It just needs to get into fewer accidents than humans (and I don't think that is even specified by the SAE).
Right
I believe that L3 requires the user to take over control of the vehicle in a reasonable amount of time when alerted to do so.
Yes that is the expectation of the human and that is humans responsibility. This is what will be stated in user manuals and various other terms and conditions user will need to agree too. And this will be the legal requirement for human drivers using such a system as well.
However, L3 systems still must be and I am positive every one will be designed so that an accident won't happen even if human never takes over... (with the one exception already mentioned)
So the question is what is the probability of a sensor failure and what is the probability of that failure causing an accident? All sorts of things can fail on a regular car and cause an accident but the brake master cylinder is the only redundant system that I'm aware of.
Components have different levels of reliability and ways they can fail.... a Sensor for example.. can fail internally, get covered in a splash of mud... get hit by a rock, have a power failure, power connection failure, data connection failure, and more
Of course it is impossible to make everything in a car redundant like the tires and axels and windshield.
The steering rack of the Model 3 and the FSD computer do have redundancy so in the event of a sensor failure the car could safely come to a stop while maintaining directional control.
Yes it does.... but it would need to a come to a stop in a matter of a few seconds (and even then there is risk of accident)... coming to a stop on the highway within a few seconds and hoping the driver that is watching tv will safely take over is NOT at all within acceptable risk range
But even further... a sensor or other component could fail in the middle of a complex situation... or an obstacle could cut in or suddenly brake shortly after the sensor fails.... Furthermore, even if a sensor doesn't fail... it could be for some reason or other sending faulty data.
. Obviously there is a risk of getting rear ended during the time it takes the person behind the wheel to take over. I just think that risk is small enough.
Yes... especially since these systems are designed to not pull over after 30 seconds or more and may not come to complete stop until after 1 minute...and during the time from say 10 seconds - 30 seconds the driver the car will be freaking out like crazy... loud alerts and vibrations and flashers. (really would only happen if someone is like passed out drunk or other medical condition... though SAE L0-L2 is of course no better in these cases)
^^ This is in the range of acceptable risk for an OEM.
All of this said... I do not see hardware redundancy as a main factor stopping Tesla from releasing L3.... I also don't think Tesla is currently working towards that goal.
