The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

Transcript

1. The Safety-Critical Edge Certifying AI for Passenger Rail Operations EDGE

   AI San Diego 2026 | Joffrey Lauthier | March 25

2. The Internet of (automated) Trains Advancing rail automation requires a

   shift to intelligent vehicles Edge AI supports higher levels of onboard intelligence The safety certification gap: deterministic vs. probabilistic Approaches to AI/ML safety certification 2 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

3. Driverless systems already move 25 million riders daily METROS Unattended

   operations 480-ton trainsets 60,000 pphpd HEAVY HAUL Mine to port Three locomotives Distributed power 28,000 tons 3 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

4. Automation is a competitive imperative for transit and rail Increased

   frequency, flexibility, capacity Improved safety and reliability Reduced operating cost Better passenger experience Higher ridership 4 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

5. The next frontier: expanding automation to more transport modes MAINLINE

   Passenger lines and freight lines Shunting yards STREETCARS Driverless trams Depot automation Collision avoidance BUS AUTOMATION Gated BRT Precision stopping Bus depots FREIGHT WAGONS Autonomous electric platforms Platooning Automated yards 5 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

6. Automating railroads is hardest – complex uncontrolled environment Transit Closed

   system Single operator for infrastructure and vehicles Passenger transport only, limited special services Single fleet, vehicles of identical performance Right-of-way protected from intrusions Integrated system procured in a single package Railroad Open system Different operators for infrastructure and fleets Freight, commuter, intercity passenger rail Multiple fleets with different characteristics Publicly accessible right- of-way, grade crossings Network-wide interoperability required 6 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

7. AI is improving the performance of safety-critical functions DRIVER ASSISTANCE

   Optimized acceleration and braking based on track map, schedule goals, and the movement of other trains VEHICLE POSITIONING Train positioning based on onboard perception rather than traditional lineside beacons COLLISION AVOIDANCE Collision avoidance using forward- facing multispectral perception for obstacle detection BROKEN RAIL DETECTION Broken rail detection through continuous monitoring of track structural integrity 7 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

8. AI is unlocking higher grades of automation Train Management Automatic

   Train Protection Automatic Train Operation Obstacle Detection Remote Operation CCTV + Public Address GoA 0 GoA 1 GoA 2 GoA 3 GoA 4 Network Control Center Wayside Intrusion Detection Remote Operation Center AI diagnostics AI optimization AI perception AI perception AI analytics Brakes Traction Doors 8 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

9. Six technologies shifting movement authority to intelligent vehicles V2I RADIO

   COMMS Continuous vehicle-to- infrastructure communications High availability, low latency VEHICLE POSITIONING Vehicles computing their own position against a track map Accurate, precise, robust VEHICLE PERCEPTION Obstacle detection, collision avoidance, vehicle location, infrastructure monitoring EDGE COMPUTING Onboard computers supporting low latency, robustness, and autonomy Real-time, safety-critical hypervisors SOFTWARE- DEFINED VEHICLE Modular onboard software components running on virtualized real-time operating systems AI / MACHINE LEARNING Artificial intelligence enabling perception: analyzing sensor data from LiDAR, radar, camera, IMUs 9 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

10. Navigating the U.S. regulatory environment for train control systems INTEROPERABILITY

    SAFETY CYBERSECURITY Federal Railroad Administration (FRA) ‒ Positive Train Control (PTC) Association of American Railroads (AAR) ‒ Interoperable Train Control (ITC) American Public Transportation Association (APTA) ‒ Passenger Rail Equipment Safety Standards (PRESS) New York City Transit (NYCT) ‒ Interoperability Interface Specification (I2S) IEEE 1474 Series ‒ Communications-Based Train Control (CBTC) European Union Agency for Railways ‒ European Rail Traffic Management System (ERTMS) Federal Railroad Administration (FRA) ‒ Positive Train Control (PTC) Federal Transit Administration (FTA) ‒ Signal System Safety and Train Control advisory ‒ Project Management Oversight (PMO) State Safety Oversight Agencies (SSOAs) ‒ Public Transportation Agency Safety Plan (PTASP) ‒ Safety and Security Certification CENELEC EN 5012x functional safety ‒ IEC 62278 / EN 50126 – RAMS ‒ IEC 62425 / EN 50129 – Hardware ‒ IEC 62279 / EN 50716 – Software Transportation Security Administration (TSA) ‒ Security Directives 1580/1582 National Institute of Standards and Technology (NIST) ‒ Transit CSF Community Profile Federal Transit Administration (FTA) ‒ Critical Infrastructure Security and Resilience (CISR) American Public Transportation Association (APTA) ‒ Securing Control and Communications Systems in Rail Transit Environments IEC Cybersecurity standards ‒ ISA/IEC 62443 – Industrial Automation and Control Systems (IACS) ‒ IEC 63452 – Cybersecurity in railway systems 10 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

11. The AI certification challenge ‒ technical and regulatory hurdles Demonstrable

    coverage of safety requirements through structured testing – AI cannot guarantee behavior across all operational scenarios Training data becomes a critical safety artifact – Data errors propagate as systematic failures in deployed systems AI may produce incorrect predictions outside its operational design domain – Runtime monitoring, confidence bounds, safe fallback mechanisms ML frameworks, training pipelines, deployment tools for safety-critical functions are classified as T2/T3 – Commercial tools lack T2/T3 qualification Environmental changes may degrade model performance over time – Criteria for when re-certification is required EN 50128 / 50657 written for deterministic behavior EN 50716 evolved to address AI/ML: probabilistic outputs, learned behavior, emergent properties Verification & validation Data quality and lifecycle Failsafe behavior Tools qualification Model drift Functional safety standards 11 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

12. The blueprint for trust: our AI system assessment framework REGULAR

    OPERATION Interoperability, reliability, performance, safety DISRUPTION Cybersecurity, physical security, robustness EXPLAINABILITY Traceability, transparency, observability, explainability INDIVIDUAL Privacy, controllability, usability GROUPS Non-discrimination, bias, fairness SOCIETY & BEYOND Accountability, representativeness, sustainability M MANAGEMENT LAYER Assessing organizational structure, processes, and plans D DOCUMENTATION LAYER Assessing design documents, hazards, risks, safety analyses T TEST LAYER Assessing test coverage, and verification & validation results 12 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

13. Four strategies for a successful AI system certification AI systems

    are exceptionally difficult to certify to Safety Integrity Levels 3-4 without extensive additional controls AI in a non-vital advisory role supervised by a safety-certified control system Driver assistance system paired with a SIL4 automatic train protection system Design operational monitoring – Define drift detection thresholds and re-certification triggers Strong configuration management and no learning on the job: deployed model is frozen Redundant channels independently developed on distinct hardware, models, and training data Arbiter logic becomes safety-critical, constraining the highest-performing model Use safety-certified hardware and software stacks No AI support yet on vital rail platforms – Explore ISO 26262 ASIL D automotive platforms Safety-caged AI Continuous monitoring Diverse redundancy Qualified platforms 13 EDGE AI San Diego 2026 – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

14. Thank you Joffrey Lauthier | Head of Rail North America

    | [email protected]