New Definition and Specification of Operational Design Condition for Autonomous Railway System

Railway market is undergoing a major change with the incoming of driving automated systems and autonomous trains in open environment. Due to the strict railway regulations and the complexity of rail technology, defining and specifying the operational design domain that describes the environmental conditions within which the autonomous system is designed to operate safely is primordial for establishing a safety demonstration for autonomous trains. In this paper, we describe a methodology for specifying the operational design domain during all the life cycle phases of the railway system as described by the safety norm EN-50126: starting from high-level definition of the operational design domain from the operational context, hazard and risk analysis until the derivation of safety requirements encapsulated by the operational design domain. We tackle, in a second part, a new concept called the operational design condition that encapsulates both the operational design domain and the real time system and human capabilities. Similarly, we explain how the operational design condition can be specified, step by step, in each phase of the railway system life cycle.

Keywords: Operational design domain, Operational design condition, Automation, Autonomous systems, Safety, Risk assessment, Railways.

Download PDF