

## List of Safety Requirements

| Nº | ID    | Name                                          | Description                                                                                                                                                                                               | Kind      | ASIL | Time constraint | Physical constraint | Comment | Traced FTA Events | Status   | Related Goals                                      | Coordinatoribus | Coordinatoribus To | Allocations                                            |
|----|-------|-----------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|------|-----------------|---------------------|---------|-------------------|----------|----------------------------------------------------|-----------------|--------------------|--------------------------------------------------------|
| 1  | SR020 | Insulation resistance measurement performance | The BMS shall measure insulation resistance with range at least of xxx to xxx Mohm with accuracy of +- xxx Mohm at most and resolution of xxx Mohm at most and a sampling rate of at least xxx sample/sec | TECHNICAL | A    |                 |                     |         | no traced events  | PROPOSED | • SR341 (ASIL D) • SR343 (ASIL D)                  | SR013 (ASIL A)  | SR013 (ASIL A)     | Insulation Monitoring • BJB IC • MCU • TPL Transciever |
| 2  | SR022 | HV switch timing                              | The BMS shall be able to open and close the HV switches of the battery                                                                                                                                    | TECHNICAL | B    |                 |                     |         | no traced events  | PROPOSED | • SR243 (ASIL B) • SR011 (ASIL B) • SR007 (ASIL B) | SR015 (ASIL B)  | SR015 (ASIL B)     | FET / Contactor Driver (ASIL B) • MCU                  |

|     |           |                                             |                                                                                                                                                                                                                                                                                                                    |                       |   |  |  |  |                  |                      |                                    |                                    |       |                                                                                     |
|-----|-----------|---------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|------------------------------------|------------------------------------|-------|-------------------------------------------------------------------------------------|
| 2.1 | SR02<br>3 | Current Integrator HV switch timing         | The BMS shall be able to open and close the HV switches of the battery upon a Current Integrator signal assignment within xxx ms and xxx ms respectively, preferably implemented in HW                                                                                                                             | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                    |                                    |       | • FET / Contactor Driver (ASIL B)<br>• Short-circuit detection<br>• FET / Contactor |
| 3   | SR02<br>4 | Gas and/or pressure measurement performance | The BMS shall measure xxx gas(es) with at least range of xxx to xxx PPM with accuracy of +- xxx PPM at most and resolution xxx PPM at most and/or pressure with at least range of xxx to xxx bar at most with accuracy of xxx bar and resolution of xxx bar at most and a sampling rate of at least xxx sample/sec | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>34<br>6<br>(AS<br>IL<br>D) | • SR<br>02<br>7<br>(AS<br>IL<br>B) | • MCU | • SR<br>34<br>7<br>(AS<br>IL<br>D)                                                  |

|   |       |                                             |                                                                                                                                                                                                |                       |   |  |  |  |  |                  |                      |                                                                                                                                                      |                                                                                                                                                      |                                        |
|---|-------|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------|
| 4 | SR025 | Battery temperature measurement performance | The BMS shall measure battery temperature with at least range of xxx to xxx C° with accuracy of +- xxx C° at most and resolution xxx C° at most and a sampling rate of at least xxx sample/sec | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>35<br>3<br>(AS<br>IL<br>D)<br>• SR<br>35<br>4<br>(AS<br>IL<br>D)                                                                             | • SR<br>00<br>8<br>(AS<br>IL<br>B)<br>• SR<br>00<br>5<br>(AS<br>IL<br>B)                                                                             | • MCU<br>• AFE<br>• TPL<br>Transciever |
| 5 | SR027 | TR detection algorithm                      | The BMS shall include an algorithm to predict TR event based on temperature and gases and/or pressure within xxx sec from it's occurrence                                                      | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>02<br>4<br>(AS<br>IL<br>B)<br>• SR<br>36<br>2<br>(AS<br>IL<br>D)<br>• SR<br>36<br>3<br>(AS<br>IL<br>D)<br>• SR<br>36<br>4<br>(AS<br>IL<br>D) | • SR<br>00<br>5<br>(AS<br>IL<br>B)<br>• SR<br>36<br>2<br>(AS<br>IL<br>D)<br>• SR<br>36<br>3<br>(AS<br>IL<br>D)<br>• SR<br>36<br>4<br>(AS<br>IL<br>D) | • MCU                                  |

|   |       |                                     |                                                                                                                                                                                           |                       |   |  |  |  |  |                  |                      |                                                                                                                   |                                     |                                           |
|---|-------|-------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|-------------------------------------------------------------------------------------------------------------------|-------------------------------------|-------------------------------------------|
| 6 | SR034 | Cell voltages monitor performance   | The BMS shall measure cell voltages with range at least of xxx to xxx V with accuracy of +-xxx mV at most and resolution of xxx mV at most and a sampling rate of at least xxx sample/sec | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>36<br>5<br>(AS<br>IL<br>C( D))<br>• SR<br>36<br>6<br>(AS<br>IL<br>D)                                      | • SR<br>00<br>6<br>(AS<br>IL<br>B)) | • MCU<br>• AFE<br>• TPL<br>Transciever    |
| 7 | SR036 | Battery current monitor performance | The BMS shall measure battery current with range at least of xxx to xxx A with accuracy of +-xxx A at most and resolution of xxx A at most and a sampling rate of at least xxx sample/sec | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>38<br>1<br>(AS<br>IL<br>D))<br>• SR<br>38<br>2<br>(AS<br>IL<br>D))<br>• SR<br>03<br>0<br>(AS<br>IL<br>B)) | • SR<br>01<br>2<br>(AS<br>IL<br>B)) | • MCU<br>• BJB IC<br>• TPL<br>Transciever |

|   |           |                               |                                                                                                                                                                                  |                       |   |  |  |  |                  |                      |                                    |                                    |                            |
|---|-----------|-------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|------------------------------------|------------------------------------|----------------------------|
| 8 | SR03<br>9 | Dynamic Current Limit message | The BMS shall compose and transmit a periodical message containing the maximum recommended discharging current, and charging current, as calculated by the Dynamic Current Limit | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>39<br>4<br>(AS<br>IL<br>D) | • SR<br>00<br>9<br>(AS<br>IL<br>B) | • MCU<br>• CAN Transciever |
| 9 | SR04<br>0 | DCL_STATUS: OVERLOAD          | The BMS shall set the Flag DCL_STATUS to OVERLOAD in case the Dynamic Current Limit algorithm detects further increase in temperature due to overload                            | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>00<br>9<br>(AS<br>IL<br>B) | • MCU                              |                            |

|    |           |                           |                                                                                                                                                                                                                                                                                      |                       |   |  |  |  |  |                        |                      |  |  |                                       |       |
|----|-----------|---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------------|----------------------|--|--|---------------------------------------|-------|
| 10 | SR04<br>1 | DCL_ST<br>ATUS:<br>NORMAL | The BMS<br>shall set<br>the Flag<br>DCL_STATU<br>S to<br>NORMAL if<br>the<br>Dynamic<br>Current<br>Limit<br>algorithm<br>does not<br>detect an<br>overload<br>during a<br>time period<br>as<br>specified in<br>the<br>configuratio<br>n<br>parameter<br>DCL_OVERL<br>OAD_TIME<br>OUT | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  | •<br>SR<br>00<br>9<br>(AS<br>IL<br>B) | • MCU |
|----|-----------|---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------------|----------------------|--|--|---------------------------------------|-------|

|    |       |                                                                                   |  |                       |   |  |  |  |                  |                      |                                                                                                                                                                                                                                                                                                                               |                                                                                                                                                                                                                                                                                                                               |       |
|----|-------|-----------------------------------------------------------------------------------|--|-----------------------|---|--|--|--|------------------|----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|
| 11 | SR042 | Set flags when system is outside of, or about to breach temperature SOA condition |  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>48 00<br>2 2<br>(AS (AS<br>IL IL<br>D) B)<br>• SR<br>48 01<br>6 0<br>(AS (AS<br>IL IL<br>D) B)<br>• SR<br>49 9<br>(AS<br>IL<br>D)<br>• SR<br>14 3<br>(AS<br>IL<br>B)<br>• SR<br>49 1<br>(AS<br>IL<br>D)<br>• SR<br>49 5<br>(AS<br>IL<br>D)<br>• SR<br>50 3<br>(AS<br>IL<br>D)<br>• SR<br>50 7<br>(AS<br>IL<br>D)<br>• | • SR<br>48 00<br>2 2<br>(AS (AS<br>IL IL<br>D) B)<br>• SR<br>48 01<br>6 0<br>(AS (AS<br>IL IL<br>D) B)<br>• SR<br>49 9<br>(AS<br>IL<br>D)<br>• SR<br>14 3<br>(AS<br>IL<br>B)<br>• SR<br>49 1<br>(AS<br>IL<br>D)<br>• SR<br>49 5<br>(AS<br>IL<br>D)<br>• SR<br>50 3<br>(AS<br>IL<br>D)<br>• SR<br>50 7<br>(AS<br>IL<br>D)<br>• | • MCU |
|----|-------|-----------------------------------------------------------------------------------|--|-----------------------|---|--|--|--|------------------|----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|

|  |  |  |  |  |  |  |  |  |  |  |                                  |  |  |
|--|--|--|--|--|--|--|--|--|--|--|----------------------------------|--|--|
|  |  |  |  |  |  |  |  |  |  |  | SR<br>50<br>5<br>(AS<br>IL<br>D) |  |  |
|--|--|--|--|--|--|--|--|--|--|--|----------------------------------|--|--|

|    |           |                                                                                       |                       |   |  |  |  |                  |                      |                                                                                                                                                                                   |                                                                                                                                                                                                                                                        |          |
|----|-----------|---------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
| 12 | SR04<br>3 | Set flags when system in is outside of, or about to breach cell voltage SOA condition | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>SR<br>14<br>8<br>•<br>SR<br>51<br>2<br>•<br>SR<br>51<br>6<br>•<br>SR<br>51<br>9<br>•<br>SR<br>52<br>2<br>•<br>SR<br>52<br>7<br>•<br>SR<br>52<br>5<br>•<br>SR<br>52<br>9<br>• | •<br>SR<br>00<br>3<br>(AS<br>IL<br>B)<br>•<br>SR<br>01<br>0<br>(AS<br>IL<br>D)<br>•<br>(AS<br>IL<br>D)<br>•<br>(AS<br>IL<br>D)<br>•<br>(AS<br>IL<br>D)<br>•<br>(AS<br>IL<br>D)<br>•<br>(AS<br>IL<br>D)<br>•<br>(AS<br>IL<br>D)<br>•<br>(AS<br>IL<br>D) | •<br>MCU |
|----|-----------|---------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|

28-Mar-2025 12:08 pm

|  |  |  |  |  |  |  |  |  |  |  |                                  |  |  |
|--|--|--|--|--|--|--|--|--|--|--|----------------------------------|--|--|
|  |  |  |  |  |  |  |  |  |  |  | SR<br>53<br>1<br>(AS<br>IL<br>D) |  |  |
|--|--|--|--|--|--|--|--|--|--|--|----------------------------------|--|--|

|    |           |                                                                                  |                       |   |  |  |  |                  |                      |                                                                                                                                                                                                                                                                                                                                      |                                                                                                                                                                                                                                                                                                                                      |          |
|----|-----------|----------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
| 13 | SR04<br>4 | Set flags when system in is outside of, or about to breach current SOA condition | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>SR<br>14<br>9<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>0<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>1<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>2<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>3<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>4<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>5<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>6<br>(AS<br>IL<br>B) | •<br>SR<br>00<br>4<br>(AS<br>IL<br>B)<br>•<br>SR<br>01<br>0<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>1<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>2<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>3<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>4<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>5<br>(AS<br>IL<br>B)<br>•<br>SR<br>15<br>6<br>(AS<br>IL<br>B) | •<br>MCU |
|----|-----------|----------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|

|    |       |                                          |                                                                                          |                       |   |  |  |  |                  |                      |                                                                                                                                                      |                                             |
|----|-------|------------------------------------------|------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------|
| 14 | SR045 | Set flags when battery is out of balance |                                                                                          | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>05<br>3<br>(AS<br>IL<br>B)<br>• SR<br>05<br>4<br>(AS<br>IL<br>B)<br>• SR<br>05<br>5<br>(AS<br>IL<br>B)<br>• SR<br>05<br>6<br>(AS<br>IL<br>B) | • SR<br>01<br>0<br>(AS<br>IL<br>B)<br>• MCU |
| 15 | SR046 | Start balancing battery                  | The BMS shall balance the cells while the Flag CELL_BALANCE_STATUS is in state UNBALANCE | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>01<br>6<br>(AS<br>IL<br>B)                                                                                                                   | • MCU<br>• AFE<br>• TPL<br>Transciever      |

|     |                |                                      |                                                                                                                                                                                       |                             |   |  |  |  |  |                  |                      |                                    |                                    |                                           |
|-----|----------------|--------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|---|--|--|--|--|------------------|----------------------|------------------------------------|------------------------------------|-------------------------------------------|
| 16  | SR04<br>7      | Battery voltages monitor performance | The BMS shall measure battery voltage with range at least of 0 to xxxV with accuracy of xxx mV at most and resolution of xxxmV at most and a sampling rate of at least xxx sample/sec | TE<br>CH<br>NIC<br>AL       | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>39<br>8<br>(AS<br>IL<br>D) | • SR<br>01<br>8<br>(AS<br>IL<br>B) | • MCU<br>• BJB IC<br>• TPL<br>Transciever |
| 16. | SR04<br>1<br>8 | Battery voltages monitor range       | The BMS shall measure battery voltage with range at least of 0 to xxxV                                                                                                                | UN<br>SP<br>ECI<br>FIE<br>D | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                    |                                    |                                           |
| 16. | SR04<br>2<br>9 | Battery voltages monitor accuracy    |                                                                                                                                                                                       | UN<br>SP<br>ECI<br>FIE<br>D | D |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                    |                                    |                                           |

