The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

Transcript

1. The Safety-Critical Edge Certifying AI for Passenger Rail Operations Joffrey

   Lauthier May 18, 2026 – San Jose, CA

2. The Internet of (automated) Trains Advancing rail automation requires a

   shift to intelligent vehicles Edge AI supports higher levels of onboard intelligence Ensuring the safety of complex technology stacks is a challenge Approaches to AI/ML safety certification 2 The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

3. Driverless systems already move 25 million riders daily METROS Unattended

   operations 480-ton trainsets 60,000 pphpd HEAVY HAUL Mine to port Three locomotives Distributed power 28,000 tons 3 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

4. Automation is a competitive imperative for transit and rail Increased

   frequency, flexibility, capacity Improved safety and reliability Reduced operating cost Better passenger experience Higher ridership 4 The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

5. The next frontier: expanding automation to more transport modes MAINLINE

   Passenger lines and freight lines Shunting yards STREETCARS Driverless trams Depot automation Collision avoidance BUS AUTOMATION Gated BRT Precision stopping Bus depots FREIGHT WAGONS Autonomous electric platforms Platooning Automated yards 5 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

6. Automating railroads is hardest – complex uncontrolled environment Transit Closed

   system Single operator for infrastructure and vehicles Passenger transport only, limited special services Single fleet, vehicles of identical performance Right-of-way protected from intrusions Integrated system procured in a single package Railroad Open system Different operators for infrastructure and fleets Freight, commuter, intercity passenger rail Multiple fleets with different characteristics Publicly accessible right- of-way, grade crossings Network-wide interoperability required 6 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

7. AI is improving the performance of safety-critical functions DRIVER ASSISTANCE

   Optimized acceleration and braking based on track map, schedule goals, and the movement of other trains VEHICLE POSITIONING Train positioning based on onboard perception rather than traditional lineside beacons COLLISION AVOIDANCE Collision avoidance using forward- facing multispectral perception for obstacle detection BROKEN RAIL DETECTION Broken rail detection through continuous monitoring of track structural integrity 7 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

8. GoA 1 GoA 2 GoA 3 GoA 4 Four grades

   of (rail) automation – from manual to unattended Manual train operation Train operator controls train dispatching Train operator detects obstacles and intrusions Train operator or attendant intervenes when automated operations fail and in emergencies Semi-automated operation Central control of train dispatching: constant headway, timetable Driverless train operation Automated obstacle detection and right-of-way intrusion protection Unattended train operation Remote dispatching for handling failures and emergencies 8 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

9. AI is unlocking higher grades of automation Train Management Automatic

   Train Protection Automatic Train Operation Obstacle Detection Remote Operation CCTV + Public Address GoA 0 GoA 1 GoA 2 GoA 3 GoA 4 Network Control Center Wayside Intrusion Detection Remote Operation Center AI diagnostics AI optimization AI perception AI perception AI analytics Brakes Traction Doors 9 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

10. Legacy train control relies on trackside computing infrastructure Control center

    Train supervision Power SCADA Tunnel ventilation Scheduling Crew rostering Asset management Wayside equipment Interlocking systems Train control zone controllers Wired networking equipment Track equipment Signals Switches Train detection Transponders Wireless radio access points Rolling stock Driver console Train control computers Transponder antennas Positioning system Train-to-wayside radios Train communication network 10 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

11. Cloud and edge computing enable intelligent vehicles Control center Train

    supervision Power SCADA Tunnel ventilation Scheduling Crew rostering Asset management Private cloud Wayside equipment Interlocking systems Train control zone controllers Wired networking equipment Track equipment Signals Switches Train detection Transponders Wireless radio access points Rolling stock Driver console Train control computers Transponder antennas Positioning system Train-to-wayside radios Train communication network Carborne controllers 11 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

12. Six technologies shifting movement authority to intelligent vehicles V2I RADIO

    COMMS Continuous vehicle-to- infrastructure communications High availability, low latency VEHICLE POSITIONING Vehicles computing their own position against a track map Accurate, precise, robust VEHICLE PERCEPTION Obstacle detection, collision avoidance, vehicle location, infrastructure monitoring EDGE COMPUTING Onboard computers supporting low latency, robustness, and autonomy Real-time, safety-critical hypervisors SOFTWARE- DEFINED VEHICLE Modular onboard software components running on virtualized real-time operating systems AI / MACHINE LEARNING Artificial intelligence enabling perception: analyzing sensor data from LiDAR, radar, camera, IMUs 12 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

13. Europe is writing the software- defined train playbook NG-TCMS Next

    Generation Train Control and Management System Single Ethernet backbone for all vehicle subsystems, vital and non-vital FRMCS Future Railway Mobile Communication System Standardized V2I communications interfaces supporting future wireless radio technologies CCS TSI Control Command and Signalling Technical Specifications for Interoperability Interoperability with the trackside infrastructure OCORA Open Control Command and Signalling On-board Reference Architecture Standardized, modular, and future-proof architecture 13 The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

