Safety is a fundamental requirement in railway systems. As rail networks evolve with new technologies, growing passenger volumes, and increasing automation, the role of Safety Integrity Levels (SIL) is becoming more critical. In 2025, the case for implementing SIL in railway applications is stronger than ever, both for new builds and refurbishment projects.
What is Functional Safety?
Functional safety is a part of overall safety that depends on systems and equipment operating correctly in response to their inputs. It also ensures that, in the event of a fault, the systems handle failures in a predictable and controlled way (fail-safe). It ensures that failures, whether in hardware, software, or possibly also in human operation, are detected and controlled so that risks are reduced to an acceptable level.
In railways, functional safety means that when something goes wrong, the system reacts in a way that keeps people, infrastructure, and equipment safe. These are the automatic protection systems that need to be designed properly to handle likely human errors, systematic errors, hardware failures and operational/environmental stress.
For example:
- If the bearings of a train overheat, the functional safety system ensures the train moves into a safe state, e.g. by applying the brakes.
- If a door is not aligned with a platform, the functional safety system prevents the door from opening.
Functional safety is based on several principles:
- Risk assessment and reduction: Hazards are identified, evaluated, and systems are designed to reduce the risks to acceptable levels.
- System response to failure: The design ensures that when failures occur, the system transitions to or maintains a safe state.
- Lifecycle approach: Safety is managed across the entire lifecycle: design, development, operation, maintenance, and decommissioning.
- Safety Integrity Levels (SIL): Safety functions are classified according to the level of risk reduction required.
This framework provides the foundation for SIL, which quantifies the reliability of these safety functions.
What is a Safety Integrity Level (SIL)?
Safety Integrity Levels (SIL) are defined levels of risk reduction applied to safety-related systems. They are used to quantify the reliability and performance of safety-related functions in industries such as rail, industrial automation, and process control. SIL levels range from SIL 1 to SIL 4. The higher the SIL level, the lower the acceptable likelihood of a dangerous failure occurring; hence, SIL 4 provides the highest level of risk reduction.
Each SIL level corresponds to a probability of a dangerous failure per hour (PFH), as defined by international safety standards IEC 61508 (functional safety for electrical, electronic, and programmable systems). For the rail industry, CENELEC has developed the EN 50126, EN 50129 and EN 50716 (previously EN 50128) standards, which were derived from the IEC 61508 to meet railway-specific requirements. In railway applications, SIL-certified systems ensure that safety functions, such as automatic door operation or hot axle box detection, operate within a defined probability of failure, thereby reducing risks to an acceptable level.
Four Safety Integrity Levels: An Explanation
Four Safety Integrity Levels are defined, ranging from SIL 1 to SIL 4.
- SIL 1: Provides a lower level of risk reduction. Typically used for non-critical applications where failure would not directly cause harm but may result in inconvenience or minor disruption.
(Tolerable Functional Failure Rate (TFFR): 10⁻⁵ – 10⁻⁶ per hour) - SIL 2: Applied to systems where failure could cause significant operational disruption or present hazards to passengers or staff, but not catastrophic consequences.
(TFFR: 10⁻⁶ – 10⁻⁷ per hour) - SIL 3: Used where failure could result in severe injury or fatalities. Systems at this level require high reliability and robust fault tolerance.
(TFFR: 10⁻⁷ – 10⁻⁸ per hour) - SIL 4: This is the highest level of risk reduction and is reserved for applications where failure would lead to catastrophic consequences, including large-scale casualties and therefore must be prevented at all costs.
(TFFR: 10⁻⁸ – 10⁻⁹ per hour)
Achieving a SIL classification requires strict compliance with standards for hardware reliability, fault tolerance, and systematic integrity. It also demands rigorous engineering and development processes to minimise design errors and ensure predictable system behaviour.
Faults in software are always considered systematic. They are controlled using qualitative measures defined in standard EN 50716 (previously EN 50128). Preventive measures for software faults include, e.g. management, development organisation, documentation, testing, development methods, and separation of safety / non-safety functions.
For most safety functions in a train TCMS, SIL 1 or SIL 2 will provide acceptable risk levels. No matter the level, SIL functions contribute to making your trains safer.
Where is SIL Applied in Railways?
SIL-rated applications are commonly implemented in:
- Train Control and Management Systems (TCMS)
- Automatic Selective Door Operation (ASDO)
- Braking and traction control functions
- Driver vigilance and event recording systems
- ETCS and other signalling interfaces
Why does SIL Matter More in 2025?
Several industry trends are making SIL compliance increasingly relevant:
- Growing Automation
Railways are moving toward higher levels of automation, including Automatic Selective Door Operation. As automation increases, the burden of ensuring safety is either shifted to the system itself or shared by the driver and the system. SIL-rated applications provide the required assurance. - New Refurbishment Projects
Many trains worldwide are using outdated control units from the 1990s or 2000s. Faced with ageing fleets, many rail operators are extending their service life by refurbishing and modernising existing trains instead of purchasing new ones. SIL-certified solutions allow safety-critical upgrades without compromising compliance. - Regulatory Expectations
Regulators and certification bodies are increasingly aligning with SIL standards to ensure interoperability and safety across networks. Demonstrating SIL compliance supports approval processes and reduces project risk. - Passenger and Public Confidence
Passengers expect rail to be one of the safest modes of transport. Implementing SIL helps maintain this trust by ensuring that safety functions are not only designed but also independently validated and proven. - Future-Proofing Investments
Systems designed with SIL compliance are more resilient to evolving standards. In 2025 and beyond, railway builders and integrators who implement SIL early will face fewer redesigns and recertification costs in the future.
EKE-Electronics’ SIL Safety Capability
At EKE-Electronics, we have extensive experience in designing and manufacturing systems with SIL 1 and 2 functions. Our safety applications cover critical train functions, including door operation, hot axle box detection, and driver vigilance, and are engineered to prevent dangerous failures or manage them safely when they occur. These systems are designed to ensure that essential functions operate correctly, even under unintended or exceptional conditions.
Our EKE-Trainnet® safety solutions focus on mitigating major hazards such as derailment, collision, fire, personal injury, material damage, and environmental impact. We systematically determine and analyse potential causes, including overspeeding, equipment failures (wheels, bearings, brakes, or doors), and human errors. Based on these analyses, we design control measures and safety requirements such as warnings and alarms, speed limitations, traction disabling, emergency braking, and power cut-off mechanisms to maintain safe operations under all circumstances.
With a proven track record, our safety systems are trusted by train builders, integrators, and design consultants worldwide for their reliability and robustness in complex railway environments.