DriveSight · in-cabin driver monitoring for Indian fleets
An India-first in-cabin Driver Monitoring System for commercial-vehicle fleets, state bus corporations, taxi aggregators, mining fleets, and insurers. One appliance fuses an inward driver-state camera (drowsiness, distraction, phone-use, smoking, yawning, seatbelt) with a forward road-scene camera (lane departure, following-distance, PlateKit ANPR), OBD-II / J1939 / FMS telematics, AIS-140 VLT, and an Ed25519 audit chain. Built for AIS-140 out of the box, with evidence engineered to meet Bharatiya Sakshya Adhiniyam Section 63 electronic-record requirements — at a fraction of the per-vehicle cost of comparable enterprise DMS solutions. 2,442 software tests passing (unit + integration + audit-chain; pipeline coverage, not a measure of field recognition accuracy).
01 — Who it's for
Roughly 11.5 million Indian commercial vehicles are inside the AIS-140 mandate. Lytx and Samsara serve the multinational tier; the rest — logistics fleets, state transport corporations, aggregator driver-partners, mining haul fleets — cannot justify those contracts but face hard compliance deadlines, deteriorating insurance loss ratios, and Bharatiya Sakshya Adhiniyam §63 evidence requirements. That is the DriveSight market.
— Buyer · 01 · Logistics
Tens of thousands of vehicles, thousands of routes. Root-cause evidence established on only a fraction of daily incidents. The insurer has signalled a significant premium hike unless the fleet can document BSA §63-grade driver-behaviour evidence.
— Buyer · 02 · Bus transport
Thousands of buses, AIS-140 VLT on a portion, driver-behaviour monitoring on zero. The State Transport Authority audit requires AIS-140 + DMS on every bus by 31 March 2028. Procurement under the FY27 budget cycle.
— Buyer · 03 · Aggregator
Millions of driver-partners across dozens of cities. MoRTH's 2025 aggregator-safety notification mandates driver-behaviour monitoring with audit-trail capability; compliance deadline is August 2028.
— Buyer · 04 · Insurer
Large CV book, elevated loss ratio. Runs a Hardware-Funded Telematics programme funding 50% of hardware for evidence-trail access. Existing vendor partners do not ship a BSA §63-grade audit chain.
02 — How it works
Two cameras capture at 30 fps. The Hearth-derived facial-landmark stack runs on the inward feed; the per-detector modules emit candidates; the event aggregator consolidates them into one record with a severity tier. Every flagged event snapshots a ringbuffer clip, attaches OBD-II / GPS / accelerometer telemetry, signs with the per-appliance Ed25519 key, and appends a hash-linked audit-chain entry — in the same transaction.
For the inward + forward feeds
Inward 2MP IR camera + forward 5MP HDR camera ingest at 30 fps. The Hearth facial-landmark + dlib pipeline runs on the driver feed; lane-marking and vehicle-ahead detection run on the road feed.
For 10 detected behaviour types
Eleven pure-algorithm detectors run per frame — drowsiness via EAR + PERCLOS, distraction via gaze, phone, smoking, yawning, seatbelt, lane departure, following distance, harsh events, speeding. Thresholds fixed in code; per-fleet gates configurable.
For one canonical event
The streaming state machine merges per-frame candidates into a single BehaviourEvent and classifies it informational / warning / critical / termination-grade. The tier drives notification routing and retention.
For tailgating and near-collisions
Distraction PLUS following-distance under 2 seconds equals a tailgating-with-distraction critical event. On a critical event, PlateKit reads the next-vehicle plate — forward-camera ANPR fires only here, to save power.
For dispute-defensible footage
A 20-second-pre + 10-second-post AES-256 MP4 is saved within 5 seconds of the flag, with OBD-II, GPS and accelerometer telemetry attached to the event record. No continuous face recording — ringbuffer only on a flagged event.