|    |       |                                                                                          |  |                       |   |  |  |  |                  |                      |                                                                                                                                                                                            |                                             |
|----|-------|------------------------------------------------------------------------------------------|--|-----------------------|---|--|--|--|------------------|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------|
| 17 | SR050 | Set flags when system in is outside of, or about to breach battery voltage SOA condition |  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>07<br>7<br>(AS<br>IL<br>B)<br>• SR<br>07<br>8<br>(AS<br>IL<br>B)<br>• SR<br>07<br>9<br>(AS<br>IL<br>B)<br>• SR<br>08<br>0<br>(AS<br>IL<br>B)<br>• SR<br>08<br>1<br>(AS<br>IL<br>B) | • SR<br>01<br>0<br>(AS<br>IL<br>B)<br>• MCU |
| 18 | SR057 | Protect against faulty measurement spikes by filtering                                   |  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>40<br>8<br>(AS<br>IL<br>D)<br>• SR<br>40<br>9<br>(AS<br>IL<br>D)                                                                                                                   | • SR<br>01<br>7<br>(AS<br>IL<br>B)<br>• MCU |

|        |       |                                                  |                                                                                  |                       |   |  |  |  |                  |                      |  |  |  |       |
|--------|-------|--------------------------------------------------|----------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|--|--|-------|
| 18.1   | SR058 | Filter measurement                               | The BMS shall include filters for all measurements to filter out data spikes xxx | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  | • MCU |
| 18.1.1 | SR059 | Detect out-of-range battery voltage measurements |                                                                                  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  | • MCU |
| 18.1.2 | SR060 | Detect out-of-range current measurements         |                                                                                  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  | • MCU |
| 18.1.3 | SR061 | Detect out-of-range temperature measurements     |                                                                                  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  | • MCU |
| 18.1.4 | SR063 | Detect out-of-range cell voltage measurements    |                                                                                  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  | • MCU |

|          |           |                                                                              |                                                                                                                                                                                                  |                       |   |  |  |  |                  |                      |                                                                                                                |                                                                             |
|----------|-----------|------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| 19       | SR06<br>4 | Temporary disconnect the battery if overtemperature has been detected in BMS |                                                                                                                                                                                                  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>40<br>1<br>(AS<br>IL<br>D)<br>• SR<br>41<br>0<br>(AS<br>IL<br>D)<br>• SR<br>41<br>1<br>(AS<br>IL<br>D) | • MCU<br>• FET /<br>Contactor<br>Driver<br>(ASIL B)<br>• FET /<br>Contactor |
| 19.<br>1 | SR06<br>5 | Close switches at IC_TEMP_STATUS: NORMAL                                     | The BMS shall assign signal(s) as to close the HV switches of the battery and charger upon Flag IC_TEMP_STATUS set to NORMAL if no other protections are activated that require open HV switches | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                                                                                                | • MCU<br>• FET /<br>Contactor<br>Driver<br>(ASIL B)<br>• FET /<br>Contactor |

|     |           |                                                                                 |                                                                                                                                                                                                                                                                                           |                       |   |  |  |  |                  |                      |                                       |                                       |          |                                                                 |
|-----|-----------|---------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|---------------------------------------|---------------------------------------|----------|-----------------------------------------------------------------|
| 19. | SR07<br>2 | Open switches at IC_TEMP_STATUS: FAILURE                                        | The BMS shall assign signal(s) as to open the HV switches of the battery upon Flag IC_TEMP_STATUS set to any of the following:<br>- OVERTEMPERATURE_AF<br>- OVERTEMPERATURE_BJ<br>- OVERTEMPERATURE_MCU<br>- OVERTEMPERATURE_SB<br>- OVERTEMPERATURE_SHUNT<br>- OVERTEMPERATURE_HV_SWITCH | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                       |                                       |          | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |
| 20  | SR07<br>5 | Notify driver and passengers about fault and warning condition of the HV Switch |                                                                                                                                                                                                                                                                                           | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>SR<br>41<br>5<br>(AS<br>IL<br>D) | •<br>SR<br>02<br>9<br>(AS<br>IL<br>B) | •<br>MCU |                                                                 |

|      |       |                           |                                                                                                                                                                                                                 |                       |   |  |  |  |  |                  |                      |  |  |  |  |       |
|------|-------|---------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|--|--|--|--|-------|
| 20.1 | SR076 | HV_SWITCH_STATUS: FAILURE | The BMS shall set the Flag HV_SWITC H_STATUS to FAILURE upon a detection of the event via the HV Switch failure detection algorithm. The parameters of this algorithm shall be stored in the configuration file | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |  | • MCU |
| 20.2 | SR082 | HV_SWITCH_STATUS: NORMAL  | The BMS shall set the Flag TR_STATUS to NORMAL upon clearing of the event via the HV Switch failure detection algorithm                                                                                         | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |  | • MCU |

|     |        |                                                                  |  |           |   |  |  |  |                  |          |         |         |                |                |
|-----|--------|------------------------------------------------------------------|--|-----------|---|--|--|--|------------------|----------|---------|---------|----------------|----------------|
| 21  | SR083  | Protect BMS from undesired effects of uncontrolled uC power-down |  | TECHNICAL | B |  |  |  | no traced events | PROPOSED | • SR419 | • SR017 | • MCU (ASIL B) | • SBC (ASIL B) |
| 21. | SR0814 | Brownout                                                         |  | TECHNICAL | B |  |  |  | no traced events | PROPOSED |         |         | • MCU          | • SBC (ASIL B) |

|    |       |                                                            |           |   |  |  |  |                  |          |                  |                  |                  |                  |                  |                  |                  |                  |
|----|-------|------------------------------------------------------------|-----------|---|--|--|--|------------------|----------|------------------|------------------|------------------|------------------|------------------|------------------|------------------|------------------|
| 22 | SR085 | Notify the driver and passengers about BMS overtemperature | TECHNICAL | B |  |  |  | no traced events | PROPOSED | • SR072 (AS ILB) | • SR029 (AS ILB) | • SR071 (AS ILB) | • SR070 (AS ILB) | • SR069 (AS ILB) | • SR068 (AS ILB) | • SR067 (AS ILB) | • SR066 (AS ILB) |
|----|-------|------------------------------------------------------------|-----------|---|--|--|--|------------------|----------|------------------|------------------|------------------|------------------|------------------|------------------|------------------|------------------|

|      |       |                                                                                                     |                                                                                                                                               |                       |   |  |  |  |                  |                      |                     |                                                                                                          |                                                           |
|------|-------|-----------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|---------------------|----------------------------------------------------------------------------------------------------------|-----------------------------------------------------------|
| 23   | SR086 | Permanently disconnect the battery if Mosfets/Contactor is faulty                                   |                                                                                                                                               | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR416<br>(ASIL D) | • SR028<br>(ASIL B)                                                                                      | • MCU<br>• FET / Contactor<br>Driver<br>• FET / Contactor |
| 23.1 | SR654 | SM: Recover y out of permanent failure shall only be possible through service station intervention. |                                                                                                                                               | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                     |                                                                                                          |                                                           |
| 24   | SR087 | Continuously monitor BMS internal temperatures                                                      |                                                                                                                                               | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR026<br>(ASIL B) | • MCU<br>• AFE<br>• SBC<br>(ASIL B)<br>• BJB IC<br>• TPL<br>Transciever<br>• Onboard<br>thermistor[0..*] |                                                           |
| 24.1 | SR088 | IC die temperature measurements                                                                     | The AFE, BJB, MCU, SBC main ICs of the BMS shall include internal temperature measurements to assess and prevent possible failures associated | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                     | • MCU<br>• SBC<br>(ASIL B)<br>• BJB IC<br>• AFE<br>• TPL<br>Transciever                                  |                                                           |

|     |      |                                                                                                                                |                                                                                                                                                                                              |                       |   |  |  |  |                  |                      |  |  |                                                                                                                                          |
|-----|------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|--|------------------------------------------------------------------------------------------------------------------------------------------|
| 24. | SR08 | Make BMS enter fault state in case of either of MCU, AFE, or SBC reaching high die temperature                                 |                                                                                                                                                                                              | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |                                                                                                                                          |
| 24. | SR09 | Recover BMS from fault state to normal state when temperatures are within permissible operating range for each part on the BMS |                                                                                                                                                                                              | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |                                                                                                                                          |
| 24. | SR09 | Shunt temperature measurement performance                                                                                      | The BMS shall measure Shunt temperature with at least range of xxx to xxx C° with accuracy of +- xxx C° at most and resolution xxx C° at most and a sampling rate of at least xxx sample/sec | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  | <ul style="list-style-type: none"> <li>• MCU</li> <li>• Onboard thermistor[0..*]</li> <li>• TPL Transciever</li> <li>• BJB IC</li> </ul> |

|     |       |                                               |                                                                                                                                                                                                  |                       |   |  |  |  |  |                  |                      |                                    |                                    |                                    |                                    |                                                                       |                                                                         |
|-----|-------|-----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|------------------------------------|------------------------------------|------------------------------------|------------------------------------|-----------------------------------------------------------------------|-------------------------------------------------------------------------|
| 24. | SR093 | HV Switch temperature measurement performance | The BMS shall measure HV Switch temperature with at least range of xxx to xxx C° with accuracy of +- xxx C° at most and resolution xxx C° at most and a sampling rate of at least xxx sample/sec | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                    |                                    |                                    |                                    | • MCU<br>• Onboard thermometer[0..*]<br>• TPL Transciever<br>• BJB IC |                                                                         |
| 25  | SR093 | Perform BIST                                  |                                                                                                                                                                                                  | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>12<br>8<br>(AS<br>IL<br>B) | • SR<br>02<br>6<br>(AS<br>IL<br>B) | • SR<br>13<br>4<br>(AS<br>IL<br>B) | • SR<br>42<br>2<br>(AS<br>IL<br>D) | • SR<br>42<br>3<br>(AS<br>IL<br>D)                                    | • MCU<br>• SBC<br>(ASIL B)<br>• AFE<br>• BJB IC<br>• TPL<br>Transciever |

|     |           |                                       |                                                                                                                                                                                                                        |                       |   |  |  |  |                  |                      |                                                                          |                                    |                                    |                                                                         |
|-----|-----------|---------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--------------------------------------------------------------------------|------------------------------------|------------------------------------|-------------------------------------------------------------------------|
| 25. | SR09<br>4 | IC self test                          | The AFE, BJB, MCU, SBC main ICs of the BMS shall include internal Build In Self Test (BIST) to assess and prevent possible random and latent failures                                                                  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                                                          |                                    |                                    | • AFE<br>• MCU<br>• SBC<br>(ASIL B)<br>• BJB IC<br>• TPL<br>Transciever |
| 26. | SR09<br>5 | Continuously monitor HV FETs voltages |                                                                                                                                                                                                                        | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>42<br>5<br>(AS<br>IL<br>D)<br>• SR<br>43<br>2<br>(AS<br>IL<br>D) | • SR<br>02<br>6<br>(AS<br>IL<br>B) | • SR<br>02<br>6<br>(AS<br>IL<br>B) | • Insulation Monitoring<br>• MCU<br>• TPL<br>Transciever<br>• BJB IC    |
| 26. | SR09<br>6 | HV voltage measurement performance    | The BMS shall measure both HV Switch voltages (HV input and output) with range at least of -xxx to xxxV with accuracy of xxx mV at most and resolution of xxxmV at most and a sampling rate of at least xxx sample/sec | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                                                          |                                    |                                    | • MCU<br>• Insulation Monitoring<br>• TPL<br>Transciever<br>• BJB IC    |

|     |             |                                                                                                                                       |                                                                                                                                                                                                               |                       |   |  |  |  |                        |                      |                                                                   |                                       |                                                          |                      |
|-----|-------------|---------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------------|----------------------|-------------------------------------------------------------------|---------------------------------------|----------------------------------------------------------|----------------------|
| 26. | SR09<br>2   | HV<br>Switch<br>failure<br>detectio<br>n<br>algorith<br>m                                                                             | The BMS<br>shall<br>include an<br>algorithm<br>to detect<br>failure of<br>the HV<br>Switch<br>based on<br>the input<br>and output<br>voltage<br>measureme<br>nts within<br>xxx sec<br>from it's<br>occurrence | TE<br>CH<br>NIC<br>AL | B |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |                                                                   |                                       |                                                          | • MCU                |
| 26. | SR09<br>2.1 | Detect<br>HV<br>switch<br>failure<br>in short<br>8                                                                                    |                                                                                                                                                                                                               | TE<br>CH<br>NIC<br>AL | B |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |                                                                   |                                       |                                                          | • MCU                |
| 26. | SR09<br>2.2 | Detect<br>HV<br>switch<br>failure<br>in open<br>9                                                                                     |                                                                                                                                                                                                               | TE<br>CH<br>NIC<br>AL | B |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |                                                                   |                                       |                                                          | • MCU                |
| 27  | SR10<br>0   | Tempora<br>ry<br>disconne<br>ct the<br>battery<br>if<br>external<br>commun<br>ication<br>errors<br>have<br>been<br>detected<br>in BMS |                                                                                                                                                                                                               | TE<br>CH<br>NIC<br>AL | B |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>SR<br>43<br>4<br>IL<br>•<br>SR<br>43<br>5<br>(AS<br>IL<br>D) | •<br>SR<br>02<br>8<br>(AS<br>IL<br>B) | •<br>ASIL B<br>• FET /<br>Driver<br>• FET /<br>Contactor | • FET /<br>Contactor |

|      |      |                                                       |                                                                                                                                                                                                                                               |              |   |  |  |  |                  |             |  |  |  |                                                                 |
|------|------|-------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|---|--|--|--|------------------|-------------|--|--|--|-----------------------------------------------------------------|
| 27.1 | SR10 | Close switches at EXT_CO M_STAT US: NORMAL            | The BMS shall assign signal(s) as to close the HV switches of the charger and the battery upon a EXT_COM_STATUS to NORMAL within xxx ms                                                                                                       | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED |  |  |  | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |
| 27.2 | SR10 | Close switches at EXT_CO M_STAT US: WARNING or NORMAL | The BMS shall assign signal(s) as to close the HV switches of the battery and charger upon Flag EXT_COM_STATUS set to any of the following:<br>- EXT_COM_WARN<br>- NORMAL if no other protections are activated that require open HV switches | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED |  |  |  | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |

