Fail-Safe Design

Section 06: System Safety & Functional Safety

Definition

A design philosophy in which the occurrence of any single failure, or likely combination of failures, results in a safe condition or allows continued safe flight and landing. In a fail-safe design, failures are accommodated through a combination of redundancy, designed failure paths, detectability, and crew procedures. The fail-safe concept was the original safety philosophy for transport aircraft structure (fail-safe structure permits damage or partial failure without catastrophic structural failure) and has been extended to systems design. Under 14 CFR/CS 25.1309, the fail-safe design concept requires that no single failure results in a catastrophic failure condition.

Where This Shows Up

Fail-safe is the foundational safety philosophy for transport category aircraft. It does not mean failures cannot occur; rather, it means the design accommodates failures safely. For structures, this includes damage-tolerant design with multiple load paths. For systems, it includes redundancy with failure detection and the ability to continue safe flight and landing. Fail-safe differs from fail-operational and fail-passive in the specific behavior after failure.

Primary Sources

14 CFR 25.1309(b) — Equipment, Systems, and InstallationsFAA

Requires that the airplane and its systems be designed to a fail-safe design concept.

AC 25.1309-1A — System Design and AnalysisFAA

Elaborates on the fail-safe design concept and its application to systems.

Related Terms

Fail-OperationalFail-PassiveRedundancySafety Objectives and Quantitative Probability Targets

Need help navigating certification?

Understanding the terminology is the first step. If you need expert guidance on DO-178C, DO-254, ARP4754B, or any aspect of FAA, EASA, or TCCA certification, our team is here to help.