Name: Commission Implementing Regulation (EU) 2015/1136 of 13 July 2015 amending Implementing Regulation (EU) No 402/2013 on the common safety method for risk evaluation and assessment (Text with EEA relevance)
 Type: Implementing Regulation
 Subject Matter: transport policy;  land transport;  economic geography;  technology and technical regulations
 Date Published: nan

 14.7.2015 EN Official Journal of the European Union L 185/6 COMMISSION IMPLEMENTING REGULATION (EU) 2015/1136 of 13 July 2015 amending Implementing Regulation (EU) No 402/2013 on the common safety method for risk evaluation and assessment (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Directive 2004/49/EC of the European Parliament and of the Council of 29 April 2004 on safety on the Community's railways and amending Council Directive 95/18/EC on the licensing of railway undertakings and Directive 2001/14/EC on the allocation of railway infrastructure capacity and the levying of charges for the use of railway infrastructure and safety certification (Railway Safety Directive) (1), and in particular Article 6(4) thereof, Whereas: (1) Pursuant to Directive 2004/49/EC, common safety methods should be gradually introduced to ensure that a high level of safety is maintained and, when and where necessary and reasonably practicable, improved. (2) On 12 October 2010 the Commission issued a mandate to the European Railway Agency (the Agency) in accordance with Directive 2004/49/EC to amend Commission Regulation (EC) No 352/2009 (2). A revision of this Regulation was necessary to take into account further changes to the roles and responsibilities of the assessment body referred to in Article 6 of that Regulation and additional harmonised risk acceptance criteria that could be used to assess the acceptability of risks arising from failures of technical systems in cases where the proposer chooses to use the explicit risk estimation principle. It was necessary to check that, in including the additional harmonised risk acceptance criteria referred to above, the current level of railway safety would be at least maintained in the Union, as required by Article 4(1) of Directive 2004/49/EC. This required significantly more time than expected, and the Commission therefore adopted the Implementing Regulation (EU) No 402/2013 (3) which maintained the one criterion already contained in Regulation (EC) No 352/2009 for risk acceptance. (3) The impact assessment carried out in respect of the changes introduced by Implementing Regulation (EU) No 402/2013 included the analysis of harmonised risk acceptance criteria for technical systems. The report highlighted the importance of including in the common safety method additional risk acceptance criteria not provided for under the current Regulation. Such criteria should facilitate mutual recognition between Member States of structural sub-systems and vehicles compliant with Union legislation in the field of railway interoperability. (4) In order to distinguish the acceptance of risks associated with technical systems from the acceptance of operational risks and of the overall risk at the level of the railway system, the term risk acceptance criteria with respect to technical systems should be changed into harmonised design targets for such technical systems. The harmonised design targets proposed in this Regulation may be used to demonstrate the acceptability of risks arising from failures of functions of a technical system, in cases where the proposer chooses to use the explicit risk estimation principle. Some definitions should be amended to reflect recent changes in terminology, and new definitions should be added. (5) The Agency submitted to the Commission its recommendation on the amendment to Implementing Regulation (EU) No 402/2013 designed to address the remaining objective of the mandate of the Commission with respect to the harmonised design targets. This Regulation is based on the Agency's recommendation. (6) Implementing Regulation (EU) No 402/2013 should therefore be amended accordingly. (7) The measures provided for in this Regulation are in accordance with the opinion of the Committee established in accordance with Article 27(1) of Directive 2004/49/EC, HAS ADOPTED THIS REGULATION: Article 1 Implementing Regulation (EU) No 402/2013 is amended as follows: (1) Article 3 is amended as follows: (a) point (9) is replaced by the following: (9) safety requirements  means the safety characteristics (qualitative or quantitative, or when needed both qualitative and quantitative) necessary for the design, operation (including operational rules) and maintenance of a system in order to meet legal or company safety targets; (b) point (23) is replaced by the following: (23) catastrophic accident  means an accident typically affecting a large number of people and resulting in multiple fatalities; (c) the following points (32) to (37) are added: (32) systematic failure  means a failure that occurs repeatedly under some particular combination of inputs or under some particular environmental or application conditions; (33) systematic fault  means an inherent fault in the specification, design, manufacturing, installation, operation or maintenance of the system under assessment; (34) barrier  means a technical, operational or organisational risk control measure outside the system under assessment that either reduces the frequency of occurrence of a hazard or mitigates the severity of the potential consequence of that hazard; (35) critical accident  means an accident typically affecting a very small number of people and resulting in at least one fatality; (36) highly improbable  means an