|      |       |                                              |                                                                                                                           |              |   |  |  |  |                  |             |  |                   |                         |                                                                 |
|------|-------|----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|--------------|---|--|--|--|------------------|-------------|--|-------------------|-------------------------|-----------------------------------------------------------------|
| 27.3 | SR105 | Open switches at EXT_CO M_STAT US: TIMEOUT T | The BMS shall assign signal(s) as to open the HV switches of the battery upon a EXT_COM_STATUS to TIMEOUT within xxx ms   | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED |  |                   |                         | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |
| 27.4 | SR106 | Open switches at EXT_CO M_STAT US: FAILURE   | The BMS shall assign signal(s) as to open the HV switches of the battery upon Flag EXT_COM_STATUS set to EXT_COM_FAILURE  | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED |  |                   |                         | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |
| 28   | SR107 | Protect BMS from hanging                     |                                                                                                                           | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED |  | • SR 017 (ASIL B) | • MCU<br>• SBC (ASIL B) |                                                                 |
| 28.1 | SR108 | Watchdog                                     | The BMS shall be reset in case the Watchdog(s) did not receive periodic pulses as specified in configuration parameter(s) | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED |  |                   | • MCU<br>• SBC (ASIL B) |                                                                 |

|      |       |                                                                          |                                                                                                                                                                                                                                              |                       |   |  |  |  |                  |                      |  |                                                                             |                                                                             |
|------|-------|--------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|-----------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| 29   | SR109 | Temporary disconnect the battery if bit-flip has been detected in memory |                                                                                                                                                                                                                                              | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  | • SR028<br>(ASIL B)<br>ILB)                                                 | • MCU<br>• FET /<br>Contactor<br>Driver<br>(ASIL B)<br>• FET /<br>Contactor |
| 29.1 | SR110 | Close switches at MEMORY_STATUSES: WARN or NORMAL                        | The BMS shall assign signal(s) as to close the HV switches of the battery and charger upon Flag COM_STATUS set to any of the following:<br>- MEMORY_ECC_WARN<br>- NORMAL if no other protections are activated that require open HV switches | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  | • MCU<br>• FET /<br>Contactor<br>Driver<br>(ASIL B)<br>• FET /<br>Contactor |                                                                             |
| 29.2 | SR111 | Open switches at MEMORY_STATUSES: FAILURE                                | The BMS shall assign signal(s) as to open the HV switches of the battery upon Flag MEMORY_STATUS set to MEMORY_ECC_FAILURE                                                                                                                   | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  | • MCU<br>• FET /<br>Contactor<br>Driver<br>(ASIL B)<br>• FET /<br>Contactor |                                                                             |

|     |                |                                                                               |                                                                                                                                                                                                                                                   |                       |   |  |  |  |                  |                      |                                    |                                    |                                    |       |
|-----|----------------|-------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|------------------------------------|------------------------------------|------------------------------------|-------|
| 30  | SR11<br>2      | Notify the driver and passengers about BMS external communication error       |                                                                                                                                                                                                                                                   | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>43<br>6<br>(AS<br>IL<br>D) | • SR<br>02<br>9<br>(AS<br>IL<br>B) | • SR<br>12<br>1<br>(AS<br>IL<br>B) | • MCU |
| 30. | SR11<br>1<br>3 | - EXT_CO<br>M_FAILU<br>RE_TIME<br>OUT<br>-<br>COMS_S<br>TATUS:<br>TIMEOU<br>T | The BMS shall assign the Flag EXT_COM_STATUS to TIMEOUT upon failure to receive regular communication from external controller for a period equal to or greater than specified in configuration parameter EXT_COM_FAILURE_TIMEOUT presented in ms | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                    |                                    |                                    | • MCU |

|      |       |                                   |                                                                                                                                                               |           |   |  |  |  |                  |          |  |  |  |  |       |
|------|-------|-----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|---|--|--|--|------------------|----------|--|--|--|--|-------|
| 30.2 | SR114 | EXT_COMM_STATUS: NORMAL           | The BMS shall set the Flag EXT_COM_STATUS to NORMAL upon no CRC error nor EDC being necessary in external communication                                       | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |  |  |  | • MCU |
| 30.3 | SR115 | EXT_COMM_STATUS: EXT_COMM_WARN    | The BMS shall set the Flag EXT_COM_STATUS to EXT_COM_WARN upon detected CRC error and successful correction of the error by the EDC in external communication | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |  |  |  | • MCU |
| 30.4 | SR116 | EXT_COMM_STATUS: EXT_COMM_FAILURE | The BMS shall set the Flag EXT_COM_STATUS to EXT_COM_FAILURE upon detected CRC error and inability of the EDC to correct the error in external communication  | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |  |  |  | • MCU |

|      |       |                                                           |                                                                                                                                          |           |   |  |  |  |                  |          |  |                  |       |
|------|-------|-----------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|-----------|---|--|--|--|------------------|----------|--|------------------|-------|
| 31   | SR117 | Notify driver and passengers about internal memory errors | Memory bit-flip                                                                                                                          | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  | • SR029 (ASIL B) | • MCU |
| 31.1 | SR118 | MEMORY_STATUSES: MEMORY_ECC_FAILURE                       | The BMS shall set the Flag MEMORY_STATUS to MEMORY_ECC_FAILURE upon detected of any memory error by the ECC and inability to correct it  | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |                  | • MCU |
| 31.2 | SR119 | MEMORY_STATUSES: MEMORY_ECC_WARN                          | The BMS shall set the Flag MEMORY_STATUS to MEMORY_ECC_WARN upon detected of any memory error by the ECC and successful correction of it | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |                  | • MCU |
| 31.3 | SR120 | MEMORY_STATUSES: NORMAL                                   | The BMS shall set the Flag MEMORY_STATUS to NORMAL upon no memory error being detected by the ECC of any memory                          | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |                  | • MCU |

|     |                |                                                  |                                                                                           |                       |   |  |  |  |                  |                      |                                                                                                                                                                                            |                                             |
|-----|----------------|--------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------|
| 32  | SR12<br>1      | Continuously monitor BMS external communications |                                                                                           | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>11<br>2<br>(AS<br>IL<br>B)<br>• SR<br>10<br>0<br>(AS<br>IL<br>B)<br>• SR<br>43<br>7<br>(AS<br>IL<br>D)<br>• SR<br>43<br>9<br>(AS<br>IL<br>D)<br>• SR<br>44<br>0<br>(AS<br>IL<br>D) | • SR<br>02<br>6<br>(AS<br>IL<br>B)<br>• MCU |
| 32. | SR12<br>1<br>2 | EDC on external communication                    | The external BMC communication shall include EDC to correct possible communication errors | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                                                                                                                                                                            | • MCU                                       |

|      |       |                                                          |                                                                                                                                                              |           |   |  |  |  |                  |          |  |                 |                 |       |       |
|------|-------|----------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|---|--|--|--|------------------|----------|--|-----------------|-----------------|-------|-------|
| 32.2 | SR124 | CRC on external communication                            | The external BMS communication shall include CRC to detect possible communication errors                                                                     | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |                 |                 |       | • MCU |
| 32.3 | SR125 | Periodic external communication timers                   | The BMS shall keep timers associated to periodic communication packets with external controller and reset them for every packet that was successful received | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |                 |                 |       | • MCU |
| 33   | SR126 | Implement ECC in all memories                            |                                                                                                                                                              | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  | • SR026 (ASILB) | •               | MCU   |       |
| 33.1 | SR127 | ECC memory                                               | All memory of used in the BMS shall include ECC                                                                                                              | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |                 |                 | • MCU |       |
| 34   | SR128 | Notify driver and passengers about BIST detected failure |                                                                                                                                                              | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  | • SR029 (ASILB) | • SR093 (ASILB) | • MCU |       |

|      |       |                                         |                                                                                                                         |           |   |  |  |  |                  |          |  |  |  |  |       |
|------|-------|-----------------------------------------|-------------------------------------------------------------------------------------------------------------------------|-----------|---|--|--|--|------------------|----------|--|--|--|--|-------|
| 34.1 | SR129 | IC_BIST_STATUS:<br>BIST_FA<br>ILURE_SBC | The BMS shall set the Flag IC_BIST_STATUS to BIST_FAILURE_SBC upon inability of the SBC's BIST to complete successfully | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |  |  |  | • MCU |
| 34.2 | SR130 | IC_BIST_STATUS:<br>BIST_FA<br>ILURE MCU | The BMS shall set the Flag IC_BIST_STATUS to BIST_FAILURE MCU upon inability of the MCU's BIST to complete successfully | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |  |  |  | • MCU |
| 34.3 | SR131 | IC_BIST_STATUS:<br>BIST_FA<br>ILURE_BJB | The BMS shall set the Flag IC_BIST_STATUS to BIST_FAILURE_BJB upon inability of the BJB's BIST to complete successfully | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |  |  |  | • MCU |

|     |           |                                                                  |                                                                                                                                                                                                        |                            |   |  |  |  |  |                  |                      |  |  |  |                                                                                       |
|-----|-----------|------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|---|--|--|--|--|------------------|----------------------|--|--|--|---------------------------------------------------------------------------------------|
| 34. | SR13<br>4 | IC_BIST_STATUS:<br>BIST_FA<br>ILURE_A<br>FE                      | The BMS shall set the Flag IC_BIST_STATUS to BIST_FAILURE_AFE upon inability of the AFE's BIST to complete successfully<br><br>//vtpl-dngsrvapp:<br>50000/<br>RM:user=d<br>b2amin;password={password}; | FU<br>NC<br>TIO<br>NA<br>L | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  | • MCU                                                                                 |
| 34. | SR13<br>5 | IC_BIST_STATUS:<br>NORMAL                                        | The BMS shall set the Flag IC_TEMP_STATUS to NORMAL upon completion of all BIST completed successfully                                                                                                 | TE<br>CH<br>NIC<br>AL      | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  | • MCU                                                                                 |
| 35  | SR13<br>4 | Temporary disconnect the battery if BIST detected failure in BMS |                                                                                                                                                                                                        | TE<br>CH<br>NIC<br>AL      | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  | • MCU<br>• FET / Contactor<br>SR 028 (ASIL B)<br>• FET / Contactor<br>SR 093 (ASIL B) |

|      |       |                                            |                                                                                                                                                                                                                        |                       |   |  |  |  |                  |                      |  |  |                                    |                                                                    |
|------|-------|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|--|------------------------------------|--------------------------------------------------------------------|
| 35.1 | SR157 | Close switches at IC_BIST_STATUSES: NORMAL | The BMS shall assign signal(s) as to close the HV switches of the battery and charger upon Flag IC_BIST_STATUS set to NORMAL if no other protections are activated that require open HV switches                       | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |                                    | • MCU<br>• FET / Contactor<br>Driver (ASIL B)<br>• FET / Contactor |
| 35.2 | SR160 | Open switches at IC_BIST_STATUSES: FAILURE | The BMS shall assign signal(s) as to open the HV switches of the battery upon Flag IC_BIST_STATUS set to any of the following:<br>- BIST_FAILURE_AFE<br>- BIST_FAILURE_BJB<br>- BIST_FAILURE MCU<br>- BIST_FAILURE_SBC | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |                                    | • MCU<br>• FET / Contactor<br>Driver (ASIL B)<br>• FET / Contactor |
| 36   | SR161 | Provide BMS with absolute time             |                                                                                                                                                                                                                        | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  | • SR<br>01<br>7<br>(AS<br>IL<br>B) | • MCU                                                              |

|      |       |                                                  |                                                                                                                                                         |                       |   |  |  |  |                  |                      |  |                                    |   |       |
|------|-------|--------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|------------------------------------|---|-------|
| 36.1 | SR162 | Absolute time life                               | The BMS shall include an absolute timer that is self powered with sufficient energy to count time for up to xxx days from when the BMS was last powered | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |                                    |   | • MCU |
| 36.2 | SR163 | Absolute time resolution                         | The BMS shall track absolute time with a resolution of seconds and an accuracy of xxx PPM                                                               | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |                                    |   | • MCU |
| 37   | SR164 | Provide BMS counter for timestamped Reset events |                                                                                                                                                         | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  | • SR<br>01<br>7<br>(AS<br>IL<br>B) | • | • MCU |
| 37.1 | SR165 | Store RESET Count in NV memory                   | The BMS shall include sufficient NV memory to store the absolute time of the last boot and the RESET_COUNT Flag for at least 100 entries                | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |                                    |   | • MCU |

|      |       |                                        |                                                                                                                                                  |             |   |  |  |  |                  |          |                |                   |  |                            |
|------|-------|----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------|-------------|---|--|--|--|------------------|----------|----------------|-------------------|--|----------------------------|
| 37.2 | SR166 | Access RESET Count                     | The BMS shall allow access of the RESET Count file in memory download mode                                                                       | TECH NIC AL | B |  |  |  | no traced events | PROPOSED |                |                   |  | • MCU                      |
| 38   | SR167 | Maintain proper operation at re-boot   |                                                                                                                                                  | TECH NIC AL | B |  |  |  | no traced events | PROPOSED | SR017 (ASIL B) | • CAN Transciever |  | • MCU                      |
| 38.1 | SR168 | Store configuration & Flags            | The BMS shall include sufficient NV memory to store the configuration file and Flags                                                             | TECH NIC AL | B |  |  |  | no traced events | PROPOSED |                |                   |  | • MCU                      |
| 38.2 | SR169 | Retrieve configuration & Flags at boot | At boot the BMS will retrieve the configuration and Flags from NV memory                                                                         | TECH NIC AL | B |  |  |  | no traced events | PROPOSED |                |                   |  | • MCU                      |
| 38.3 | SR170 | Program configuration & Flags          | Configuration file and Flags in NV memory shall be able to be programmed by the BMS in configuration upload and Flag clearance mode respectively | TECH NIC AL | B |  |  |  | no traced events | PROPOSED |                |                   |  | • MCU<br>• CAN Transciever |

