The fallback claim reveals the anticipated failure. US11396302B2, granted to May Mobility in July 2022, is an "Autonomous vehicle safety platform system and method" — and the very existence of a separate safety platform tells you the company expects the primary stack to fail.
The risk factor is where the honesty lives, and an architecture is a risk factor written in hardware. Classified under B60W 60/0011 (autonomous driving control), B60W 50/029 (fault response) and B60W 30/095 (collision avoidance), the patent describes a layer that watches the main autonomy and is empowered to intervene — to bring the vehicle to a minimal-risk condition when something goes wrong.
This is the design pattern that separates serious AV programs from demo-ware. A single end-to-end driving model is impressive until it confidently makes a mistake; a safety platform assumes that mistake will happen and builds an independent monitor that can catch it. The honesty is in conceding that the primary system is not trustworthy enough to be its own safety net.
The edge case the patent quietly addresses is the silent failure — the moment the main stack does not crash but simply does the wrong thing with full confidence. A watchdog that only triggers on detected faults misses these; a safety platform that independently evaluates whether the vehicle is in a sane state can catch them. That independence is the hard, valuable part.
Separate marketing miles from safety-relevant miles: a company that publicizes total autonomous miles is selling capability, while one that patents a safety-platform architecture is disclosing how it survives the miles that go wrong. The second number is the one regulators and insurers actually care about.
For readers comparing robotaxi operators, the presence of an explicit, independent safety layer is a maturity signal worth more than any disengagement statistic. It is the architectural admission that autonomy fails, paired with a plan for what happens when it does.