Security engineering (from threat assessment and risk analysis to cybersecurity validations) will lead to deploying a system in accordance with ISO/SAE 21434 and complying with UNECE R155/R156. As this race car is a prototype, no homologation or product liability is expected. Thus, the full proof of compliance with the ISO26262 standard is not mandatory. Either way, requirements must be defined to protect the driver and the other parties from the electrical and hydrogen-related risks identified, taking particular care of the fact that hydrogen is highly explosive. Those requirements are split into design measures (material, cables, size of components, etc.), safety mechanisms (E/E technical solutions to detect failures in controllers, sensors, and actuators) and maintenance actions. Additionally, external measures and restrictions have been implemented to cover the shortcomings of this prototype, making it a safe car. For example, emergency buttons have been implemented to disconnect the HV power, restricted use of the vehicle by the trained driver only. As the project focuses on developing a prototype race car, most of the chosen ECUs do not have the documentation proving their compliance with the required Automotive Safety Integrity Levels (ASIL), even though they might be able to achieve them. Vehicle architecture does not consider common security vulnerabilities due to the absence of external communication capabilities (e.g., wireless interfaces). To ensure safety, this car is equipped with an emergency shutdown mechanism, that can be triggered by the driver. The driver must be trained and aware (through the user manual) of E/E and H2 risks, how to identify them and react. FEV Iberia worked for the first time on a Fuel Cell automotive application, while most projects typically involve electric, combustion or hybrid engines. In this Hydrogen Fuel Cell project, FEV has identified and characterized the risks associated with hydrogen and developed a Safety Concept to address them. The main difference from other projects is linked to the involvement of hydrogen, which is a highly explosive gas, requiring particular attention for ensuring the system safety. This Fuel Cell project allowed FEV to position itself on this emerging automobile market, to make the technology more accessible, improve its use and democratize it. After an extensive scientific research on the state-of-the-art and more than one-year of teamwork, FEV succeeded in identifying the critical risks arising from E/E failures in the hydrogen fuel-cell race car and developing the technical solutions to be implemented, making the vehicle the safest possible for driver and all the people gravitating around it. If the vehicle is intended for commercial production in future, FEV will develop a comprehensive solution by integrating a cybersecurity layer to have a safe and secure vehicle on the track.

Mr. Alain Gonzalez, Cybersecurity Manager, FEV Iberia