|     |                |                                                     |                                                                                                                                                                                         |                       |   |  |  |  |                  |                      |  |                                    |       |
|-----|----------------|-----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|------------------------------------|-------|
| 39  | SR17<br>1      | HV or leakage FAULT counter and FAILURE assignm ent | Keep a FAULT counter for the amount the insulation resistance measurement has been detected to be lower than a threshold. When the counter registers a certain amount assign a FAILURE. | TE<br>CH<br>NIC<br>AL | A |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  | • SR<br>00<br>1<br>(AS<br>IL<br>A) | • MCU |
| 39. | SR17<br>1<br>2 | HV_STATUS:<br>FAULT                                 | The BMS shall set the Flag HV_STATUS to FAULT upon a valid measurement of insulation resistance lower than specified in configuration parameter INS_RES_THR                             | TE<br>CH<br>NIC<br>AL | A |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  | • SR<br>44<br>3<br>(AS<br>IL<br>D) | • MCU |

|        |       |                                                  |                                                                                                                                                                                                                                                                                   |           |   |  |  |  |                  |          |                 |       |
|--------|-------|--------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|---|--|--|--|------------------|----------|-----------------|-------|
| 39.2   | SR173 | HV_STATUSTUS: NORMAL                             | The BMS shall set the Flag HV_STATUS to NORMAL upon a valid measurement of insulation resistance higher or equal than specified in configuration parameter INS_RESTHR                                                                                                             | TECHNICAL | A |  |  |  | no traced events | PROPOSED | • SR442 (ASILD) | • MCU |
| 39.3   | SR174 | HV_FAULT_COUNTHV_STATUSTUS: FAILURE              | The BMS shall keep a counter HV_FAULT_COUNT in Flag HV_STATUS of the times the Flag is assigned to FAULT and cleared again. Upon counting an amount equal to or higher than specified in configuration parameter HV_FAULT_COUNT_LIMIT the Flag HV_STATUS shall be set to FAILURE. | TECHNICAL | A |  |  |  | no traced events | PROPOSED | • SR444 (ASILD) | • MCU |
| 39.3.1 | SR175 | Store HV_STATUSTUS: HV_FAULT_COUNTHV_FAULT_COUNT | The BMS shall write in NV memory any update of the HV_FAULT_COUNT                                                                                                                                                                                                                 | TECHNICAL | A |  |  |  | no traced events | PROPOSED |                 | • MCU |

|        |       |                                     |                                                                                                                     |                       |   |  |  |  |                  |                      |  |  |  |
|--------|-------|-------------------------------------|---------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|--|--|
| 39.3.2 | SR176 | HV_STATUS<br>Fault clearance        | Once the system has entered HV_STATUS as fault, it shall only be cleared if a specific signal is received over CAN. | TE<br>CH<br>NIC<br>AL | A |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 39.4   | SR177 | Store failure count                 | The BMS shall store the faults in two counters: local and lifetime                                                  | TE<br>CH<br>NIC<br>AL | A |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 39.4.1 | SR185 | Keep track of lifetime fault counts | Lifetime counts shall be stored on non-volatile memory, and shall not be reset at any time.                         | TE<br>CH<br>NIC<br>AL | A |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |

|     |      |                                 |                                                                                                                                                                                                                                                                                     |                       |   |  |  |  |                  |                      |                    |                                                        |  |
|-----|------|---------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--------------------|--------------------------------------------------------|--|
| 39. | SR18 | Local fault counter             | Local faults shall be stored for xxx days, post which the counter shall be reset. This counter shall keep track of the number of faults occurred in the past xxx days. The BMS shall clear the local fault counter if no new fault is detected within xxx days of the previous one. | TE<br>CH<br>NIC<br>AL | A |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                    |                                                        |  |
| 39. | SR18 |                                 | The BMS shall clear the local fault counter if no new fault is detected within xxx seconds of the previous one.                                                                                                                                                                     | TE<br>CH<br>NIC<br>AL | A |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                    |                                                        |  |
| 40  | SR18 | Permanent HV FAILURE disconnect | Open HV Switch at HV FAILURE and store in NV memory so the action is permanent                                                                                                                                                                                                      | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR 01 5 (ASIL B) | • MCU<br>• FET / Contactor Driver<br>• FET / Contactor |  |

|      |       |                                      |                                                                                                          |              |   |  |  |  |                  |             |                                          |                                            |
|------|-------|--------------------------------------|----------------------------------------------------------------------------------------------------------|--------------|---|--|--|--|------------------|-------------|------------------------------------------|--------------------------------------------|
| 40.1 | SR189 | Open switches at HV_STA TUS: FAILURE | The BMS shall assign signal(s) as to open the HV switches of the battery upon Flag HV_STATUS set FAILURE | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED | • SR 449 (AS IL D)                       | • MCU<br>• FET / Contactor Driver (ASIL B) |
| 40.2 | SR190 | Store HV_STA TUS: FAILURE            | The BMS shall write in NV memory if Flag HV_STATUS set FAILURE                                           | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED | • SR 447 (AS IL D)                       | • MCU<br>• FET / Contactor Driver (ASIL B) |
| 41.1 | SR191 | Permane nt TR FAILURE disconne ct    | Open HV Switch at TR FAILURE and store in NV memory so the action is permammen t                         | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED | • SR 015 (AS IL B)<br>• SR 005 (AS IL B) | • MCU<br>• FET / Contactor Driver (ASIL B) |
| 41.1 | SR192 | Open switches at TR_STAT US: FAILURE | The BMS shall assign signal(s) as to open the HV switches of the battery upon Flag TR_STATUS set FAILURE | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED | • SR 451 (AS IL D)                       | • MCU<br>• FET / Contactor Driver (ASIL B) |
| 41.2 | SR193 | Store TR_STAT US: FAILURE            | The BMS shall write in NV memory if Flag TR_STATUS set FAILURE                                           | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED |                                          | • MCU<br>• FET / Contactor Driver (ASIL B) |

|          |           |                             |                                                                                                                                                                                        |                       |   |  |  |  |                  |                      |                                       |                                       |          |
|----------|-----------|-----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|---------------------------------------|---------------------------------------|----------|
| 42       | SR19<br>4 | TR FAULT to FAILURE timeout | Upon detection of a FAULT by the TR detection algorithm initiate a timer.<br>Upon elapsing of pre-programmed time assign a FAILURE                                                     | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>SR<br>00<br>5<br>(AS<br>IL<br>B) | •<br>SR<br>03<br>1<br>(AS<br>IL<br>B) | •<br>MCU |
| 42.<br>1 | SR19<br>5 | TR_STATUS:<br>FAULT         | The BMS shall set the Flag TR_STATUS to FAULT upon a detection of the event via the TR detection algorithm. The parameters of this algorithm shall be stored in the configuration file | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                       |                                       | •<br>MCU |

|      |       |                                 |                                                                                                                                                                                                                                                  |                       |   |  |  |  |                  |                      |  |  |  |  |       |
|------|-------|---------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|--|--|--|-------|
| 42.2 | SR196 | TR_STAT<br>US:<br>NORMAL        | The BMS shall set the Flag TR_STATUS to NORMAL upon clearing of the event if either of the conditions are met:<br>1. The TR detection algorithm indicates that no thermal runaway is present anymore<br>2. Reception of relevant signal over CAN | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |  | • MCU |
| 42.3 | SR197 | TR_FAIL<br>URE_TI<br>MEOUT<br>, | While on TR_STATUS on FAULT, the BMS shall initiate a timer of duration as specified in configuration parameter TR_FAILURE_TIMEOUT. On expiration of the counter TR_STATUS Flag shall be set to FAILURE if FAULT is still persisting             | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |  | • MCU |

|    |           |                                                                                        |  |                       |   |  |  |  |                  |                      |                                                                          |                                                                             |
|----|-----------|----------------------------------------------------------------------------------------|--|-----------------------|---|--|--|--|------------------|----------------------|--------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| 43 | SR19<br>8 | Temporary disconnect the battery if fault has been detected related to temperature     |  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>45<br>2<br>(AS<br>IL<br>D)<br>• SR<br>45<br>3<br>(AS<br>IL<br>D) | • MCU<br>• FET /<br>Contactor<br>Driver<br>(ASIL B)<br>• FET /<br>Contactor |
| 44 | SR19<br>9 | Temporary disconnect the battery if fault has been detected related to cell voltages   |  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>45<br>4<br>(AS<br>IL<br>D)<br>• SR<br>45<br>5<br>(AS<br>IL<br>D) | • MCU<br>• FET /<br>Contactor<br>Driver<br>(ASIL B)<br>• FET /<br>Contactor |
| 45 | SR20<br>0 | Temporary disconnect the battery if fault has been detected related to battery voltage |  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>45<br>6<br>(AS<br>IL<br>D)<br>• SR<br>45<br>7<br>(AS<br>IL<br>D) | • MCU<br>• FET /<br>Contactor<br>Driver<br>(ASIL B)<br>• FET /<br>Contactor |

|    |        |                                                                                                               |                                                                                                                                                                                                                       |              |   |  |  |  |                  |             |                     |                     |                                                           |
|----|--------|---------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|---|--|--|--|------------------|-------------|---------------------|---------------------|-----------------------------------------------------------|
| 46 | SR20 1 | Temporary disconnect the battery if fault has been detected related to high imbalance detected in the battery | The BMS shall set the signal(s) to _____ if the voltage imbalance (i.e. voltage difference) between cell(s) at the lowest voltage, and the cell(s) at the highest voltage exceeds xxx mV for atleast xxx ms duration. | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED | • SR 45 8 (AS IL D) | • SR 45 9 (AS IL D) | • FET / Contactor Driver (ASIL B) • MCU • FET / Contactor |
| 47 | SR20 2 | Temporary disconnect the battery if fault has been detected related to battery current                        |                                                                                                                                                                                                                       | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED | • SR 01 1 (AS IL B) | • SR 01 1 (AS IL B) | • FET / Contactor Driver (ASIL B) • MCU • FET / Contactor |

|      |       |                                             |                                                                                                                                                                                                                              |                       |   |  |  |  |                  |                      |  |  |  |                                                                 |
|------|-------|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|--|--|-----------------------------------------------------------------|
| 47.1 | SR203 | Open switches at BAT CU RR STA TUS: FAILURE | The BMS shall assign signal(s) as to open the HV switches of the battery upon Flag BAT_CURR_STATUS set to any of the following:<br>- OVERCURR ENT_CHAR GE<br>- OVERCURR ENT_DISCHARGE<br>- SHORT_CHARGE<br>- SHORT_DISCHARGE | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  | • FET / Contactor Driver (ASIL B)<br>• MCU<br>• FET / Contactor |
| 47.2 | SR204 | Close switches at BAT CU RR STA TUS: NORMAL | The BMS shall assign signal(s) as to close the HV switches of the battery upon Flag BAT_CURR_STATUS set to NORMAL if no other protections are activated that require open HV switches                                        | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |

|      |       |                                                  |                                                                                                                                                                                                                                                     |                       |   |  |  |  |                  |                      |                  |                                              |       |
|------|-------|--------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|------------------|----------------------------------------------|-------|
| 48   | SR205 | Continuously monitor BMS internal communications | The controller shall implement mechanisms to monitor the communication status, and detect anomalies between the following:<br>1. Controller to AFE(s)<br>2. Controller to current sensor IC<br>3. Controller to SBC<br>4. Controller to HV switches | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                  | • SR019 (ASIL B)                             | • MCU |
| 48.1 | SR206 | CRC on internal communication                    | The AFE to AFE and AFE, BJB, SBC to MCU communication shall include CRC to detect possible communication errors                                                                                                                                     | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR460 (ASIL D) | • MCU<br>• SBC (ASIL B)<br>• AFE<br>• BJB IC |       |
| 48.2 | SR207 | EDC on internal communication                    | The AFE to AFE and AFE, BJB, SBC to MCU communication shall include EDC to correct possible communication errors                                                                                                                                    | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                  | • MCU<br>• BJB IC<br>• SBC (ASIL B)<br>• AFE |       |

|      |       |                                        |                                                                                                                                                                           |                       |   |  |  |  |                  |                      |                     |       |
|------|-------|----------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|---------------------|-------|
| 48.3 | SR208 | Periodic external communication timers | The BMS shall keep timers associated to periodic communication packets with external controller and reset them for every packet that was successful received              | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR462<br>(ASIL D) | • MCU |
| 48.4 | SR209 | Periodic internal communication timers | The BMS shall keep timers associated to periodic internal communication packets between AFE, BJB, SBC to MCU and reset them for every packet that was successful received | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR463<br>(ASIL D) | • MCU |
| 48.5 | SR210 | Retry communication                    | The BMS shall retry internal communication xxx times in case internal communication failures are encountered                                                              | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                     | • MCU |

|     |      |                                                                         |                                                                                             |              |   |  |  |  |                  |             |                     |                     |                     |                                                                    |
|-----|------|-------------------------------------------------------------------------|---------------------------------------------------------------------------------------------|--------------|---|--|--|--|------------------|-------------|---------------------|---------------------|---------------------|--------------------------------------------------------------------|
| 48. | SR21 | The BMS shall raise flag COMM ERROR in case of continued failure        | The BMS shall set flag COMM ERROR in case there is continued internal communication failure | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED |                     |                     |                     | • MCU                                                              |
| 49  | SR21 | Notify the driver and passengers about BMS internal communication error |                                                                                             | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED | • SR 46 6 (AS IL D) | • SR 02 9 (AS IL B) |                     | • MCU                                                              |
| 50  | SR21 | Temporary disconnect the battery if internal communication is faulty    |                                                                                             | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED | • SR 46 4 (AS IL D) | • SR 02 8 (AS IL B) | • SR 46 5 (AS IL D) | • MCU<br>• FET / Contactor<br>Driver (ASIL B)<br>• FET / Contactor |

