Safety Considerations in Low Voltage (12V) Battery Implementations

 

Historically internal combustion engine vehicles have been delivered with a 12 volt lead acid battery. This battery powers all the electrical systems on the vehicle. This includes such systems as infotainment systems, headlights & indicators, fuel injection & ignition systems, steering motors and brake hydraulic pumps to name a few.

Lead acid batteries have been used for over a hundred years and are well understood and have efficient supply chains. They do have some disadvantages when compared to newer battery technologies, for example they have lower energy density making them relatively heavy, they are slow to charge, they have a rated capacity dependent on the rate of discharge and they are somewhat unreliable. Their reliability is primarily affected by their low cycle count, typically 500-1000 cycles, resulting in a short lifespan.

Lead acid batteries are also somewhat hazardous to health. Lead is toxic to many organisms and specifically affects human reproduction. This is the primary reason why many countries around the world are taking steps to ban the use of lead in many products. European REACH regulations control which chemical substances can be used within the EU. The REACH authorisation provisions aim to ensure that these substances are progressively replaced with less hazardous alternatives where feasible. Under this legislation it is most likely that lead acid batteries will be banned with the feasible replacement being lithium-ion possibly as early as 2030. This in some ways falls in line with the proposed ban on new internal combustion engine vehicles.

A lead acid battery’s relatively high failure rate is to some extent mitigated by using a dual redundant vehicle 12V powernet architecture. By using a battery in combination with an alternator driven by the internal combustion engine a vehicle is able to have a redundant power source to supply all the vehicle’s electrical systems. If the battery fails while the engine is running, the alternator is able to provide power to the vehicle’s electrical systems, at least until the engine stops . Similarly, if the alternator fails the battery is able to provide power for a limited time until it becomes depleted. Not all failure modes are mitigated by this architecture. For example, a short circuit in either the battery or the alternator could potentially bring down the whole 12V powernet.

For electric vehicles with no internal combustion engine there is no alternator to provide this redundancy. In these vehicles a common solution to provide suitable redundancy is to employ a lead acid battery partnered with a DCDC converter transforming the high traction battery voltages down to 12V for the powernet. These DCDC converters can be seen as analogous to the alternator in internal combustion engine vehicles, i.e. it is only active when the traction battery is “turned on”.

But this solution is limited by the use of the lead acid battery, and its low cycle count makes it significantly more likely to fail compared to the other elements of the vehicle. Electric vehicles are more reliable by their design, with fewer moving parts exposed to significant wear. By including a lead acid battery this inherent vehicle reliability is decreased with it being the weakest link in the reliability/warranty chain.

With this and the forthcoming lead acid ban in mind, many vehicle manufacturers are now looking for robust and reliable solutions to replace lead acid batteries. In addition, there is also an emergent need to provide a high integrity power supply in order to support the safety critical functionality of highly automated/autonomous vehicle features and x-by-wire features. Lithium-ion battery technology presents the most attractive solution offering high integrity (to ASIL D) and reliability (with potentially in excess of 10k cycles).  Vehicle manufacturers also have experience of lithium-ion technology from the development of traction batteries.

The adoption of a new battery technology is not a trivial task especially since 12V batteries have previously been treated as a simple commodity in the same way as components such as vehicle tyres are handled. The needs for a cost-effective and high integrity design are conflicting. Integrity comes at a cost, and the use case of a 12V battery is very different from that of a higher voltage traction battery. Eatron has embraced these challenges and has partnered with global cell manufacturers and global vehicle manufacturers to produce a high volume, cost effective, best in class solution suitable to deliver the functionality required in vehicles today as well as in the future.

Although the design of a cost-effective solution is not insignificant, the primary challenge relates to the provision of a safe product with high integrity. There are currently minimal state of the art guidelines that relate to the safety of electrochemical devices within automotive applications. The current automotive safety standard ISO 26262 relates to the mitigation of malfunctioning behaviour of electrical and electronic systems where the product has specific control and actuation functionality at the vehicle level and where driver induced controllability can be considered. Hazards relating to mechanical and electrochemical components (or sub-components) are classified as “other technologies” and as such little guidance is given. Batteries are inherently passively controlled electrochemical devices with little vehicle level control or actuation capability other than the connection or disconnection to/from the powernet via a Battery Management System. This deficiency in standardisation is understood and the automotive community is currently drafting a new guideline ISO/TR 9968 to aid in the development of “safe” batteries. This guideline is primarily focused on traction battery applications but could be tailored to support powernet battery concept development.

The safety related properties of powernet batteries fall into two distinct and sometimes conflicting areas that consider protection and availability topics. These properties tend to be described as Safety Goals that are specified to manage or mitigate the risks associated with the battery’s hazards.