For BSA §63 evidence packaging
The per-appliance Ed25519 key signs the event; a hash-linked AuditChainEntry is appended to local SQLite (WAL + RLock tx). Per-appliance chains roll up nightly to the per-fleet root key and anchor monthly to a public CT log.
03 — Detection catalogue
Every detector is a pure algorithm with a fixed, inspectable threshold — not an opaque score. Drowsiness is Eye-Aspect-Ratio below 0.21 for 1.5 seconds, or PERCLOS over 0.4 in a 30-second window, or head pitch beyond 25° for 3 seconds. Each detector module version is stamped into the BSA certificate's device-particulars, so the evidence trail records exactly which code produced the call.
vs black-box drowsiness scores
EAR < 0.21 for ≥ 1.5 s, OR PERCLOS > 0.4 over a 30 s sliding window, OR head-pitch > 25° downward for > 3 s. Target: ≥ 95% accuracy on the IcyCastle FATIGUE-2024 internal benchmark (design goal, not yet independently measured); target false-positive rate ≤ 3% on awake-but-relaxed highway driving.
vs gaze-only distraction
Gaze off-road > 2 consecutive seconds, OR head-yaw > 35° for > 2 s, OR yaw > 25° more than 4 times per 60 s. Target: daylight precision ≥ 92%; night precision ≥ 88% under IR illumination (design goals, not yet independently measured).
vs radio-mic / AC-vent false positives
Hand-to-ear position + phone-bounding-box + hand-mouth proximity. Target: ≥ 90% precision with a false-positive rate ≤ 4% on the radio-microphone and AC-vent confusables that trip naive classifiers (design goal, not yet independently measured).
vs missed early-fatigue signals
Smoking: cigarette object + hand-mouth + exhale plume, target ≥ 88% precision. Yawning: mouth-aspect-ratio + duration, target ≥ 94% accuracy. Yawn counts feed a per-driver fatigue score that gates drowsiness sensitivity over a 30-minute window. (Design goals, not yet independently measured.)
vs self-reported belt status
Shoulder-strap pattern recognition, checked within 30 s of ignition and every 5 minutes thereafter. Sustained-unbelted > 30 s emits an event. Target: ≥ 96% belted-vs-unbelted accuracy (design goal, not yet independently measured).
vs telematics-only fleet tech
Lane-marking via Canny + Hough + CNN classifier, suppressed when the turn-indicator OBD signal is active (target: ≥ 88% on Indian-marked roads). Following distance via vehicle-ahead bounding-box geometry, target ±15% of ground truth at 0–80 km/h. (Design goals, not yet independently measured.)
vs accelerometer-only harsh events
Accelerometer thresholds (longitudinal > 0.4g brake, lateral > 0.3g corner) cross-checked against OBD-II / J1939 brake-pedal, throttle and steering-angle signals. Configurable per vehicle class; AIS-140 Annexure A upload-format compliant.
vs fixed fleet-wide limits
GPS speed cross-validated against OBD-II wheel speed, compared to the MapmyIndia speed-limit-by-road lookup (cached for offline use), per-fleet limit, or vehicle-class default. Over-limit + tolerance for > 10 s emits the AIS-140 over-speed event.
All accuracy figures are design targets measured against the IcyCastle internal Indian-driver test set — 4,200 hours of footage across 28 states, day / night / monsoon / dust, 18 vehicle types and 4 light-condition profiles, growing to 12,000 hours by GA+12. These are not independently validated results; third-party validation (ARAI/iCAT type-approval process) is planned before GA. Driver-identity at shift start is verified by face match (Hearth liveness-derived), Aadhaar e-KYC OTP via Sahamati AA, or DL-MRZ scan cross-checked against MoRTH Sarathi.
04 — AIS-140 compliance
DriveSight emits the AIS-140 VLT packet at 1 Hz to the per-state State Transport Authority Command-and-Control server, handles the panic-button hardware, and uploads the Annexure A clause 7.2 behaviour events — all out of the box. The inward-camera DMS event types are field-mapped to the expected AIS-140 v3 amendment (MoRTH Working Group, expected Q3 FY28), so the standard update is a tailwind, not a re-certification cost. Lightmetrics still bundles AIS-140 as an add-on; the global incumbents do not ship it natively at all.
