Safety In UAM, Fail-Safe vs Fail-Operational

Humanity in the last century has advanced faster than in the previous 2.5 million years. Since then, great milestones have been achieved, but nothing as revolutionary from transportation-wise as the invention 136 years ago of the first car in history by Karl Benz, the development of the airplane by Wilbur and Orville Wright in 1903, or the invention of the modern helicopter (Autogiro) by Juan de la Cierva in 1920.

But technology does not stop, and in 2022 we are at the dawn of a second revolution in the transport of people and goods. The conversion of the car, plane and helicopter into one, the eVTOL, that will need to share the airspace with drones. In order to approach the Urban Air Mobility (UAM) it is necessary to adapt the airworthiness regulations to this new scenario. Differentiating fail-safe and fail-operational systems take on special importance to ensure safety within the new UAM ecosystem.


Fail-Safe VS Fail-Operational

First let’s define concepts. Fail-Safe is understood as a system that in case of a failure enters into an operating mode with reduced functionality and Fail-Operational is a system that still has full functionality after a failure. 

Applied to the UAM industry, Fail-Safe includes all means that are available to safely terminate the mission in case of a failure. It can go from systems designed to safely terminate the mission onsite (parachute landing, autorotation, engine kill…) to architectures where the system is capable of going home by its own means (degraded maneuvers…). With the appropriate redundancies in the system, it is possible to assure Fail-Operational architectures where the vehicle can continue the mission with full functionalities and the appropriate level of safety. In all these scenarios it is required that the system has the appropriate means to detect the failure so the system operator can be aware of it and take the necessary actions. 

For Embention, safety is non-negotiable, the redundant Veronte Autopilot 4x has been designed with no single point of failure. This versatile control system is compatible with any aircraft design, and especially within the Urban Air Mobility (UAM). Developed in compliance with the DO178C and DO254 standards with DAL-B level (DAL-A in process) the Veronte Autopilot is compatible with Fail-Safe and Fail-Operational architectures permitting to easily select the preferred reaction depending on the criticality of the failure detected.