Upcoming highly automated driving systems allow drivers to temporarily divert their attention to non-driving tasks (hands-off and eyes-off). This necessitates that the system can tolerate faults and, at the very least, provide degraded functionality for a limited time frame. With hardware and software elements becoming increasingly complex, faults can manifest in various ways, necessitating a suitable system architecture to address them. While significant effort is dedicated to developing proprietary HW and SW architectures, the overarching logical system architecture often receives insufficient attention. At this higher level of abstraction, considerations such as fault containment and redundancy management are crucial for ensuring the integrity and availability of a HAD system. Solutions developed at this level are also sufficiently versatile to be applied across a wide range of HAD use cases and implementations, making them well-suited for collaborative efforts. We have compiled high-level requirements for logical system architectures and supplemented them with technological constraints and design principles. We have then identified and evaluated architectures for HAD systems. The most suitable ones share a common set of underlying design patterns, particularly the combined Doer/Checker/Fallback pattern. This pattern addresses system availability while facilitating effective ASIL decomposition according to ISO 26262. Additionally, we have outlined several considerations, including ISO 21448 (SOTIF) for implementing logical architectures in physical HW and SW elements.

• Collaborative efforts are essential for developing logical system architectures suitable for safe HAD.
• Logical system architectures can describe how to manage redundant subsystems and ensure fault containment and independence. The combined Doer/Checker/Fallback pattern proves to be highly useful in this regard.
• Ensuring sufficient independence between subsystems poses a key challenge in the safe implementation of logical system architectures in HW and SW.