# AIS-140 VLT line — built by telematics.gps.format_ais140_vlt_line, # emitted at 1 Hz by VltEmitter.emit() (Annexure A clause 6.2). # Comma-separated ASCII, trailing *HH XOR checksum. Header NRM = 1-Hz record. $NRM,<vendor_id>,<firmware>,L,<imei>,<vehicle_reg>,<gps_fix>, <DDMMYYYY>,<HHMMSS>,<lat DDMM.MMMM>,<N/S>,<lon DDDMM.MMMM>,<E/W>, <speed_kmh>,<heading>,<num_sats>,<altitude_m>,<pdop>,<hdop>, <network_op>,<ignition 0/1>,<main_power 0/1>,<main_v>,<batt_v>, <emergency 0/1>,<tamper 0/1>,<gsm_rssi>,<mcc>,<mnc>,<lac>, <cell_id>,<digital_in>,<digital_out>,<frame_no>*<XX> # L = live; NL = buffered on power failure. Empty fields = "not available" # (the C+C accepts e.g. empty lat/lon on a no-fix tick). imei is 15 digits. # CellTower MCC/MNC/LAC/cell_id lets the C+C cross-validate the claimed # GPS position against the radio fingerprint. # # Upload state machine, persisted atomically with an audit-chain entry: # PENDING -> UPLOADED -> CONFIRMED (or PENDING -> FAILED, re-driven # from the 7-day offline cache via retry_failed)
→ 4 internal event types map to AIS-140 v2 wire codes — harsh_brake = 1, harsh_accel = 2,
harsh_corner = 3, speeding (over_speed) = 4. The inward-camera DMS types have no v2 mapping;
they route via the cloud ingest path today and to draft $DMS packets (wire codes 8–16, plus a
detector_confidence field) under the AIS-140 v3 readiness module. A v3-naive C+C server drops
$DMS packets rather than mis-parsing them. Note: AIS-140 v3 is based on the MoRTH Working Group draft as of mid-2025; the final published specification is subject to change, and field names / wire codes may differ.
05 — Fusion capabilities
No incumbent DMS vendor combines full inward-camera DMS plus forward-camera ANPR plus telematics plus AIS-140-native plus a BSA §63-aligned audit chain plus an Indian-engineered cost structure. DriveSight is designed to combine all six — built on real Protocol + StubAdapter + ProductionAdapter architecture reused from Hearth, PlateKit and YardSight.
vs Lightmetrics (no plate-OCR module)
PlateKit 3.0 forward-camera ANPR fires on critical events only — to save power — reading the next-vehicle plate, with a target of ≥ 96% on Indian BS-VI and HSRP formats (design goal, not yet independently measured). The plate read is saved in the ringbuffer + audit chain and can hand off to the fleet hotlist or cross-fleet network hotlist (behind the federation three-gate).
vs smartphone-only DMS (CarIQ)
OBD-II (SAE J1979) for cars and LCVs, J1939 (SAE J1939-71) for heavy CVs and buses, FMS Standard for bus fleets. Read-only — no CAN-bus write, because the bus is safety-critical. Protocol auto-detected at first connection; a protocol change writes an audit entry as a security signal.
vs 24-hour offline (Lightmetrics)
For a mining route in remote Jharkhand with unreliable uplink: the appliance runs fully standalone for ≥ 7 days. All detection and audit-chain signing happen locally; AIS-140 VLT events queue and batch-upload on reconnect, order preserved, rate-limited to avoid uplink saturation. A health alert fires if offline > 24 hours.
vs silent camera occlusion
Per-camera occlusion, scene-change and blur heuristics, plus enclosure-tamper switch, CAN-bus heartbeat loss, GPS NMEA stream loss and LTE disconnect detection. Tampering is a fraud precursor — every tamper event is alerted to the ops dashboard within 60 s and audit-chain-anchored.
