The Future of Railway Software Development: Transitioning From EN 50128 to EN 50716

In December 2023, the release of the EN 50716 standard marked a pivotal moment for railway software development, superseding EN 50128 and EN 50657. EN 50716 sets new safety and performance benchmarks for software used in railway signaling and rolling stock. While the core principles of its predecessors remain intact, this new standard introduces several enhancements designed to simplify processes and adapt to technological advancements. Understanding these changes is essential for staying compliant, competitive, and innovative.

What Is EN 50716, and Why Is It Important?

EN 50716 governs the development of software used in railway systems, particularly signaling and rolling stock. Its primary aim is to ensure the safety, reliability, and performance of software in a high-risk environment. From controlling train movements to managing track switches, the software must meet stringent safety standards.

The new standard reflects decades of evolving safety regulations and acknowledges the dramatic technological shifts in the rail industry, such as the rise of model-based systems engineering (MBSE), Agile development methodologies, and artificial intelligence (AI) integration. The transition to EN 50716 is more than a regulatory update — it’s an opportunity to modernize development processes and leverage new technologies, ensuring compliance and remaining competitive in a fast-paced industry.

Ansys provides a comprehensive set of MBSE capabilities, from the Ansys System Architecture Modeler (SAM) capability to an MBSE tool suite that covers the entire system development life cycle, from design and modeling to verification and validation. This integrated approach ensures compliance with safety standards like EN 50716 while enhancing efficiency and reducing development risks.

2. Simplified Roles and Responsibilities

A notable change in EN 50716 is the simplification of requirements around roles and responsibilities within software development teams. In the past, the ambiguity surrounding responsibilities sometimes led to confusion and inefficiencies. EN 50716 clarifies these roles, enabling organizations to assign tasks more effectively and improve accountability.

3. Recognition of Model-based Languages

EN 50716 acknowledges the growing importance of model-based design in software development, promoting this approach to enhance software quality and reduce time to market. By endorsing model-based methodologies, the standard encourages companies to adopt tools like the Ansys SCADE embedded software product collection that align perfectly with these principles. This shift is especially beneficial for organizations aiming to accelerate development cycles while maintaining safety and staying competitive in the industry.

4. Incorporation of Agile Development

One other significant shift in EN 50716 is its inclusion of Agile development methodologies. Traditionally, railway software development followed a more rigid waterfall model. However, the industry is evolving, and Agile’s focus on iterative development, collaboration, and flexibility is gaining ground. EN 50716 provides guidance on how to integrate Agile practices while maintaining safety-critical testing and validation processes.

AI and Machine Learning in EN 50716

EN 50716 also addresses the growing role of AI and machine learning (ML) in railway software development. However, it does so with caution. While AI/ML technologies continue to rapidly advance, their inherent complexity presents challenges for deployment in safety-critical systems. These applications often require highly predictable behaviors, which are currently difficult to ensure with AI and ML. The standard advises limiting these technologies’ use to components that are not safety-integrity-level (SIL) rated.

This guidance aligns with the careful, safety-first approach of the rail industry while still allowing room for innovation. For example, tools like the SCADE suite are expanding their AI capabilities, and this cautious approach enables companies to explore AI in less critical applications.

Emphasis on Formal Methods

Another key update in EN 50716 is its expanded emphasis on formal methods. In previous standards, formal methods — mathematically-based verification techniques — were mandatory only for higher SIL levels (SIL 3-4). The new standard extends this requirement to lower levels (SIL 1-2), underscoring the growing importance of rigorous verification processes across all safety levels.

For companies using the SCADE suite, which supports formal methods, this is a significant advantage. Formal verification ensures that software components are robust and reliable. The expansion of formal methods to SIL 1-2 reinforces the importance of high-quality, well-verified software throughout the entire system.

Moving Forward With EN 50716

The release of EN 50716 marks an important shift in how railway software development is regulated. It reflects the industry’s technological evolution with enhancements aimed at improving safety, efficiency, and flexibility.

The SCADE suite is fully compliant with the previous EN 50128 standard and used in numerous SIL 3-4 software components. With the new EN 50716 standard, the SCADE suite fits even better, as it embraces model-based languages, emphasizes formal methods for SIL 1-2, and incorporates Agile development guidance. Additionally, the SCADE suite’s growing AI capabilities align with the standard’s recommendations for using AI/ML in non-SIL components, making it an even more versatile and future-proof solution for railway software development.

To learn more, read the white paper “Full Steam Ahead: Ansys SCADE Speeds Embedded Software Development for Railway Applications.”