Introduction to EN 50128:2011

EN 50128:2011, “Railway applications — Communication, signalling and processing systems — Software for railway control and protection systems,” is part of a group of related international functional safety standards for the railway industry issued by CENELEC (the European Committee for Electrotechnical Standardization) . It is an European standard adapting the IEC 61508 series of standards to the development of safety-related software for railway applications, and concerns both track-side and train-side equipment.

The first edition of EN 50128 was published in 2001 and withdrawn in April 2014 after a three-year transition period. The second edition, published in 2011, completely supersedes the previous version. Noteworthy changes introduced in EN 50128:2011 include:

  • the addition of requirements on software management, deployment and maintenance;
  • the addition of a new clause on support tools, defining what is commonly called tool qualification;
  • the updating of tables in Annex A.

EN 50128 approach to risk management is based on the determination of the Safety Integrity Level (SIL) for each safety function assigned to each subsystem. There are five SILs: 0, 1, 2, 3 and 4, with 0 being the lowest safety integrity level and 4 being the highest. SIL 4 represents likely potential for severely life-threatening or fatal injury in the event of a malfunction and requires the highest level of assurance that the dependent safety goals are sufficient and have been achieved. EN 50128, based on the SIL specifies whether techniques and measures are recommended, highly recommended, or even mandatory. For instance, static analysis is highly recommended at all SILs from 1 to 4.


EN 50657:2017/A1:2023: rolling stock applications

While the scope of EN 50128 is software for railway control and protection systems, the scope of EN 50657 is software for use in rolling stock applications, excluding software that is part of signalling equipment installed on board trains, or does not contribute to, and is segregated from rolling stock operational functions. EN 50657 uses the same structure and section numbering as EN 50128:2011. Its approach to risk management is also based on the concept of levels of software integrity: from the lowest called Basic Integrity (B. I. for short) to the highest, SIL 4. Same as EN 50128, static analysis is highly recommended at all SILs from 1 to 4.


Role of ECLAIR in Ensuring Compliance with EN 50128 and EN 50657

The ECLAIR Software Verification Platform can be used to comply with several of the techniques and measures required by EN 50128:2011 and EN 50657:2017/A1:2023. In addition, the ECLAIR Fusa Pack greatly simplifies obtaining all the confidence-building evidence that is required to make a solid argument justifying the use of ECLAIR in safety-related projects.


ECLAIR Coverage of EN 50128

ECLAIR Coverage of EN 50657


We are a passionate team of experts. Do not hesitate to let us have your feedback:
You may be surprised to discover just how much your suggestions matter to us.