|      |       |                                              |                                                                                                                                                                                                |              |   |  |  |  |                  |             |  |  |  |  |                                                                 |
|------|-------|----------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|---|--|--|--|------------------|-------------|--|--|--|--|-----------------------------------------------------------------|
| 50.1 | SR214 | Open switches at INT_CO M_STAT US: TIMEOUT T | The BMS shall assign signal(s) as to open the HV switches of the battery upon Flag INT_COM_S TATUS set to any of the following:<br>- AFE_TIMEOUT UT<br>- BJB_TIMEOUT UT<br>- SBC_TIMEOUT UT    | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED |  |  |  |  | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |
| 50.2 | SR215 | Close switches at INT_CO M_STAT US: NORMAL   | The BMS shall assign signal(s) as to close the HV switches of the charger and the battery upon a INT_COM_S TATUS to NORMAL if no other protections are activated that require open HV switches | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED |  |  |  |  | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |

|     |           |                                       |                                                                                                                                                                                                                                  |                       |   |  |  |  |                  |                      |  |  |  |  |                                                                 |
|-----|-----------|---------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|--|--|--|-----------------------------------------------------------------|
| 50. | SR21<br>3 | Open switches at COM_ST ATUS: FAILURE | The BMS shall assign signal(s) as to open the HV switches of the battery upon Flag COM_STAT US set to any of the following:<br>- COM_FAILURE_AFE_AF E<br>- COM_FAILURE_AFE_MCU<br>- COM_FAILURE_BJB_MCU<br>- COM_FAILURE_SBC_MCU | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |  | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |
|-----|-----------|---------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|--|--|--|-----------------------------------------------------------------|

|     |           |                                                                 |                                                                                                                                                                                                                                                                                                                  |                       |   |  |  |  |                  |                      |  |                                    |       |                                                                 |
|-----|-----------|-----------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|------------------------------------|-------|-----------------------------------------------------------------|
| 50. | SR21<br>4 | Close switches at COM_ST ATUS: WARNIN G or NORMAL               | The BMS shall assign signal(s) as to close the HV switches of the battery and charger upon Flag COM_STAT US set to any of the following:<br>- COM_WARN_AFE_AFE<br>- COM_WARN_AFE MCU<br>- COM_WARN_BJB MCU<br>- COM_WARN_SBC MCU<br>- NORMAL if no other protections are activated that require open HV switches | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |                                    |       | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |
| 51  | SR21<br>8 | Protect against SW errors by use of adequate SW design approach |                                                                                                                                                                                                                                                                                                                  | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  | • SR<br>01<br>7<br>(AS<br>IL<br>B) | • MCU |                                                                 |

|      |       |                                                                                |                                                                                                        |           |   |  |  |  |                  |          |                  |                  |                  |                            |                                                                                      |
|------|-------|--------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------|-----------|---|--|--|--|------------------|----------|------------------|------------------|------------------|----------------------------|--------------------------------------------------------------------------------------|
| 51.1 | SR219 | Use of 2-level software architecture                                           | The software architecture shall be atleast 2-level, and can be based on the EGAS architecture concept. | TECHNICAL | B |  |  |  | no traced events | PROPOSED |                  |                  |                  | • MCU                      |                                                                                      |
| 52   | SR220 | The BMS shall receive external commands and send external information over CAN |                                                                                                        | TECHNICAL | B |  |  |  | no traced events | PROPOSED | • SR467 (ASIL D) | • SR468 (ASIL D) | • SR469 (ASIL D) | • SR470 (ASIL D)           | • MCU<br>• CAN Transceiver<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |
| 52.1 | SR221 | Flags over CAN                                                                 | The BMS shall periodically broadcast packets with all Flags                                            | TECHNICAL | B |  |  |  | no traced events | PROPOSED |                  |                  |                  | • MCU<br>• CAN Transceiver |                                                                                      |
| 52.2 | SR222 | E2E protected CAN                                                              | The BMS shall include E2E protected CAN communication                                                  | TECHNICAL | B |  |  |  | no traced events | PROPOSED |                  |                  |                  | • MCU                      |                                                                                      |

|      |      |                |                                                                                                                                                                                             |                       |   |  |  |  |  |                  |                      |  |  |  |  |                                                                                      |
|------|------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|--|--|--|--|--------------------------------------------------------------------------------------|
| 52.3 | SR22 | Open HV switch | The BMS shall assign signal(s) as to open the HV switches of the charger and/or the battery upon a reception of valid command from the external controller including HV_SWITCH Flag to OPEN | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |  | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• CAN Transciever<br>• FET / Contactor |
| 52.4 | SR22 | Permanent Flag | The BMS shall store in NV memory Flags upon reception of special store request packet. Storing in NV memory shall only be allowed for Flags requiring open HV switches.                     | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |  | • MCU                                                                                |

|        |       |                                                                    |                                                                                                                                                                                               |           |   |  |  |  |                  |          |  |  |  |  |                                                                                      |
|--------|-------|--------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|---|--|--|--|------------------|----------|--|--|--|--|--------------------------------------------------------------------------------------|
| 52.5   | SR225 | Close HV switch                                                    | The BMS shall assign signal(s) as to close the HV switches of the charger and/or the battery upon a reception of valid command from the external controller including HV_SWITCH Flag to Close | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |  |  |  | • MCU<br>• CAN Transceiver<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |
| 52.6   | SR226 | Prevent BMS failures related to production quality                 |                                                                                                                                                                                               | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |  |  |  | • SR017 (ASIL B)<br>• Battery Management System                                      |
| 52.6.1 | SR227 | PCB manufacturing                                                  | Shall be class 2 or higher grade                                                                                                                                                              | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |  |  |  | • Battery Management System                                                          |
| 53     | SR228 | The BMS shall keep track and act upon internal and external events |                                                                                                                                                                                               | TECHNICAL | B |  |  |  | no traced events | PROPOSED |  |  |  |  | • SR017 (ASIL B)<br>• MCU                                                            |

|        |       |                                                        |                                                                                                                         |                       |   |  |  |  |                  |                      |  |                                |  |                            |
|--------|-------|--------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|--------------------------------|--|----------------------------|
| 53.1   | SR229 | Flags                                                  | The BMS shall keep track of events that represent that current state of the BMS in digital representations called Flags | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |                                |  | • MCU                      |
| 54.0   | SR230 | The BMS shall provide means of measurement calibration |                                                                                                                         | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  | • SR<br>017<br>(AS<br>IL<br>B) |  | • MCU                      |
| 54.1.1 | SR231 | Store calibration                                      | The BMS shall include sufficient NV memory to store the calibration data                                                | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |                                |  | • MCU                      |
| 54.2.2 | SR232 | Retrieve configuration & Flags at boot                 | At boot the BMS will retrieve the calibration data from NV memory                                                       | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |                                |  | • MCU                      |
| 54.3.3 | SR233 | Program configuration & Flags                          | Calibration data in NV memory shall be able to be programmed by the BMS in calibration upload mode                      | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |                                |  | • MCU<br>• CAN Transceiver |

|      |           |                                                                                              |                                                                                                                                                                                                                                                                                                                                        |                       |   |  |  |  |                  |                      |  |                                                                                                                 |                                                                                                                 |
|------|-----------|----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|--|-----------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|
| 55   | SR23<br>8 | Temporary disconnect the battery if fault has been detected related to battery short circuit | Disconnect the battery if short-circuit is detected                                                                                                                                                                                                                                                                                    | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  | • SR<br>01<br>1<br>(AS<br>IL<br>B)                                                                              | • MCU<br>• FET /<br>Contactor<br>Driver<br>(ASIL B)<br>• Short-<br>circuit<br>detection<br>• FET /<br>Contactor |
| 55.1 | SR23<br>9 | Close switches upon latch signal true                                                        | The BMS shall assign signal(s) as to close the HV switches of the battery upon either of the following conditions:<br>1. Elapsing of timer CURRENT_INTEGRATOR_OPEN_TIME held in configuration parameter in case Current Integrator error is relieved due to previous HV switch opening action<br>2. Reception of _____ signal over CAN | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  | • MCU<br>• FET /<br>Contactor<br>Driver<br>(ASIL B)<br>• Short-<br>circuit<br>detection<br>• FET /<br>Contactor |                                                                                                                 |

|     |           |                          |                                                                                                                                                   |                       |   |  |  |  |                  |                      |                                    |                                    |                                    |                                                                                     |
|-----|-----------|--------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|------------------------------------|------------------------------------|------------------------------------|-------------------------------------------------------------------------------------|
| 55. | SR24<br>2 | Short-circuit definition | The BMS shall assign signal(s) as to open the HV switches of the battery upon detecting instantaneous current higher than xxx A, within xxx us.   | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                    |                                    |                                    | • FET / Contactor Driver (ASIL B)<br>• Short-circuit detection<br>• FET / Contactor |
| 56  | SR24<br>1 | Stop balancing battery   | The BMS shall stop balancing the cells while the Flag CELL_BALANCE_STATUS is in state STOP_BALANCING or in cases when balancing are not being met | TE<br>CH<br>NIC<br>AL | B |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>47<br>1<br>(AS<br>IL<br>D) | • SR<br>01<br>6<br>(AS<br>IL<br>B) | • SR<br>47<br>2<br>(AS<br>IL<br>D) | • MCU<br>• AFE<br>• TPL<br>Transceiver                                              |

|    |        |                                                 |                                                                                                                                                                                                                                        |              |         |  |  |  |                  |             |  |                    |                                                                 |
|----|--------|-------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|---------|--|--|--|------------------|-------------|--|--------------------|-----------------------------------------------------------------|
| 57 | SR24 2 | Current integrator                              | The BMS shall be equipped with current integrator with SW selectable integration period of a range of xxx to xxx ms. In case the integration period is SW selectable the BMS shall select the value stored in configuration parameter. | TE CH NIC AL | B       |  |  |  | no traced events | PR OP OS ED |  | • SR 01 2 (ASIL B) | • MCU<br>• Short-circuit detection                              |
| 58 | SR24 3 | SW HV switch timing                             | Upon actuation signal provided, the HV switches shall not take more than xxx ms and xxx ms to open and close respectively .                                                                                                            | TE CH NIC AL | B       |  |  |  | no traced events | PR OP OS ED |  | • SR 02 2 (ASIL B) | • FET / Contactor Driver (ASIL B)<br>• MCU<br>• FET / Contactor |
| 59 | SR24 4 | AIS-156 and AIS_004 compliance                  |                                                                                                                                                                                                                                        | TE CH NIC AL | N O N E |  |  |  | no traced events | PR OP OS ED |  |                    | • Battery Management System                                     |
| 60 | SR24 5 | Provide protections for internal voltage faults | Provide protections for cases where isolation failure can occur (optocouplers, isolated transcievers, etc.)                                                                                                                            | TE CH NIC AL | B       |  |  |  | no traced events | PR OP OS ED |  | • SR 02 6 (ASIL B) | • Battery Management System                                     |

|    |        |                                                                 |                                                                                                                                                                                 |              |   |  |  |  |                  |             |                                            |                                                                 |
|----|--------|-----------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|---|--|--|--|------------------|-------------|--------------------------------------------|-----------------------------------------------------------------|
| 61 | SR24 6 | Set status to Unbalanced                                        | The BMS shall set the CELL_BALANCE_STATUS to UNBALANCE_D if the cell voltage difference between the cell(s) with minimum voltage and those with maximum voltage exceeds xxx mV. | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED | • SR 47 4 (AS IL D)                        | • SR 01 6 (AS IL B)                                             |
| 62 | SR24 7 | The system shall use suitable sensors to detect thermal runaway |                                                                                                                                                                                 | TE CH NIC AL | D |  |  |  | no traced events | PR OP OS ED | • SR 00 5 (AS IL B)                        |                                                                 |
| 63 | SR25 2 | Open switches at HV_SWITCH_STATUS: FAILURE                      | The BMS shall assign signal(s) as to open the HV switches of the battery upon Flag HV_SWITCH_STATUS set to FAILURE                                                              | TE CH NIC AL | B |  |  |  | no traced events | PR OP OS ED | • SR 47 7 (AS IL D)<br>• SR 47 8 (AS IL D) | • MCU<br>• FET / Contactor Driver (ASIL B)<br>• FET / Contactor |

|    |           |                                                   |                                                                                                                                                                                         |                       |   |  |  |  |  |                  |                      |                                                                          |                                                                    |
|----|-----------|---------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|--------------------------------------------------------------------------|--------------------------------------------------------------------|
| 64 | SR25<br>3 | Close switches at HV_SWITC<br>TCH_ST ATUS: NORMAL | The BMS shall assign signal(s) as to close the HV switches of the battery upon Flag HV_SWITC H_STATUS set to NORMAL if no other protections are activated that require open HV switches | TE<br>CH<br>NIC<br>AL | B |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>47<br>9<br>(AS<br>IL<br>D)<br>• SR<br>48<br>0<br>(AS<br>IL<br>D) | • MCU<br>• FET / Contactor<br>Driver (ASIL B)<br>• FET / Contactor |
|----|-----------|---------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|--------------------------------------------------------------------------|--------------------------------------------------------------------|

|    |       |                                          |                       |   |  |  |  |                  |                      |                            |  |                                                                                                                                                                                                                                                                                           |
|----|-------|------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 65 | SR312 | [A] Continuously monitor battery voltage | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>25<br>1 (AS<br>IL<br>B)<br>• SR<br>26<br>0 (AS<br>IL<br>B)<br>• SR<br>25<br>7 (AS<br>IL<br>B)<br>• SR<br>10<br>4 (AS<br>IL<br>B)<br>• SR<br>26<br>9 (AS<br>IL<br>B)<br>• SR<br>28<br>2 (AS<br>IL<br>B)<br>• SR<br>54<br>8 (AS<br>IL<br>B)<br>• SR<br>56<br>1 (AS<br>IL<br>B)<br>• |
|----|-------|------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

