Automotive Safety

When Software Controls Safety: How Documentation Gaps Lead to Recalls

Recalls from BMW, Tesla, GM, and Mercedes expose what happens when compliance processes can't keep pace with software complexity

December 2025 10 min read ISO 26262 | ASPICE | Software Safety

BMW X3 Steering Wheel Moving Without Input - Click to Watch

Watch on YouTube

Safety Recall Video

Video Credit: Originally shared by Vasanthan Karunanithy, automotive engineer, on LinkedIn. Thank you for publicly documenting this safety-critical incident.

Watch the video above. That's a steering wheel turning on its own.

An automotive engineer documented this while driving a rental 2026 BMW X3. No driver input. No hands on the wheel. The steering system—an ASIL D safety-critical component—moving unexpectedly.

This isn't a one-off glitch from one automaker. It's a symptom of an industry-wide challenge: software complexity is outpacing traditional compliance processes.

13.8M

Vehicles affected by software recalls in 2024

15%

Of all recalls now software-related

80%

Year-over-year surge in software recalls

This Isn't About One OEM—It's Industry-Wide

Software recalls are hitting every major automaker. Here are recent examples that made headlines:

BMW

BMW X3 Steering Software

NHTSA Campaign 25V857 | December 2025

Steering system software "may not be sufficiently robust" to detect torque sensor malfunction. If one of two sensor channels fails while stationary, unintended steering wheel movement may occur.

36,922 vehicles 2025-2026 X3 ASIL D System OTA Fix

TESLA

Tesla Autopilot Driver Monitoring

NHTSA Campaign 23V838 | December 2023

Driver monitoring system "may not be sufficient to prevent driver misuse." NHTSA's investigation found 467 crashes involving Autopilot between 2018-2023, with at least 14 fatalities. The recall remedy itself is now under investigation—20+ crashes reported after the software fix was deployed.

2.03 million vehicles Model S, X, 3, Y, Cybertruck 467 crashes investigated 14+ fatalities

GM Brake Warning Software

NHTSA Campaign 24V-674 | September 2024

Electronic brake control module software may fail to display warning light when brake fluid is low—due to a "mismatch" between software and calibrations. Drivers could unknowingly operate vehicles with degraded braking performance.

449,671 vehicles Silverado, Tahoe, Yukon, Escalade FMVSS 135 Non-compliance OTA Fix

Mercedes ECU Engine Stall

NHTSA Campaign 24V704 | September 2024

Engine control unit (ECU) software may cause engine to overheat or stall without warning due to errors in CAMTRONIC variable valve lift adjustment system. Mercedes also recalled 105,071 GLE/GLS vehicles for transmission software that could stall engines during downshifts.

27,000+ vehicles (S580) 105,071 vehicles (GLE/GLS) Engine Stall Risk Fire Risk

The Pattern Is Clear

These aren't isolated incidents from careless manufacturers. BMW, Tesla, GM, and Mercedes are among the most sophisticated automakers in the world. Yet all faced software recalls affecting safety-critical systems in 2024-2025. The common thread? Software complexity is growing faster than traditional compliance processes can manage.

Why This Keeps Happening: The Scale Problem

The automotive industry faces a fundamental mismatch between software complexity and verification capacity:

Modern vehicles contain 100–150 million lines of code spread across 70-100+ ECUs ^[1]
Requirements repositories can exceed 500,000 entries—and with ASPICE and ISO 26262 requiring ~250 work products across 60 processes, each requirement generates multiple design elements, code artifacts, and test cases, reaching millions of traceable work product instances ^[2]
Software complexity is growing ~40% annually while engineering productivity increases only ~6% per year ^[3]
75% of production APIs deviate from their published specifications—based on analysis of 650 million API calls ^[4]

At this volume, it becomes humanly impossible to manually validate every work product end-to-end. Traditional audits often sample only 5–10% of artifacts at best.

— Industry Safety Engineering Assessment

Why Audits Alone Can't Catch Everything

Compliance audits are essential, but they're not designed to be exhaustive alignment checks across hundreds of thousands of requirements:

ASPICE and ISO 26262 assessments typically review a sample of work products—not the entire corpus
Assessors physically cannot review 500,000+ requirements against implementation
There's often no continuous monitoring of gaps between requirements, design, and code between assessment milestones
Documentation drift accumulates silently between releases

The V-model depends on alignment: if the left side (requirements, architecture, detailed design) is broken, the right side (verification, validation, testing) is compromised. You can't validate what hasn't been specified clearly.

