This study addresses the inadequacy of ISO 26262’s controllability concept—originally defined with respect to human drivers—for SAE Level 4–5 automated driving systems. The authors deconstruct controllability into two quantifiable sub-dimensions: transferability, denoting the system’s ability to hand over control to a fallback mechanism, and predictability, reflecting the extent to which other road users can anticipate the vehicle’s behavior. For the first time, these dimensions are formalized within a rigorous mathematical framework. By analyzing the gap between design intent and practically achievable performance, and integrating human–machine interaction theory, formal modeling, and risk assessment methodologies, the work establishes a falsifiable and traceable set of quantitative metrics. This approach effectively bridges functional safety (ISO 26262) and safety of the intended functionality (SOTIF), enabling the extension of existing standards to high-level automated driving scenarios.

The ISO 26262 standard defines functional safety for road vehicles through risk assessments based on Severity, Exposure, and Controllability, grounded in a human-driven vehicle paradigm. In the context of autonomous vehicles (AVs), the absence of a human driver necessitates revisiting these principles. This paper decomposes the Controllability placeholder into two auditable evidence dimensions of ISO 26262 by introducing two measurable sub-concepts: Transferability and Predictability. Transferability extends Controllability to capture AV systems' ability to hand off control to dedicated fallback safety mechanisms, while Predictability captures how easily external agents can anticipate AV behavior. Predictability is formally defined from human-robot interaction-inspired principles, and a mathematical framework is provided to quantify it. A designed-versus-achievable gap is introduced to distinguish architectural fallback claims from scene-conditioned achievable fallback capability. The proposed metrics align with ISO 26262 and ISO/PAS 21448 (SOTIF), rendering fallback and interaction claims falsifiable and traceable across ODD slices. These dimensions complement rather than replace existing standards, and the enhancements preserve the structure of ISO 26262 while extending its applicability to driverless automated systems operating at SAE Levels 4 and 5.