28-Mar-2025 12:08 pm

|            |           |                                                                |                                                                                              |                       |   |  |  |                        |                      |                                  |                                                                                |                                  |
|------------|-----------|----------------------------------------------------------------|----------------------------------------------------------------------------------------------|-----------------------|---|--|--|------------------------|----------------------|----------------------------------|--------------------------------------------------------------------------------|----------------------------------|
|            |           |                                                                |                                                                                              |                       |   |  |  |                        |                      |                                  |                                                                                | SR<br>55<br>9<br>(AS<br>IL<br>B) |
| 65.<br>1   | SR30<br>7 | [A]<br>Battery<br>Voltage<br>Monito<br>ring<br>Perform<br>ance |                                                                                              | TE<br>CH<br>NIC<br>AL | D |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |                                                                                |                                  |
| 65.<br>1.1 | SR30<br>8 | [A]<br>Battery<br>Voltage<br>Range                             | The BMS<br>shall<br>measure<br>battery<br>voltage<br>with range<br>at least of<br>0 to xxxV. | TE<br>CH<br>NIC<br>AL | D |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>66<br>3<br>(AS<br>IL<br>D)<br>•<br>SR<br>66<br>4<br>(AS<br>IL<br>D) |                                  |

|     |      |                                             |                                                                                                                                                                                    |                       |   |  |  |  |                        |                      |                                  |                                                                                                                                                                                                           |  |  |
|-----|------|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------------|----------------------|----------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|
| 65. | SR30 | [A]<br>Battery<br>Voltage<br>Accuracy       | The BMS<br>shall<br>measure<br>battery<br>voltage<br>with<br>accuracy of<br>xxx mV,<br>across<br>operating<br>temperatur<br>e -25<br>degree<br>celcius to<br>125 degree<br>celcius | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>65<br>9<br>(AS<br>IL<br>D)<br>•<br>SR<br>66<br>0<br>(AS<br>IL<br>D)<br>•<br>SR<br>66<br>1<br>(AS<br>IL<br>D)<br>•<br>SR<br>66<br>2<br>(AS<br>IL<br>D)<br>•<br>SR<br>66<br>5<br>(AS<br>IL<br>D) |  |  |
| 65. | SR31 | [A]<br>Battery<br>Voltage<br>Resoluti<br>on | The BMS<br>shall<br>measure<br>battery<br>voltage<br>with at<br>most and<br>resolution<br>of xxxmV.                                                                                | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>65<br>8<br>(AS<br>IL<br>D)                                                                                                                                                                     |  |  |

|     |      |     |                                |                                                                                                              |                       |   |  |  |  |                        |                      |                                  |                                                                         |  |  |
|-----|------|-----|--------------------------------|--------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------------|----------------------|----------------------------------|-------------------------------------------------------------------------|--|--|
| 65. | SR31 | [A] | Battery<br>Voltage<br>Sampling | The BMS<br>shall<br>measure<br>battery<br>voltage at<br>a sampling<br>rate of at<br>least xxx<br>sample/sec. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>65<br>6<br>(Q<br>M)<br>•<br>SR<br>65<br>7<br>(AS<br>IL<br>D) |  |  |
| 1.4 | 1    |     |                                |                                                                                                              |                       |   |  |  |  |                        |                      |                                  |                                                                         |  |  |

|    |       |                                              |                       |   |  |  |  |  |                  |                      |                       |  |                             |  |
|----|-------|----------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|-----------------------|--|-----------------------------|--|
| 66 | SR318 | [A] Continuously monitor battery temperature | TE<br>CH<br>NIC<br>AL | D |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G02 (AS<br>IL<br>B) |  | • SR<br>035 (AS<br>IL<br>B) |  |
|    |       |                                              |                       |   |  |  |  |  |                  |                      |                       |  | • SR<br>104 (AS<br>IL<br>B) |  |
|    |       |                                              |                       |   |  |  |  |  |                  |                      |                       |  | • SR<br>051 (AS<br>IL<br>B) |  |
|    |       |                                              |                       |   |  |  |  |  |                  |                      |                       |  | • SR<br>038 (AS<br>IL<br>B) |  |
|    |       |                                              |                       |   |  |  |  |  |                  |                      |                       |  | • SR<br>269 (AS<br>IL<br>B) |  |
|    |       |                                              |                       |   |  |  |  |  |                  |                      |                       |  | • SR<br>282 (AS<br>IL<br>B) |  |
|    |       |                                              |                       |   |  |  |  |  |                  |                      |                       |  | • SR<br>330 (AS<br>IL<br>B) |  |
|    |       |                                              |                       |   |  |  |  |  |                  |                      |                       |  | • SR<br>561 (AS<br>IL<br>B) |  |
|    |       |                                              |                       |   |  |  |  |  |                  |                      |                       |  | • SR<br>035 (AS<br>IL<br>B) |  |

28-Mar-2025 12:08 pm

|        |           |                                                     |                                                                                                                       |                       |   |  |  |                        |                      |                                  |  |                                  |
|--------|-----------|-----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|------------------------|----------------------|----------------------------------|--|----------------------------------|
|        |           |                                                     |                                                                                                                       |                       |   |  |  |                        |                      |                                  |  | SR<br>55<br>9<br>(AS<br>IL<br>B) |
| 66.1   | SR31<br>3 | [A]<br>Battery<br>Tempera<br>ture<br>Monitor        |                                                                                                                       | TE<br>CH<br>NIC<br>AL | D |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |  |                                  |
| 66.1.1 | SR31<br>4 | [A]<br>Battery<br>Tempera<br>ture<br>Range          | The BMS<br>shall<br>measure<br>battery<br>Temperatur<br>e with<br>range at<br>least of 0<br>to xxxV.                  | TE<br>CH<br>NIC<br>AL | D |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |  |                                  |
| 66.1.2 | SR31<br>5 | [A]<br>Battery<br>Tempera<br>ture<br>Accuracy       | The BMS<br>shall<br>measure<br>battery<br>Temperatur<br>e with<br>accuracy of<br>xxx mV.                              | TE<br>CH<br>NIC<br>AL | D |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |  |                                  |
| 66.1.3 | SR31<br>6 | [A]<br>Battery<br>Tempera<br>ture<br>Resoluti<br>on | The BMS<br>shall<br>measure<br>battery<br>Temperatur<br>e with at<br>most and<br>resolution<br>of xxx °C              | TE<br>CH<br>NIC<br>AL | D |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |  |                                  |
| 66.1.4 | SR31<br>7 | [A]<br>Battery<br>Tempera<br>ture<br>Samplin<br>g   | The BMS<br>shall<br>measure<br>battery<br>Temperatur<br>e vat a<br>sampling<br>rate of at<br>least xxx<br>sample/sec. | TE<br>CH<br>NIC<br>AL | D |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |  |                                  |

|    |       |                                           |                       |   |  |  |  |  |                  |                      |                        |  |                                                                                                                                                                                                                                                           |
|----|-------|-------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|------------------------|--|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 67 | SR324 | [A] Continuously monitor battery current. | TE<br>CH<br>NIC<br>AL | D |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G002 (AS<br>IL<br>B) |  | • SR<br>274 (AS<br>IL<br>B)<br>• SR<br>104 (AS<br>IL<br>B)<br>• SR<br>277 (AS<br>IL<br>B)<br>• SR<br>269 (AS<br>IL<br>B)<br>• SR<br>282 (AS<br>IL<br>B)<br>• SR<br>276 (AS<br>IL<br>B)<br>• SR<br>559 (AS<br>IL<br>B)<br>• SR<br>561 (AS<br>IL<br>B)<br>• |
|----|-------|-------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|------------------------|--|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

28-Mar-2025 12:08 pm

|        |   |                                       |                                                                                              |                       |   |  |  |  |                        |                      |                                  |  |                                                                                                                                                             |
|--------|---|---------------------------------------|----------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------------|----------------------|----------------------------------|--|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
|        |   |                                       |                                                                                              |                       |   |  |  |  |                        |                      |                                  |  | SR<br>56<br>0<br>(AS<br>IL<br>D)<br>•<br>SR<br>58<br>3<br>(AS<br>IL<br>D)<br>•<br>SR<br>59<br>7<br>(AS<br>IL<br>B)<br>•<br>SR<br>59<br>9<br>(AS<br>IL<br>B) |
| 67.1   | 9 | [A]<br>Battery<br>Current<br>Monitor  |                                                                                              | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |  |                                                                                                                                                             |
| 67.1.1 | 0 | [A]<br>Battery<br>Current<br>Range    | The BMS<br>shall<br>measure<br>battery<br>Current<br>with range<br>at least of<br>0 to xxxV. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |  |                                                                                                                                                             |
| 67.1.2 | 1 | [A]<br>Battery<br>Current<br>Accuracy | The BMS<br>shall<br>measure<br>battery<br>Current<br>with<br>accuracy of<br>xxx mV.          | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |  |                                                                                                                                                             |

|            |           |                                              |                                                                                                                 |                       |   |  |  |  |                        |                      |                                  |                                       |                                       |                                       |
|------------|-----------|----------------------------------------------|-----------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------------|----------------------|----------------------------------|---------------------------------------|---------------------------------------|---------------------------------------|
| 67.<br>1.3 | SR32<br>2 | [A]<br>Battery<br>Current<br>Resoluti<br>on  | The BMS<br>shall<br>measure<br>battery<br>Current<br>with at<br>most and<br>resolution<br>of xxxmV.             | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |                                       |                                       |                                       |
| 67.<br>1.4 | SR32<br>3 | [A]<br>Battery<br>Current<br>Samplin<br>g    | The BMS<br>shall<br>measure<br>battery<br>Current<br>at a<br>sampling<br>rate of at<br>least xxx<br>sample/sec. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>66<br>6<br>(AS<br>IL<br>D) | •<br>SR<br>66<br>8<br>(AS<br>IL<br>D) | •<br>SR<br>66<br>9<br>(AS<br>IL<br>D) |
| 68         | SR32<br>5 | Sned<br>data<br>over<br>UART                 |                                                                                                                 | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |                                       | •<br>SR<br>28<br>4<br>(AS<br>IL<br>B) |                                       |
| 69         | SR32<br>6 | Sned<br>data<br>over<br>CAN                  |                                                                                                                 | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |                                       | •<br>SR<br>28<br>4<br>(AS<br>IL<br>B) |                                       |
| 70         | SR32<br>9 | [F]<br>Send<br>data<br>over<br>CAN to<br>IPC |                                                                                                                 | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |                                       | •<br>SR<br>28<br>3<br>(AS<br>IL<br>B) |                                       |

|    |       |                                                                                          |  |           |   |  |  |  |                  |          |                 |  |                                      |
|----|-------|------------------------------------------------------------------------------------------|--|-----------|---|--|--|--|------------------|----------|-----------------|--|--------------------------------------|
| 71 | SR334 | [F] Send data over CAN within xxx msec after detection of temperature fault.             |  | TECHNICAL | D |  |  |  | no traced events | PROPOSED | • G002 (ASIL B) |  | • SR123 (ASIL B)                     |
| 72 | SR335 | Sned data over CAN                                                                       |  | TECHNICAL | D |  |  |  | no traced events | PROPOSED | • G002 (ASIL B) |  | • SR271 (ASIL B)                     |
| 73 | SR336 | Sned data over CAN                                                                       |  | TECHNICAL | D |  |  |  | no traced events | PROPOSED | • G002 (ASIL B) |  | • SR248 (ASIL B)                     |
| 74 | SR445 | Sned data over UART                                                                      |  | TECHNICAL | D |  |  |  | no traced events | PROPOSED | • G002 (ASIL B) |  | • SR271 (ASIL B)                     |
| 75 | SR446 | Sned data over UART                                                                      |  | TECHNICAL | D |  |  |  | no traced events | PROPOSED | • G002 (ASIL B) |  | • SR248 (ASIL B)                     |
| 76 | SR537 | [E] BMS shall send max permissible charging and dicharging current limits every xxx sec. |  | TECHNICAL | D |  |  |  | no traced events | PROPOSED | • G002 (ASIL B) |  | • SR104 (ASIL B)<br>• SR035 (ASIL B) |

28-Mar-2025 12:08 pm

|    |       |                                                                                           |           |   |  |  |  |                  |          |                 |                  |                  |                  |
|----|-------|-------------------------------------------------------------------------------------------|-----------|---|--|--|--|------------------|----------|-----------------|------------------|------------------|------------------|
| 77 | SR538 | [E] BMS shall send max permissible charging and discharging current limits every xxx sec. | TECHNICAL | D |  |  |  | no traced events | PROPOSED | • G002 (ASIL B) | • SR266 (ASIL D) | • SR269 (ASIL B) | • SR251 (ASIL B) |
| 78 | SR539 | [E] BMS shall send max permissible charging and discharging current limits every xxx sec. | TECHNICAL | D |  |  |  | no traced events | PROPOSED | • G002 (ASIL B) | • SR279 (ASIL D) | • SR282 (ASIL B) | • SR274 (ASIL B) |
| 79 | SR542 | [D] FHTI should be less than xxx sec[FTTI]                                                | TECHNICAL | D |  |  |  | no traced events | PROPOSED |                 |                  |                  |                  |

|    |       |                                                                                           |  |                       |   |  |  |  |                  |                      |                        |  |                                                                               |
|----|-------|-------------------------------------------------------------------------------------------|--|-----------------------|---|--|--|--|------------------|----------------------|------------------------|--|-------------------------------------------------------------------------------|
| 80 | SR549 | [B] The rate of change of voltage must not be more than xxx mV/msec for more than yyy sec |  | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G002 (AS<br>IL<br>B) |  | • SR548 (AS<br>IL<br>B)                                                       |
| 81 | SR551 | [B] The rate of change of voltage must not be more than xxx.                              |  | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G002 (AS<br>IL<br>B) |  | • SR330 (AS<br>IL<br>B)                                                       |
| 82 | SR565 | [C] Permanently disconnect the battery within xx msec of receiving the signal.            |  | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G002 (AS<br>IL<br>B) |  | • SR556 (AS<br>IL<br>B)<br>• SR560 (AS<br>IL<br>D)<br>• SR552 (AS<br>IL<br>B) |