14. Navigating the U.S. regulatory environment for train control systems INTEROPERABILITY

    SAFETY CYBERSECURITY Federal Railroad Administration (FRA) ‒ Positive Train Control (PTC) Association of American Railroads (AAR) ‒ Interoperable Train Control (ITC) American Public Transportation Association (APTA) ‒ Passenger Rail Equipment Safety Standards (PRESS) New York City Transit (NYCT) ‒ Interoperability Interface Specification (I2S) IEEE 1474 Series ‒ Communications-Based Train Control (CBTC) European Union Agency for Railways ‒ European Rail Traffic Management System (ERTMS) Federal Railroad Administration (FRA) ‒ Positive Train Control (PTC) Federal Transit Administration (FTA) ‒ Signal System Safety and Train Control advisory ‒ Project Management Oversight (PMO) State Safety Oversight Agencies (SSOAs) ‒ Public Transportation Agency Safety Plan (PTASP) ‒ Safety and Security Certification CENELEC EN 5012x functional safety ‒ IEC 62278 / EN 50126 – RAMS ‒ IEC 62425 / EN 50129 – Hardware ‒ IEC 62279 / EN 50716 – Software Transportation Security Administration (TSA) ‒ Security Directives 1580/1582 National Institute of Standards and Technology (NIST) ‒ Transit CSF Community Profile Federal Transit Administration (FTA) ‒ Critical Infrastructure Security and Resilience (CISR) American Public Transportation Association (APTA) ‒ Securing Control and Communications Systems in Rail Transit Environments IEC Cybersecurity standards ‒ ISA/IEC 62443 – Industrial Automation and Control Systems (IACS) ‒ IEC 63452 – Cybersecurity in railway systems 14 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

15. The software-defined train prioritizes hardware abstraction ROAD VEHICLES RAIL VEHICLES

    Scope Vehicle only Vehicle + infrastructure Failures, lifespan MDBF 30,000 miles, 10-15 years 400,000 miles, 30-50 years Production model Mass production: proven-in-use arguments based on fleet data Low volume, small batches, highly customized, site-specific Approach Goal-oriented. Hardware architectural metrics Systematic safety cases and formal argumentation Standards ISO 26262, ISO 21448, IATF 16949, ISO/SAE 21434 EN 50126, EN50129, EN 50716, IEC 63452 15 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

16. The AI certification challenge ‒ technical and regulatory hurdles Demonstrable

    coverage of safety requirements through structured testing – AI cannot guarantee behavior across all operational scenarios Training data becomes a critical safety artifact – Data errors propagate as systematic failures in deployed systems AI may produce incorrect predictions outside its operational design domain – Runtime monitoring, confidence bounds, safe fallback mechanisms ML frameworks, training pipelines, deployment tools for safety-critical functions are classified as T2/T3 – Commercial tools lack T2/T3 qualification Environmental changes may degrade model performance over time – Criteria for when re-certification is required EN 50128 written for deterministic behavior EN 50716 evolved to address AI/ML: probabilistic outputs, learned behavior, emergent properties Verification & validation Data quality and lifecycle Failsafe behavior Tools qualification Model drift Functional safety standards 16 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

17. The blueprint for trust: our AI system assessment framework NORMAL

    OPERATION Interoperability, reliability, performance, safety DISRUPTION Cybersecurity, physical security, robustness EXPLAINABILITY Traceability, transparency, observability, explainability INDIVIDUAL Privacy, controllability, usability GROUPS Non-discrimination, bias, fairness SOCIETY & BEYOND Accountability, representativeness, sustainability M MANAGEMENT LAYER Assessing organizational structure, processes, and plans D DOCUMENTATION LAYER Assessing design documents, hazards, risks, safety analyses T TEST LAYER Assessing test coverage, and verification & validation results 17 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

18. TÜV AI.Lab assessment matrix: safe, secure, and explainable Dimension Phase

    SAFE SECURE EXPLAINABLE Regular Operation (AI System → Outside) Disruption (AI System ← Outside) Epistemology (AI System ← Individual) Interoperability Reliability Performance Safety Cybersecurity Robustness Traceability Transparency Observability Interpretability Inception D D D D D D D Design & Concept M D T D D T D D D D D D Development D T D M D T D T D D T D T Verification & Validation D D D D D Deployment D D D D D D D D D Operation D M D T D T D D T D T D D M Monitoring D M D T M D T M M D T M M Retirement D D D D D D 18 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

19. Four strategies for a successful AI system certification AI systems

    are exceptionally difficult to certify to Safety Integrity Levels 3-4 without extensive additional controls AI in a non-vital advisory role supervised by a safety-certified control system Driver assistance system paired with a SIL4 automatic train protection system Design operational monitoring – Define drift detection thresholds and re-certification triggers Strong configuration management and no learning on the job: deployed model is frozen Redundant channels independently developed on distinct hardware, models, and training data Arbiter logic becomes safety-critical, constraining the highest-performing model Use safety-certified hardware and software stacks No AI support yet on vital rail platforms – Explore ISO 26262 ASIL D automotive platforms Safety-caged AI Continuous monitoring Diverse redundancy Qualified platforms 19 Edge Computing and AIoT Driving Real-Time Intelligence – The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

20. AI enables automation of open rail systems Rail vehicle safety

    and availability requirements are more demanding than for road vehicles Rail SDV prioritizes hardware abstraction to facilitate obsolescence management The certification strategy must be designed into the architecture from the conceptual stage Cross-industry collaboration can accelerate the availability of safety platforms and tools 20 The Safety-Critical Edge: Certifying AI for Passenger Rail Operations

21. Thank you Joffrey Lauthier | Head of Rail North America

    | [email protected]