From EN 50128 to EN 50716: The New Era of Railway Software Compliance

The railway software compliance landscape has fundamentally shifted.

If your organization still works under EN 50128 or EN 50657, it’s time to adapt to EN 50716:2023, the new unified standard that governs all railway software development and verification activities.

Replacing both EN 50128:2011 (control & signalling) and EN 50657:2017 (on-board rolling stock), EN 50716 establishes one comprehensive framework for the entire railway domain.

Both predecessor standards were withdrawn in November 2023. While EN 50716 isn’t retrospective, all upgrades and maintenance activities initiated after its publication should align with its requirements

In consequence, teams must balance maintaining legacy systems with developing new projects under tighter, better-defined compliance expectations.

Key Requirements That Redefine Railway Software Testing

Section 6.7
Support Tools and Languages

EN 50716 increases the emphasis on tool qualification and justification.

• Verification and validation tools must be classified as T1, T2, or T3 based on their potential to introduce undetected faults.
• T2 Tools (e.g. Cantata) support verification of executable code and therefore require documented justification when used for SW-SIL 1–4.
• Clause 6.7.4.2 states clearly: “The selection of the tools in classes T2 used for SIL 1 to SIL 4 and T3 used for SIL 1 to SIL 4 shall be justified.”

Table A.5
Software Component Analysis and Testing

• At SW-SIL 4, dynamic testing with comprehensive coverage is mandatory.
• The table explicitly lists combinations of techniques that must be applied to achieve full confidence in safety-critical behaviour.

Section 6.5.4.14
Traceability

• Traceability must extend from requirements to design, implementation, and all testing phases.
• Verification evidence should show complete bi-directional links between requirements, design artefacts, and executed tests.

Section 9.2
Software Maintenance

• Regression testing is not optional.
• Requirements 9.2.4.8 and 9.2.4.10 demand documentation of test re-execution and reuse of updated tests during re-validation.
• Given that railway systems often operate for more than 20 years, this lifecycle view is essential.

Cantata’s Certified Advantage

Independently certified by SGS-TÜV GmbH, Cantata is officially recognised as:

• Class T2 tool meeting EN 50716 sub-clause 6.7
• Qualified for use up to SW-SIL 4, the highest Safety Integrity Level

Each version of Cantata undergoes independent assessment, with defined behaviour, documented constraints, and mitigation strategies for potential failure modes.

Certification vs Qualification: The Cost Reality

Self-qualifying a T2 tool under 6.7.4.5 requires extensive documentation: validation records, tool manual versions, test cases, pass/fail results, and discrepancy analyses. This often translates into weeks of engineering effort per release.

With pre-certified Cantata, justification is immediate:

• Independent TÜV certificate
• Tool Certification Kit supplied
• Zero qualification overhead

Traceability and Regression. Assurance That Scales

Cantata Trace enables full bi-directional requirements traceability:

• Import from Excel, DOORS, PTC Integrity, Polarion, or Visure Requirements ALM
• Link requirements directly to Cantata test cases and coverage data
• Export verification status back to your requirements management tool (RM) for audit readiness

When auditors ask for evidence of “REQ-123”, teams can deliver linked test results, execution status, and coverage metrics in minutes, not days.

Cantata Code Change Analysis automates regression impact detection:

• Identifies modified functions
• Maps affected tests
• Suggests updates and refactors scripts automatically
• Supports push-button re-execution through Cantata Makefiles

This aligns directly with EN 50716 §9.2.4.8 requirements for test re-execution and artefact control.

Why Cantata for EN 50716

Certification Confidence

• TÜV-certified tool for EN 50716 up to SW-SIL 4
• Eliminates tool-qualification burden (§6.7.4.5)
• Each release is independently certified

Complete Technical Coverage

• Supports all Table A.5 component-testing techniques
• Addresses Table A.6 integration requirements
• Meets Table A.21 coverage criteria
• Enables deep white-box verification
• Cantata Hybrid option for teams using GoogleTest/GoogleMock who need EN 50716 compliance

Lifecycle Support

• CLI automation for modern DevOps workflows (including VSCode, Jenkins, GitLab CI/CD)
• Automated regression testing for 20+ year maintenance cycles
• Bi-directional traceability and audit evidence on demand

The Risk Mitigation Reality

Section 6.7 is unambiguous: verification tools can introduce latent defects, and their qualification status is critical to certification schedules.

Using Cantata means:

• Tool justification in days, not months
• Certification body acceptance through SGS-TÜV credentials
• Straightforward audit defence: “We used an independently certified tool per 6.7.4.2.”
• Attempting self-qualification adds cost, risk, and schedule uncertainty to every project.

As the industry moves from fragmented frameworks to unified assurance, EN 50716 marks a new era of integrated railway software compliance.

Conclusion

EN 50716:2023 redefines what safety means in railway software. Tool certification, dynamic testing, traceability, and regression are no longer optional, they are the foundation of compliance. Manual verification simply cannot keep pace with the technical and administrative demands of SW-SIL 3 and 4 projects.

With Cantata, engineering teams can bridge modern development practices with the rigorous assurance required by the new standard, achieving compliance without compromising productivity.

For railway software teams navigating the EN 50716 transition, the question has shifted: it’s no longer whether to automate verification and validation; it’s whether you can meet certification deadlines without it.

For more information about QA-MISRA and Cantata, visit qa-systems.com.

Author: Praveen Melepurath

© 2025 QA Systems. Published by JORAL Technologies.