|      |       |                                                                             |                                                                         |              |   |  |  |  |                  |             |                   |                    |                    |
|------|-------|-----------------------------------------------------------------------------|-------------------------------------------------------------------------|--------------|---|--|--|--|------------------|-------------|-------------------|--------------------|--------------------|
| 83   | SR567 | [F] Send data over CAN within xxx msec after detection of thermal runaway . |                                                                         | TE CH NIC AL | D |  |  |  | no traced events | PR OP OS ED | • G0 02 (AS IL B) |                    | • SR 564 (AS IL B) |
| 84   | SR568 | [G] Send data over CAN                                                      |                                                                         | TE CH NIC AL | D |  |  |  | no traced events | PR OP OS ED | • G0 02 (AS IL B) |                    | • SR 555 (AS IL B) |
| 85   | SR569 | [G] Send data over UART                                                     |                                                                         | TE CH NIC AL | D |  |  |  | no traced events | PR OP OS ED | • G0 02 (AS IL B) |                    | • SR 555 (AS IL B) |
| 86   | SR570 | [A] Continuously monitor cell voltage                                       |                                                                         | TE CH NIC AL | D |  |  |  | no traced events | PR OP OS ED | • G0 02 (AS IL B) | • SR 571 (AS IL D) | • SR 251 (AS IL B) |
| 87   | SR571 | [A] Cell Voltage Monitoring Performance                                     |                                                                         | TE CH NIC AL | D |  |  |  | no traced events | PR OP OS ED | • G0 02 (AS IL B) |                    | • SR 570 (AS IL D) |
| 87.1 | SR572 | [A] Cell Voltage Range                                                      | The BMS shall measure battery voltage with range at least of 0 to xxxV. | TE CH NIC AL | D |  |  |  | no traced events | PR OP OS ED | • G0 02 (AS IL B) |                    |                    |

|      |       |                             |                                                                                                                                      |                       |   |  |  |  |                  |                      |                 |  |  |  |
|------|-------|-----------------------------|--------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|-----------------|--|--|--|
| 87.2 | SR573 | [A] Cell Voltage Accuracy   | The BMS shall measure battery voltage with accuracy of xxx mV, across operating temperature -25 degree celcius to 125 degree celcius | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G002 (ASIL B) |  |  |  |
| 87.3 | SR574 | [A] Cell Voltage Resolution | The BMS shall measure battery voltage with at most and resolution of xxxmV.                                                          | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G002 (ASIL B) |  |  |  |
| 87.4 | SR575 | [A] Cell Voltage Sampling   | The BMS shall measure cell voltage at a sampling rate of at least xxx sample/sec.                                                    | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | AS<br>SU<br>ME<br>D  | • G002 (ASIL B) |  |  |  |
| 88   | SR576 |                             |                                                                                                                                      | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                 |  |  |  |

|    |           |                                                                                                                                                                                                                             |                       |   |  |  |  |                  |                      |                            |  |                                 |
|----|-----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|
| 89 | SR57<br>7 | The BMS shall transition from the safe state to the operational state when the battery voltage remains below the overvoltage threshold of [XXX] V for a duration of [XXX] time, ensuring fault recovery conditions are met. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>26<br>8 (AS<br>IL<br>B) |
|----|-----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|

|    |           |                                                                                                                                                                                                                            |                       |   |  |  |  |                  |                      |                            |  |                                 |
|----|-----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|
| 90 | SR57<br>8 | he BMS shall transition from the safe state to the operational state when the battery voltage remains above the undervoltage threshold of [XXX] V for a duration of [XXX] time, ensuring fault recovery conditions are met | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>26<br>7 (AS<br>IL<br>B) |
|----|-----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|

|    |       |                                                                                                                                                                                                                                              |                       |   |  |  |  |                  |                      |                 |  |                  |
|----|-------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|-----------------|--|------------------|
| 91 | SR579 | The BMS shall transition from the safe state to the operational state when the battery temperature remains above the undetermined temperature threshold of [XXX]°C for a duration of [XXX] time, ensuring fault recovery conditions are met. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G002 (ASIL B) |  | • SR073 (ASIL B) |
|----|-------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|-----------------|--|------------------|

|    |       |                                                                                                                                                                                                                                     |                       |   |  |  |  |                  |                      |                 |  |                  |
|----|-------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|-----------------|--|------------------|
| 92 | SR580 | The BMS shall transition from the safe state to the operational state when the battery temperature remains below the overtemperature threshold of [XXX]°C for a duration of [XXX] time, ensuring fault recovery conditions are met. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G002 (ASIL B) |  | • SR102 (ASIL B) |
|----|-------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|-----------------|--|------------------|

|    |           |                                                                                                                                                                                                                              |                       |   |  |  |  |                  |                      |                            |  |                                 |
|----|-----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|
| 93 | SR58<br>1 | The BMS shall transition from the safe state to the operational state when the charging current remains below the overcurrent threshold of [XXX] A for a duration of [XXX] time, ensuring fault recovery conditions are met. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>28<br>1 (AS<br>IL<br>B) |
|----|-----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|

|    |           |                                                                                                                                                                                                                                 |                       |   |  |  |  |                  |                      |                            |  |                                 |
|----|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|
| 94 | SR58<br>2 | The BMS shall transition from the safe state to the operational state when the discharging current remains below the overcurrent threshold of [XXX] A for a duration of [XXX] time, ensuring fault recovery conditions are met. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>28<br>0 (AS<br>IL<br>B) |
|----|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|

|    |       |                                                                                                                                                                     |                       |   |  |  |  |  |                  |                      |                                  |                                       |                                       |                                       |                                       |
|----|-------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|----------------------------------|---------------------------------------|---------------------------------------|---------------------------------------|---------------------------------------|
| 95 | SR584 | [G] The BMS shall give warning to driver regarding the increasing temperature so that the driver and can take precautionary actions and avoid the fault occurrence. | TE<br>CH<br>NIC<br>AL | D |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>61<br>6<br>(AS<br>IL<br>D) | •<br>SR<br>24<br>8<br>(AS<br>IL<br>B) | •<br>SR<br>61<br>7<br>(AS<br>IL<br>D) | •<br>SR<br>03<br>5<br>(AS<br>IL<br>B) |
| 96 | SR585 | [G] The BMS shall give warning to driver regarding the increasing voltage so that the driver and can take precautionary actions and avoid the fault occurrence.     | TE<br>CH<br>NIC<br>AL | D |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>61<br>2<br>(AS<br>IL<br>D) | •<br>SR<br>27<br>1<br>(AS<br>IL<br>B) | •<br>SR<br>61<br>3<br>(AS<br>IL<br>D) | •<br>SR<br>25<br>1<br>(AS<br>IL<br>B) |

|    |       |                                                                                                                                                                    |                       |   |  |  |  |                  |                      |                                  |                                       |                                       |                                       |
|----|-------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------------|---------------------------------------|---------------------------------------|---------------------------------------|
| 97 | SR586 | [G] The BMS shall give warning to driver regarding the breach in current SOA so that the driver and can take precautionary actions and avoid the fault occurrence. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>61<br>8<br>(AS<br>IL<br>B) | •<br>SR<br>28<br>4<br>(AS<br>IL<br>B) | •<br>SR<br>27<br>4<br>(AS<br>IL<br>B) |
| 98 | SR588 | [C] The BMS shall transit to safe state within xxx msec after detecting under voltage fault signal.                                                                | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>26<br>7<br>(AS<br>IL<br>B) | •<br>SR<br>27<br>2<br>(AS<br>IL<br>B) | •<br>SR<br>27<br>2<br>(AS<br>IL<br>B) |
| 99 | SR589 | [C] The BMS shall transit to safe state within xxx msec after detecting over voltage fault signal.                                                                 | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>26<br>8<br>(AS<br>IL<br>B) | •<br>SR<br>27<br>2<br>(AS<br>IL<br>B) | •<br>SR<br>27<br>2<br>(AS<br>IL<br>B) |

|         |           |                                                                                                                           |                       |   |  |  |  |                  |                      |                            |  |                                                                    |
|---------|-----------|---------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|--------------------------------------------------------------------|
| 10<br>0 | SR59<br>0 | [C] The BMS shall transit to safe state within xxx msec after receiving under temperature fault signal.                   | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>07<br>3 (AS<br>IL<br>B)<br>• SR<br>24<br>9 (AS<br>IL<br>B) |
| 10<br>1 | SR59<br>1 | [C] The BMS shall transit to safe state within xxx msec after receiving the over-current fault signal during discharging. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>28<br>1 (AS<br>IL<br>B)<br>• SR<br>28<br>5 (AS<br>IL<br>B) |
| 10<br>2 | SR59<br>2 | [C] The BMS shall transit to safe state within xxx msec after receiving the over-current fault signal during charging.    | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>28<br>0 (AS<br>IL<br>B)<br>• SR<br>28<br>5 (AS<br>IL<br>B) |

|         |           |                                                                                                         |                       |   |  |  |  |                  |                      |                            |  |                                                                                                       |
|---------|-----------|---------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|-------------------------------------------------------------------------------------------------------|
| 10<br>3 | SR59<br>3 | [C] The BMS shall transit to safe state within xxx msec after receiving the short circuit fault signal. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>59<br>4 (AS<br>IL<br>D)<br>• SR<br>60<br>3 (AS<br>IL<br>B)<br>• SR<br>60<br>0 (AS<br>IL<br>B) |
| 10<br>4 | SR59<br>5 | Temporary disconnect recovery for SC                                                                    | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>59<br>4 (AS<br>IL<br>D)                                                                       |
| 10<br>5 | SR32<br>8 | [F] Send data over CAN within xxx msec after detection of current fault.                                | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>28<br>3 (AS<br>IL<br>B)                                                                       |
| 10<br>6 | SR59<br>6 | SM: Recovery out of permanent failure shall only be possible through service station intervention.      | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>55<br>6 (AS<br>IL<br>B)                                                                       |

|         |           |                                                                             |                       |   |  |  |  |                  |                      |                                  |  |                                                                                                                                                                  |
|---------|-----------|-----------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------------|--|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 10<br>7 | SR54<br>4 | [B] The BMS shall detect under-voltage fault within xxx msec of occurrence. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |  | •<br>SR<br>26<br>0<br>(AS<br>IL<br>B)<br>•<br>SR<br>27<br>2<br>(AS<br>IL<br>B)<br>•<br>SR<br>26<br>7<br>(AS<br>IL<br>B)<br>•<br>SR<br>27<br>0<br>(AS<br>IL<br>B) |
|---------|-----------|-----------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------------|--|------------------------------------------------------------------------------------------------------------------------------------------------------------------|

|         |           |                                                                             |                       |   |  |  |  |                  |                      |                                  |  |                                                                                                                                                                                                           |
|---------|-----------|-----------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------------|--|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 10<br>8 | SR58<br>7 | [B] The BMS shall detect short circuit fault within xxx usec of occurrence. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) |  | •<br>SR<br>58<br>3<br>(AS<br>IL<br>D)<br>•<br>SR<br>59<br>9<br>(AS<br>IL<br>B)<br>•<br>SR<br>60<br>0<br>(AS<br>IL<br>B)<br>•<br>SR<br>60<br>3<br>(AS<br>IL<br>B)<br>•<br>SR<br>60<br>2<br>(AS<br>IL<br>B) |
|---------|-----------|-----------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------------|--|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

|         |           |                                                                                                                                                                     |                       |   |  |  |  |                  |                      |                            |                                                                                                                                          |  |
|---------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|------------------------------------------------------------------------------------------------------------------------------------------|--|
| 10<br>9 | SR56<br>6 | [B] The BMS shall detect possibility of thermal runaway within xx msec of occurrence of such conditions                                                             | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) | • SR<br>56<br>1 (AS<br>IL<br>B)<br>• SR<br>55<br>6 (AS<br>IL<br>B)<br>• SR<br>55<br>2 (AS<br>IL<br>B)<br>• SR<br>56<br>4 (AS<br>IL<br>B) |  |
| 11<br>0 | SR60<br>4 | [G] The BMS shall give warning to driver regarding the increasing temperature so that the driver and can take precautionary actions and avoid the fault occurrence. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) | • SR<br>55<br>5 (AS<br>IL<br>B)<br>• SR<br>55<br>9 (AS<br>IL<br>B)                                                                       |  |

|         |           |                                                                                                                                                             |                       |   |  |  |  |                  |                      |                               |  |                                    |  |
|---------|-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|-------------------------------|--|------------------------------------|--|
| 11<br>1 | SR60<br>5 | [G] The BMS shall give warning to driver regarding the increasing current so that the driver can take precautionary actions and avoid the fault occurrence. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                               |  |                                    |  |
| 11<br>2 | SR60<br>6 | [F] Send data over CAN within xxx msec after detection of sshort circuit.                                                                                   | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02<br>(AS<br>IL<br>B) |  | • SR<br>60<br>2<br>(AS<br>IL<br>B) |  |

|         |           |                                                                                                                                                                     |                       |   |  |  |  |  |                  |                      |                                  |                                       |                                       |                                             |
|---------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|----------------------------------|---------------------------------------|---------------------------------------|---------------------------------------------|
| 11<br>3 | SR60<br>7 | [G] The BMS shall give warning to driver regarding the increasing temperature so that the driver and can take precautionary actions and avoid the fault occurrence. | TE<br>CH<br>NIC<br>AL | D |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>61<br>4<br>(AS<br>IL<br>D) | •<br>SR<br>24<br>8<br>(AS<br>IL<br>B) | •<br>SR<br>61<br>03<br>5<br>(AS<br>IL<br>D) |
| 11<br>4 | SR60<br>8 | [G] The BMS shall give warning to driver regarding the increasing voltage so that the driver and can take precautionary actions and avoid the fault occurrence.     | TE<br>CH<br>NIC<br>AL | D |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>61<br>0<br>(AS<br>IL<br>D) | •<br>SR<br>27<br>1<br>(AS<br>IL<br>B) | •<br>SR<br>61<br>25<br>1<br>(AS<br>IL<br>D) |

|         |           |                                                                                                                                                                    |                       |   |  |  |  |  |                  |                      |                                  |                                       |                                  |                                  |
|---------|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|----------------------------------|---------------------------------------|----------------------------------|----------------------------------|
| 11<br>5 | SR60<br>9 | [G] The BMS shall give warning to driver regarding the breach in current SOA so that the driver and can take precautionary actions and avoid the fault occurrence. | TE<br>CH<br>NIC<br>AL | D |  |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | •<br>G0<br>02<br>(AS<br>IL<br>B) | •<br>SR<br>62<br>1<br>(AS<br>IL<br>D) | SR<br>27<br>4<br>(AS<br>IL<br>B) | SR<br>27<br>4<br>(AS<br>IL<br>B) |
|---------|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|--|------------------|----------------------|----------------------------------|---------------------------------------|----------------------------------|----------------------------------|