The protection Safety Goals relate to the prevention of battery outgassing and fire. The hazards relating to electric vehicle battery fires due to thermal runaway and the preceding outgassing of poisonous chemicals are well known. A common safety concept employed to manage these hazards relies on preventing the conditions that lead to the hazardous event, this is due to the lack of a viable concept that can stop the fire or outgassing once it has occurred. There is also ongoing research into solid state battery technologies that have more benign thermal properties. When considering lithium-ion batteries, for traction batteries the consequences of the thermal event are far more dramatic than those associated with the smaller powernet batteries, this tends to lead to additional mitigation strategies such as venting of the poisonous gasses outside of the passenger cell. That said the location of the powernet batteries could be within the passenger compartment thus leading to a similar severity rating and subsequent hazardous event rating (ASIL), usually rated at ASIL B or ASIL C.

The root causes of the thermal events could be classified as inside or outside of the battery. External causes could be, for example, environmental conditions such as high ambient temperature and high current flow due to charging or discharging of the battery that leads to excessive cell temperature and ultimately fire. Internal causes could be, for example, the battery being excessively discharged and subsequently charged leading to lithium plating, dendrite growth (including NMC battery copper dendrite growth) and internal short circuits within the battery. Charging at low temperature can have similar short circuit thermal effects. In all these use cases a typical safety concept is to disconnect the battery from the stimulus well before the hazard can occur, i.e. stopping the battery charging or discharging.  The disconnection mechanism for traction batteries tend to be implemented as mechanical contactors due to typical high cycle rate and high current flow, this technology does have its own hazardous failure modes such as contactor welding. This results in the need for contactors on both the positive and negative terminals and additionally a pyro fuse to ensure disconnection under extreme failure scenarios such as a vehicle crash. Disconnection mechanisms for powernet applications tend not to need this level of protection due to low cycle rate and lower current flow so typically simple relays or MOSFETS are used.

For a traction battery the protection concept can have emergent hazards relating to loss of acceleration and/or loss of regenerative braking typically rated at ASIL B. For powernet the emergent hazards relate to availability safety goals discussed later in this article. These emergent hazards must be considered when rating (ASIL) the protection concept, especially when considering the false positives of the safety mechanisms. This could result in uprating the protection concept so that it is in line with the availability requirements of the whole system, for example if the availability requirements are rated at ASIL D then false positives relating to the protection features may violate these availability requirements forcing the protection feature to be uprated from ASIL B to ASIL D.

The availability requirements of a powernet battery may be far more complex than those of the traction battery. The powernet battery may need to be available to provide power to support the safety critical functionality of highly automated/autonomous and x-by-wire vehicle features. There may also be the need to predict whether the battery can provide power in the future for a specific duration in order to ensure the driver is able to take over from the automated functionality in good time. As described previously the vehicle availability concept is usually supported by both the traction battery DCDC converter and the powernet battery. But DCDC converters are usually developed at a lower ASIL, typically ASIL A or QM. This is possibly because the DCDC converter has been further developed from a pre-existing industrial implementation or has not been originally developed to support high ASIL functionality within the vehicle. In this case it is common for a decomposition strategy to be employed whereby both the powernet battery and DCDC converter are used to support higher ASIL rated functionality. This has an additional advantage relating to the absence of any single point failures that could cause the immediate total loss of availability, if a failure occurs the vehicle may be able to employ a degraded availability strategy but at a lower ASIL.

Another availability requirement for the powernet battery is to always be “on” and supplying the powernet with suitable power even when the vehicle is in a low power mode such as when it is locked and unattended with the traction battery disconnected. One reason to always be “on” could be to provide power to the vehicle entry system such as the keyless entry mechanism. The challenge with this use case is to ensure that this mode of operation has a very low quiescent current draw in order to extend the availability of battery for as long as possible. And there is also the need to provide protection functionality in these low quiescent modes. Eatron has partnered with microcontroller manufacturers and battery specific ASIC vendors to ensure a highly efficient hardware design to support these low power modes.

For traction batteries there is usually no need for a low quiescent mode, cell balancing and battery temperature control could be scheduled prior to the power down. And once the battery has powered down there is possibly no need to provide active protection because the battery is already disconnected, and no further mitigating actions are possible.

Some powernet battery availability requirements are in themselves potentially hazardous. A common concept is to allow the battery to discharge completely in order to extend the availability window as long as possible. With a severely discharged powernet battery it is unlikely that the vehicle could be driven safely but the park brake system could be disengaged and the vehicle could be moved. Under these conditions it is also important to prevent any subsequent charging that could lead to a fire or outgassing hazard. And the battery would reach its end of life so warranty factors need to be considered. This is a different use case when compared with a typical traction battery concept that aims to always keep the battery in a state that allows for recharging.

In conclusion, the use cases and operating modes of powernet batteries are very different to those of traction batteries. By providing a high integrity 12V battery, vehicle manufacturers are able to safely deploy vehicles with highly automated and autonomous features. Lithium-ion technology is the most viable solution with Eatron providing the expertise to design and deliver a high integrity Battery Management System.

You can learn more about Eatron’s 12V Battery Management System, by visiting: https://eatron.com/12v_bms/

Gareth Price, Director Assurance & Safety at Eatron Technologies.

At Eatron we develop intelligent Battery Management Software solutions that can be deployed on both the edge and the cloud. If you are interested in learning more about these click on ‘Talk to an Expert’ and fill in the contact form or email info@eatron.com directly.