vs surveillance-only deployments
Three-plus drowsiness events in a shift, or phone-use above 60 km/h, or a fault-attributed accident, generate a TerminationReviewRequest routed to both the Fleet Manager and Safety Officer — both must affirm within 72 hours. The driver is notified and may appeal within 7 days. Union-friendly by design; the whole workflow produces a BSA §63-aligned audit trail.
vs covert cross-fleet sharing
Sharing a known-fraudulent-driver hotlist across fleets requires all three gates: consent from both operators, a warrant artefact, and two-operator approval at both ends. Federated entries are scoped per source fleet and category with a configurable TTL, revocable unilaterally, and never bypass per-fleet schema isolation.
06 — Evidence & the CLI
The supported v0.1.0 integration surface is the drivesight CLI plus the in-process Python
service classes — every status field is a closed enum, because free-text categorical columns undermine
the integrity of a BSA §63 electronic-record submission. A BSA certificate bundle is signed by three keys: the per-appliance keypair
(meta-audit), the per-fleet root key (manifest), and the requesting operator (counter-signs, via
Aadhaar-eSign or DSC HSM in production). DriveSight is engineered to satisfy the technical requirements of BSA §63 (hash, algorithm, chain of custody, device identity, operator); admissibility in any proceeding is determined by the court.
# Generate a BSA Section 63 evidence bundle for a single event # (or a START..END time window). Three signers required. drivesight bsa-cert evt_9f2c1a \ --db /var/drivesight/ksrtc_south.db --tenant ksrtc_south \ --operator safety-officer-1 \ --key appliance.key --fleet-root-key fleet-root.key \ --operator-key operator.key --record record.json --out ./bundle # -> bundle-evt_9f2c1a.tar : PDF certificate (Appendix J layout), # signed JSON manifest, ringbuffer MP4, per-event crops, # accelerometer + GPS + OBD-II telemetry. Tamper-evident. # The bundle issuance is itself logged in the chain (meta-audit).
07 — Integrations
Twenty-three Protocol + StubAdapter + ProductionAdapter integrations ship today: camera, modem and CAN-bus hardware; TMS / FMS platforms; the five insurance partners; the MoRTH master systems; and the messaging channels for driver coaching. The stub adapters are deterministic, so the full test suite runs without any external dependency installed — production adapters plug in behind the same Protocols.
Bidirectional: DriveSight events push into the fleet's existing tool; the TMS pushes vehicle-assignment, route and driver-roster back. Per-fleet configuration in tenant config; rate-limited with retry-on-failure; audit-chain-anchored.
Each insurer is a Protocol + Stub + Production adapter producing a signed PDF + signed JSON in the partner's claim-evidence schema. This architecture is designed to support Hardware-Funded Telematics programmes — discussions are underway with ICICI Lombard, Bajaj Allianz, HDFC Ergo, Acko and Digit; no programme is live yet.
Driver DL-MRZ cross-checked against the Sarathi master; vehicle registration against Vahan; Sahamati AA framework for fleet and driver KYC. The STA C+C adapter carries the per-state AIS-140 VLT stream, with cross-state handover.
Camera, LTE-modem and CAN-bus hardware behind Protocol adapters. Weekly driver-coaching digests deliver via Twilio SMS or Gupshup / Karix WhatsApp — opt-in, in the driver's chosen language, with a right to challenge any event in the report.
08 — Privacy & DPDP
In-cabin footage is the most sensitive data DriveSight touches, so the design is consent-first and data-minimising under the Digital Personal Data Protection Act 2023. Consent is captured at first enrolment on the in-cab tablet in the driver's chosen language; it is revocable at any time. On revocation, DriveSight reduces to AIS-140-compliance-only — DMS suspends, VLT continues under the §17(d) safety-of-life legitimate interest.