|         |           |                                                                                                                                                                                                             |                       |   |  |  |  |                  |                      |                            |  |                                 |
|---------|-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|
| 11<br>6 | SR61<br>0 | The BMS shall trigger a warning to the driver when the battery voltage drops below the undervoltage warning threshold of [XXX] V for a duration of [XXX] time, allowing precautionary actions to be taken." | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>60<br>8 (AS<br>IL<br>D) |
| 11<br>7 | SR61<br>1 | The BMS shall clear the undervoltage warning when the battery voltage rises above [XXX] V and remains stable for [XXX] time.                                                                                | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>60<br>8 (AS<br>IL<br>D) |

|         |           |                                                                                                                                                                                                       |                       |   |  |  |  |                  |                      |                            |                                 |
|---------|-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|---------------------------------|
| 11<br>8 | SR61<br>2 | The BMS shall trigger a warning to the driver when the battery voltage exceeds the overvoltage warning threshold of [XXX] V for a duration of [XXX] time, allowing precautionary actions to be taken. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) | • SR<br>58<br>5 (AS<br>IL<br>D) |
| 11<br>9 | SR61<br>3 | The BMS shall clear the overvoltage warning when the battery voltage returns below [XXX] V and remains stable for [XXX] time.                                                                         | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) | • SR<br>58<br>5 (AS<br>IL<br>D) |

|         |           |                                                                                                                                                                                                                            |                       |   |  |  |  |                  |                      |                            |  |                                 |
|---------|-----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|
| 12<br>0 | SR61<br>4 | The BMS shall trigger a warning to the driver when the battery temperature drops below the undetermined temperature warning threshold of [XXX]°C for a duration of [XXX] time, allowing precautionary actions to be taken. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>60<br>7 (AS<br>IL<br>D) |
| 12<br>1 | SR61<br>5 | The BMS shall clear the undetermined temperature warning when the battery temperature rises above [XXX]°C and remains stable for [XXX] time.                                                                               | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>60<br>7 (AS<br>IL<br>D) |

28-Mar-2025 12:08 pm

|         |           |                                                                                                                                                                                                               |                       |   |  |  |  |                  |                      |                            |  |                                 |
|---------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|
| 12      | SR61<br>6 | The BMS shall trigger a warning to the driver when the battery temperature exceeds the overtemperature warning threshold of [XXX]°C for a duration of [XXX] time, allowing precautionary actions to be taken. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>58<br>4 (AS<br>IL<br>D) |
| 12<br>3 | SR61<br>7 | The BMS shall clear the overtemperature warning when the battery temperature falls below [XXX]°C and remains stable for [XXX] time.                                                                           | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>58<br>4 (AS<br>IL<br>D) |

|         |           |                                                                                                                                                                                                        |                       |   |  |  |  |                  |                      |                            |  |                                 |
|---------|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|---------------------------------|
| 12<br>4 | SR61<br>8 | The BMS shall clear the charging overcurrent warning when the charging current remains below [XXX] A and stable for [XXX] time.                                                                        | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>58<br>6 (AS<br>IL<br>D) |
| 12<br>5 | SR61<br>9 | The BMS shall trigger a warning to the driver when the charging current exceeds the overcurrent warning threshold of [XXX] A for a duration of [XXX] time, allowing precautionary actions to be taken. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>58<br>6 (AS<br>IL<br>D) |

|    |       |                                                                                                                                                                                                           |                       |   |  |  |  |                  |                      |                        |  |                         |
|----|-------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|------------------------|--|-------------------------|
| 12 | SR620 | The BMS shall trigger a warning to the driver when the discharging current exceeds the overcurrent warning threshold of [XXX] A for a duration of [XXX] time, allowing precautionary actions to be taken. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G002 (AS<br>IL<br>B) |  | • SR609 (AS<br>IL<br>D) |
| 12 | SR621 | The BMS shall clear the discharging overcurrent warning when the discharging current remains below [XXX] A and stable for [XXX] time.                                                                     | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G002 (AS<br>IL<br>B) |  | • SR609 (AS<br>IL<br>D) |

|         |           |                                                                                                        |  |                       |   |  |  |  |                  |                      |                            |                                                                                                                                          |                                                                                                                                          |
|---------|-----------|--------------------------------------------------------------------------------------------------------|--|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|
| 12<br>8 | SR62<br>2 | SM:<br>Recover y out of permanent failure shall only be possible through service station intervention. |  | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |                                                                                                                                          | • SR<br>60<br>3 (AS<br>IL<br>B)                                                                                                          |
| 12<br>9 | SR54<br>5 | [B] The BMS shall detect over-voltage fault within xxx msec of occurrence.                             |  | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) | • SR<br>25<br>7 (AS<br>IL<br>B)<br>• SR<br>27<br>2 (AS<br>IL<br>B)<br>• SR<br>26<br>8 (AS<br>IL<br>B)<br>• SR<br>27<br>0 (AS<br>IL<br>B) | • SR<br>25<br>7 (AS<br>IL<br>B)<br>• SR<br>27<br>2 (AS<br>IL<br>B)<br>• SR<br>26<br>8 (AS<br>IL<br>B)<br>• SR<br>27<br>0 (AS<br>IL<br>B) |
| 13<br>0 | SR33<br>1 | [F] Send data over CAN to IPC                                                                          |  | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) | • SR<br>27<br>0 (AS<br>IL<br>B)                                                                                                          | • SR<br>27<br>0 (AS<br>IL<br>B)                                                                                                          |

|         |           |                                                                                |                       |   |  |  |  |                  |                      |                            |                                                                                                                                          |                                 |
|---------|-----------|--------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------|
| 13<br>1 | SR33<br>3 | [F] Send data over CAN within xxx msec after detection of voltage fault.       | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |                                                                                                                                          | • SR<br>27<br>0 (AS<br>IL<br>B) |
| 13<br>2 | SR33<br>2 | [F] Send data over CAN to IPC                                                  | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |                                                                                                                                          | • SR<br>12<br>3 (AS<br>IL<br>B) |
| 13<br>3 | SR54<br>3 | [B] The BMS shall detect over-temperature fault within xxx msec of occurrence. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) | • SR<br>03<br>8 (AS<br>IL<br>B)<br>• SR<br>24<br>9 (AS<br>IL<br>B)<br>• SR<br>12<br>3 (AS<br>IL<br>B)<br>• SR<br>10<br>2 (AS<br>IL<br>B) | • SR<br>27<br>0 (AS<br>IL<br>B) |

|         |           |                                                                                                        |                       |   |  |  |  |                  |                      |                            |                                                                                                                                          |
|---------|-----------|--------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|------------------------------------------------------------------------------------------------------------------------------------------|
| 13<br>4 | SR54<br>0 | [B] The BMS shall detect under-temperature fault within xxx msec of occurrence.                        | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) | • SR<br>05<br>1 (AS<br>IL<br>B)<br>• SR<br>24<br>9 (AS<br>IL<br>B)<br>• SR<br>12<br>3 (AS<br>IL<br>B)<br>• SR<br>07<br>3 (AS<br>IL<br>B) |
| 13<br>5 | SR54<br>1 | [C] The BMS shall transit to safe state within xxx msec after receiving over temperature fault signal. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) | • SR<br>10<br>2 (AS<br>IL<br>B)<br>• SR<br>24<br>9 (AS<br>IL<br>B)                                                                       |

|         |           |                                                                                               |                       |   |  |  |  |                  |                      |                            |  |                                                                                                                                          |
|---------|-----------|-----------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|----------------------------|--|------------------------------------------------------------------------------------------------------------------------------------------|
| 13<br>6 | SR54<br>7 | [B] The BMS shall detect over-current fault within xxx msec of occurrence during charging.    | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>27<br>7 (AS<br>IL<br>B)<br>• SR<br>28<br>3 (AS<br>IL<br>B)<br>• SR<br>28<br>5 (AS<br>IL<br>B)<br>• SR<br>28<br>0 (AS<br>IL<br>B) |
| 13<br>7 | SR54<br>6 | [B] The BMS shall detect over-current fault within xxx msec of occurrence during discharging. | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B) |  | • SR<br>27<br>6 (AS<br>IL<br>B)<br>• SR<br>28<br>3 (AS<br>IL<br>B)<br>• SR<br>28<br>5 (AS<br>IL<br>B)<br>• SR<br>28<br>1 (AS<br>IL<br>B) |

|         |           |                                                                                                                                            |                       |   |  |  |  |                  |                      |                                 |                                 |
|---------|-----------|--------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---|--|--|--|------------------|----------------------|---------------------------------|---------------------------------|
| 13<br>8 | SR62<br>3 | SM:<br>Bms shall implement method to detect and react to short circuit fault through hardware without requiring intervention of software . | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • G0<br>02 (AS<br>IL<br>B)      | • SR<br>59<br>9 (AS<br>IL<br>B) |
| 13<br>9 | SR62<br>4 | In case of existance of any permanent failure, the system shall not recover                                                                | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |                                 |                                 |
| 14<br>0 | SR62<br>5 | The BMS shall implement the following states: "NORMAL", "SLEEP", "DEEPSLEEP", "WARNING", "FAULT". "FAULT_PERMANENT", "LIMP"                | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED | • SR<br>62<br>6 (AS<br>IL<br>D) |                                 |

|         |           |                                                                                       |                                                     |                       |   |  |  |  |                        |                      |  |  |                                       |
|---------|-----------|---------------------------------------------------------------------------------------|-----------------------------------------------------|-----------------------|---|--|--|--|------------------------|----------------------|--|--|---------------------------------------|
| 14<br>1 | SR62<br>6 | <TRANS<br>ITION<br>between<br>states>                                                 |                                                     | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  | •<br>SR<br>62<br>5<br>(AS<br>IL<br>D) |
| 14<br>2 | SR62<br>7 | SM:<br>Inline<br>controlla<br>ble<br>fuse /<br>switch<br>in series<br>with<br>mosfets | From<br>FMEA:<br>mosfets<br>short                   | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |                                       |
| 14<br>3 | SR62<br>8 | SM:<br>Mosfet<br>control<br>feedback<br>mechani<br>sm                                 |                                                     | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |                                       |
| 14<br>4 | SR62<br>9 | SM:<br>Precharg<br>e<br>control<br>feedback<br>mechani<br>sm                          |                                                     | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |                                       |
| 14<br>5 | SR63<br>0 | SM:<br>measure<br>voltage<br>of<br>different<br>voltage<br>rails                      |                                                     | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |                                       |
| 14<br>6 | SR63<br>1 | SM:<br>emergen<br>cy<br>operatio<br>n FHTI<br>definitio<br>n                          | Software<br>level 2<br>reaction<br>time<br>interval | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |                                       |
| 14<br>7 | SR63<br>2 | Reliabilit<br>y<br>requirem<br>ent:<br>precharg<br>e<br>resistor                      | <move to<br>BMS TSR>                                | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |                                       |

|         |           |                                            |                   |                       |   |  |  |  |                  |                      |  |  |  |
|---------|-----------|--------------------------------------------|-------------------|-----------------------|---|--|--|--|------------------|----------------------|--|--|--|
| 14<br>8 | SR63<br>3 | Reliability requirement: precharge mosfet  | <move to BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 14<br>9 | SR63<br>4 | Reliability requirement: fuse              | <move to BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 15<br>0 | SR63<br>5 | Reliability requirement: main mosfets      | <move to BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 15<br>1 | SR63<br>6 | Reliability requirement: signal connectors | <move to BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 15<br>2 | SR63<br>7 | Reliability requirement shunt              | <move to BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 15<br>3 | SR63<br>8 | Reliability requirement power connector    | <move to BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 15<br>4 | SR63<br>9 | Access control                             |                   | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 15<br>5 | SR64<br>0 | cyber security                             |                   | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 15<br>6 | SR64<br>1 | Boot Loader                                |                   | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 15<br>7 | SR64<br>2 | Size                                       |                   | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |
| 15<br>8 | SR64<br>3 | Size                                       |                   | TE<br>CH<br>NIC<br>AL | D |  |  |  | no traced events | PR<br>OP<br>OS<br>ED |  |  |  |

28-Mar-2025 12:08 pm

|         |           |                                                              |                      |                       |   |  |  |  |                        |                      |  |  |  |
|---------|-----------|--------------------------------------------------------------|----------------------|-----------------------|---|--|--|--|------------------------|----------------------|--|--|--|
| 15<br>9 | SR64<br>4 | Boot<br>Loader                                               |                      | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |  |
| 16<br>0 | SR64<br>5 | Reliabilit<br>y requirem<br>ent:<br>precharg<br>e mosfet     | <move to<br>BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |  |
| 16<br>1 | SR64<br>6 | cyber<br>security                                            |                      | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |  |
| 16<br>2 | SR64<br>7 | Reliabilit<br>y requirem<br>ent<br>power<br>connecto<br>r    | <move to<br>BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |  |
| 16<br>3 | SR64<br>8 | Access<br>control                                            |                      | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |  |
| 16<br>4 | SR64<br>9 | Reliabilit<br>y requirem<br>ent:<br>signal<br>connecto<br>rs | <move to<br>BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |  |
| 16<br>5 | SR65<br>0 | Reliabilit<br>y requirem<br>ent:<br>precharg<br>e resistor   | <move to<br>BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |  |
| 16<br>6 | SR65<br>1 | Reliabilit<br>y requirem<br>ent:fuse                         | <move to<br>BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |  |
| 16<br>7 | SR65<br>2 | Reliabilit<br>y requirem<br>ent:<br>main<br>mosfets          | <move to<br>BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |  |
| 16<br>8 | SR65<br>3 | Reliabilit<br>y requirem<br>ent<br>shunt                     | <move to<br>BMS TSR> | TE<br>CH<br>NIC<br>AL | D |  |  |  | no<br>traced<br>events | PR<br>OP<br>OS<br>ED |  |  |  |