The BMW Steering Recall: A Closer Look

The video at the top of this article documents what BMW's own recall filing describes. Here's the timeline from BMW's Part 573 Safety Recall Report:

August 22, 2025

First incident observed—unexpected steering wheel movement during vehicle startup at the assembly plant.

September 1, 2025

Engineering review initiated.

September–October 2025

Field cases emerge—including one where steering moved while the vehicle was in drive mode (but stationary).

December 4, 2025

BMW decides to proceed with voluntary safety recall—"in an abundance of caution."

The remedy is a software update. But the question remains: how did software controlling an ASIL D steering system reach production with robustness issues?

The Tesla Recall Remedy Problem

Software recalls don't always solve the problem. NHTSA has opened a second investigation into Tesla's Autopilot recall because the fix may not be working—20+ crashes have occurred in vehicles that already received the software update. Consumer Reports testing found the changes "address minor inconveniences rather than fixing the real problems."

How GapLensAI Helps Minimize the Gap

GapLensAI exists for exactly this scenario: reducing the gap between documented compliance and actual implementation at enterprise scale.

🔍 Continuous Drift Monitoring

Instead of discovering misalignment during audits or—worse—in the field, teams gain ongoing visibility into where documentation and implementation are diverging. Detect missing or outdated work products earlier, before they become audit findings or safety risks.

Outcome: Fewer late surprises, fewer "audit scrambles," more predictable releases

📄 Generate Quality Work Products for Legacy Code

60-70% of automotive software is reused code—often with incomplete, vague, or outdated documentation. GapLensAI helps modernize legacy documentation to a quality level that supports requirements-based testing, change impact analysis, and downstream automation.

Outcome: Reuse stops being a documentation liability and becomes an asset you can scale safely

🔄 Keep Documents and Code in Sync Over Time

Documentation fails when it becomes a separate job from engineering. GapLensAI integrates into the development workflow—VS Code, GitHub Copilot, CI/CD pipelines—making it easier to document changes as they happen, not weeks later.

Outcome: More accurate documentation with less overhead, fewer gaps that accumulate quietly

✅ Pre-Audit Readiness at Scale

When audits can only sample a fraction, the goal is ensuring the sample is representative—and that you're not discovering gaps the week before assessment. Identify compliance gaps 4-8 weeks before formal ASPICE or ISO 26262 reviews.

Outcome: Audits become smoother because the organization is continuously prepared

The Real Goal: Make Review Feasible at Scale

No serious safety program removes human accountability—and it shouldn't. Engineers must review and approve what enters the formal compliance set. The real challenge is making human review feasible when the system includes millions of lines of code and hundreds of thousands of requirements.

GapLensAI helps teams focus attention where it counts, reduce blind spots, and keep code and documentation aligned as products evolve—continuously, not just during audit windows.

The Bottom Line

These recalls aren't about one company failing—they're about an industry-wide gap between the pace of software development and the capacity of traditional compliance processes. When steering wheels turn on their own, brake warnings don't illuminate, engines stall without warning, and driver monitoring systems miss inattention, it signals that documentation-code alignment needs to be continuous, not periodic. GapLensAI is built for that reality.

What This Means for Your Organization

If you're responsible for safety-critical software, ask yourself:

Do you know—right now—where your documentation diverges from your implementation?
Could your team confidently trace from a field failure to the original requirements and design?
Are your legacy codebases documented well enough to support AI-powered testing and verification?
When was the last time someone systematically compared your code to your specifications?

If you can't answer these confidently, you're not alone. But with software recalls surging 80% year-over-year and regulatory scrutiny increasing, the gap between "compliant on paper" and "actually aligned" is becoming harder to ignore.

Close the Gap Before It Reaches the Field

See how GapLensAI can help your organization maintain alignment between code and compliance documentation at scale.

Learn More

Recall Sources:
BMW: NHTSA Part 573 Report 25V857 (December 2025)
Tesla: NHTSA Campaign 23V838 (December 2023), Consumer Reports Testing
GM: NHTSA Part 573 Report 24V-674 (September 2024)
Mercedes: NHTSA Campaign 24V704 (September 2024)
Industry Statistics: Recall Masters State of Recalls 2024, SDV Insider 2024 Analysis

Industry Data Sources:
[1] Industry estimates; see also McKinsey MCFM
[2] ASPICE 4.0 Process Assessment Model; ISO 26262:2018 Part 6
[3] McKinsey Center for Future Mobility, "Software-defined hardware in the age of AI" (January 2025): "Since 2021, the complexity of the average vehicle software platform...increased by about 40 percent annually...software development productivity has increased only by about 6 percent per year"
[4] SmartBear: "A recent industry analysis of over 650 million API calls found that 75% of production APIs deviate from their published OpenAPI Specifications"