As software becomes increasingly pervasive in critical domains like autonomous driving, new challenges arise, necessitating rethinking of system engineering approaches. The gradual takeover of all critical driving functions by autonomous driving adds to the complexity of certifying these systems. Namely, certification procedures do not fully keep pace with the dynamism and unpredictability of future autonomous systems, and they may not fully guarantee compliance with the requirements imposed on these systems. In this paper, we have identified several issues with the current certification strategies that could pose serious safety risks. As an example, we highlight the inadequate reflection of software changes in constantly evolving systems and the lack of support for systems' cooperation necessary for managing coordinated movements. Other shortcomings include the narrow focus of awarded certification, neglecting aspects such as the ethical behavior of autonomous software systems. The contribution of this paper is threefold. First, we analyze the existing international standards used in certification processes in relation to the requirements derived from dynamic software ecosystems and autonomous systems themselves, and identify their shortcomings. Second, we outline six suggestions for rethinking certification to foster comprehensive solutions to the identified problems. Third, a conceptual Multi-Layer Trust Governance Framework is introduced to establish a robust governance structure for autonomous ecosystems and associated processes, including envisioned future certification schemes. The framework comprises three layers, which together support safe and ethical operation of autonomous systems.

翻译：随着软件在自动驾驶等关键领域日益普及，新的挑战随之出现，需要重新思考系统工程方法。自动驾驶逐步接管所有关键驾驶功能，进一步增加了这些系统认证的复杂性。具体而言，认证程序未能完全跟上未来自主系统的动态性和不可预测性，可能无法充分保证这些系统所要求的合规性。本文识别了当前认证策略中可能带来严重安全风险的若干问题。例如，我们指出软件变更在持续演变的系统中未能得到充分反映，以及缺乏支持协调运动所需的系统协作。其他不足之处包括所颁发认证的聚焦范围狭窄，忽视了自主软件系统的伦理行为等方面。本文贡献有三方面。第一，我们分析了认证过程中使用的现有国际标准，这些标准与动态软件生态系统及自主系统本身的要求相关，并指出了其缺陷。第二，我们提出了六条重新思考认证的建议，以促进对已识别问题的全面解决方案。第三，引入了一个概念性的多层信任治理框架，旨在为自主生态系统及相关流程（包括未来设想的认证方案）建立稳健的治理结构。该框架包含三个层次，共同支持自主系统的安全与伦理运行。