Inadequate specification of ODD
The operational design domain (ODD) is a technical description of the application’s operational environment, initially conceptualized for autonomous driving systems. An inadequate specification of the ODD limits essential functions such as testing the learned functionality and out-of-distribution detection.
ENTITY
1 - Human
INTENT
2 - Unintentional
TIMING
1 - Pre-deployment
Risk ID
mit994
Domain lineage
7. AI System Safety, Failures, & Limitations
7.3 > Lack of capability or robustness
Mitigation strategy
1. Implement a rigorous, structured conceptual framework for defining the Operational Design Domain (ODD), explicitly characterizing all operational constraints and system-relevant factors (e.g., environmental, geographical, infrastructure, and inherent equipment limitations). This formal specification must utilize a multi-layered ODD taxonomy to manage complexity and ensure comprehensive coverage of all intended operational conditions. 2. Mandate the systematic development of a comprehensive test case suite that is directly traceable to, and covers the entirety of, the defined ODD. This process requires rigorous validation through both virtual simulation and real-world testing to ensure all operational boundaries and use-case variations (including severe/harsh conditions) are robustly verified prior to deployment. 3. Integrate real-time ODD monitoring and an Adaptive Operational Design Domain (AODD) mechanism into the system. This capability is essential for detecting excursions outside the established ODD or accommodating a reduction in system capability, enabling a predetermined, safe transition to a restricted functional mode or a minimal risk maneuver.