Image courtesy of iso.org
IEC 61508 Edition 3 Preview: Significant Changes to Software Requirements
IEC 61508 Edition 3, expected for publication in 2026, introduces substantially revised software development requirements including mandatory use of structured code analysis tools for SIL 2+, clearer guidance on model-based development, and updated treatment of AI/ML components.
What IEC 61508 Edition 3 Will Change for Safety Engineers
IEC 61508 is the parent functional safety standard — the foundation that ISO 26262, IEC 62304, EN 50128, and other domain-specific safety standards build on. Edition 3 has been in development since 2020, with final publication expected in 2026. The draft content available to committee members reveals significant changes to software requirements that practising safety engineers should begin preparing for.
Mandatory Static Analysis for SIL 2+
Edition 2 recommends use of static analysis tools for software at SIL 2 and above. Edition 3 makes this mandatory. Specifically: SIL 2 requires static analysis with a qualified tool covering undefined behaviour, data flow errors, and control flow anomalies. SIL 3 and SIL 4 add mandatory use of abstract interpretation tools (targeting a defined soundness property) in addition to syntactic static analysis.
This change will have significant process and toolchain implications for organisations currently meeting SIL 2 requirements without systematic static analysis.
Model-Based Development Guidance
Edition 2's guidance on model-based development was widely acknowledged to be insufficient for current practice. Edition 3 adds a dedicated annex covering: conditions under which model-based development artefacts can substitute for traditional software development evidence; tool qualification requirements for model-to-code generators; and V&V requirements specific to model-based development workflows.
The guidance is more prescriptive than Edition 2 but less prescriptive than some practitioners had hoped — key decisions about model authority and traceability requirements remain implementation-specific.
AI/ML Components
Edition 3 addresses AI/ML components in safety-critical systems for the first time. The approach is conservative: AI/ML is classified as an architectural element subject to its own FMEA; the standard requires bounding the operational domain of any AI/ML component; and monitoring requirements for out-of-distribution inputs are mandated for SIL 1+.
The standard explicitly does not claim that current AI/ML development methods can meet SIL 3 or SIL 4 requirements using AI/ML for safety-relevant decisions. This will be a point of contention as autonomous system development continues to push AI/ML into safety-relevant roles.