— Data minimisation
Face crops are stored only for the 20-second-pre + 10-second-post ringbuffer triggered on a flagged event. There is no continuous face recording. Every clip is AES-256 encrypted at rest with a per-event key.
— Consent & revocation
Consent scope covers behavioural data, ringbuffer storage, coaching feedback and BSA §63 export. Each consent and revocation writes an audit-chain entry. An attestation report is available to the fleet DPO and driver-union representative on request; annual re-attestation is built in.
— Purpose & storage limitation
Data is used only for the safety, insurance and AIS-140 reporting purposes for which it was collected. No behavioural advertising. Per-fleet retention preset: 90 days for routine telemetry, 7 years for accident-flagged events per the insurance-claim audit window.
— Data-principal rights
Drivers exercise DPDP data-principal rights through the companion app or a written request to the fleet DPO. Breach notification within 72 hours per DPDP §33. MP4 extraction beyond the event-investigation workflow requires two-operator approval.
Multi-tenant isolation: per-fleet PostgreSQL schema (no shared tables, no cross-schema foreign keys), per-fleet object-storage bucket with separate AES-256 keys, per-fleet Ed25519 root key in a separate HSM partition (BYOK option). Hosted in India — Yotta NM1 Mumbai primary, Yotta DK1 Greater Noida DR. An NDAA Section 889-clean BOM variant is available for export and NDAA-sensitive OEM deals.
09 — Console, coaching & companion app
The fleet-manager dashboard, the driver coaching loop, and the driver's own companion app are all driven by the same role-permission matrix and the same audit-anchored event store. Coaching is a feedback loop, not a punishment log — the driver sees their own score and has a right to challenge any event.
Real-time live plus rolling 6-week and 12-month history. Filter by driver, route, shift, vehicle, region, event-type and severity, with a severity-trend graph and an exception queue for low-confidence events below the tenant threshold.
A per-driver weekly digest — behaviour score out of 100, event counts, top-3 improvement areas, trend vs the prior 4 weeks — delivered by SMS or WhatsApp in the driver's language. Fleet managers get a read-only view; drivers can challenge any event.
The in-cab tablet flow captures consent at first enrolment and verifies driver identity at shift start. English + Hindi at GA; Kannada, Tamil, Telugu, Marathi, Bengali, Gujarati and Punjabi at GA+6, with voice annunciation for alerts.
Read-only access to the driver's own events and weekly score trend, top-3 coaching insights with educational content, DPDP data-principal-rights flow, consent management and an appeal flow for challenged events.
A closed role matrix scopes who sees what and who can act. The two-operator gate (Fleet Manager + Safety Officer) is enforced for termination-grade events, evidence-bundle issuance, key rotation and role elevation.
Every appliance beacons health every 15 seconds — software version, last event time, camera / OBD / GPS / LTE status, NTP drift, storage and compute utilisation — into a cloud fleet-health dashboard with PagerDuty-compatible alert routing.
10 — How to engage
DriveSight is available in early access for logistics fleets, state bus corporations, taxi aggregators, mining operators, and insurance partners ready to run a pilot. ARAI / iCAT type-approval for the AIS-140 emit module is in progress (GA target: FY28-Q1) — reach out to discuss your fleet's requirements and join the programme.
Roadmap: FY27-Q3 spike (drowsiness + activity detection); FY27-Q4 pilot; FY28-Q1 GA. ARAI / iCAT AIS-140 type-approval and ISO 27001 targeted by GA; STQC certification and CERT-In empanelment targeted by GA+6 (regulatory track, in progress — not yet obtained). DriveSight is sold only after ARAI / iCAT type-approval for the AIS-140 emit module — without it the product cannot be sold to any Indian commercial-vehicle fleet.
11 — Start
AIS-140-native, BSA §63-aligned, Indian-cost-structured driver monitoring — at a fraction of the per-vehicle cost of comparable enterprise DMS solutions. Join the pilot programme on your hardest route.