occurrence of failure at a frequency less than or equal to 10  9 per operating hour; (37) improbable  means an occurrence of failure at a frequency less than or equal to 10  7 per operating hour. (2) Annex I is amended in accordance with the Annex to this Regulation. Article 2 This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, 13 July 2015. For the Commission The President Jean-Claude JUNCKER (1) OJ L 164, 30.4.2004, p. 44. (2) Commission Regulation (EC) No 352/2009 of 24 April 2009 on the adoption of a common safety method on risk evaluation and assessment as referred to in Article 6(3)(a) of Directive 2004/49/EC of the European Parliament and of the Council (OJ L 108, 29.4.2009, p. 4). (3) Commission Implementing Regulation (EU) No 402/2013 of 30 April 2013 on the common safety method for risk evaluation and assessment and repealing Regulation (EC) No 352/2009 (OJ L 121, 3.5.2013, p. 8). ANNEX Annex I to Implementing Regulation (EU) No 402/2013 is amended as follows: (1) Point 2.5.1. is replaced by the following: 2.5.1. If the hazards are not covered by one of the two risk acceptance principles laid down in points 2.3 and 2.4, the demonstration of risk acceptability shall be performed by explicit risk estimation and evaluation. Risks resulting from these hazards shall be estimated either quantitatively or qualitatively, or when necessary both quantitatively and qualitatively, taking existing safety measures into account. (2) Points 2.5.4. to 2.5.7. are replaced by the following: 2.5.4. The proposer shall not be obliged to perform additional explicit risk estimation for risks that are already considered acceptable by the use of codes of practice or reference systems. 2.5.5. Where hazards arise as a result of failures of functions of a technical system, without prejudice to points 2.5.1 and 2.5.4, the following harmonised design targets shall apply to those failures: (a) where a failure has a credible potential to lead directly to a catastrophic accident, the associated risk does not have to be reduced further if the frequency of the failure of the function has been demonstrated to be highly improbable. (b) where a failure has a credible potential to lead directly to a critical accident, the associated risk does not have to be reduced further if the frequency of the failure of the function has been demonstrated to be improbable. The choice between definition (23) and definition (35) shall result from the most credible unsafe consequence of the failure. 2.5.6. Without prejudice to points 2.5.1 and 2.5.4, the harmonised design targets set out in point 2.5.5 shall be used for the design of electrical, electronic and programmable electronic technical systems. They shall be the most demanding design targets that can be required for mutual recognition. They shall neither be used as overall quantitative targets for the whole railway system of a Member State nor for the design of purely mechanical technical systems. For mixed technical systems composed of both a purely mechanical part and an electrical, electronic and programmable electronic part, hazard identification shall be carried out in accordance with point 2.2.5. The hazards arising from the purely mechanical part shall not be controlled using the harmonised design targets set out in point 2.5.5. 2.5.7. The risk associated with the failures of functions of technical systems referred to in point 2.5.5 shall be considered as acceptable if the following requirements are also fulfilled: (a) Compliance with the applicable harmonised design targets has been demonstrated; (b) The associated systematic failures and systematic faults are controlled in accordance with safety and quality processes commensurate with the harmonised design target applicable to the technical system under assessment and defined in commonly acknowledged relevant standards; (c) The application conditions for the safe integration of the technical system under assessment into the railway system shall be identified and registered in the hazard record in accordance with point 4. In accordance with point 1.2.2, these application conditions shall be transferred to the actor responsible for the demonstration of the safe integration. (3) The following points 2.5.8 to 2.5.12 are added: 2.5.8. The following specific definitions shall apply in reference to the harmonised quantitative design targets of technical systems: (a) The term directly  means that the failure of the function has the potential to lead to the type of accident referred to in point 2.5.5 without the need for additional failures to occur; (b) The term potential  means that the failure of the function may lead to the type of accident referred to in point 2.5.5; 2.5.9. Where the failure of a function of the technical system under assessment does not lead directly to the risk under consideration, the application of less demanding design targets shall be permitted if the proposer can demonstrate that the use of barriers as defined in Article 3(34) allows the same level of safety to be achieved. 2.5.10. Without prejudice to either the procedure specified in Article 8 of Directive 2004/49/EC, or Article 17(3) of Directive 2008/57/EC of the European Parliament and of the Council (1), a more demanding design target than the harmonised design targets laid down in point 2.5.5 may be requested for the technical system under assessment, through a notified national rule, in order to maintain the existing level of safety in the Member State. In the case of additional authorisations for placing in service of vehicles, the procedures of Articles 23 and 25 of Directive 2008/57/EC shall apply. 2.5.11. Where a technical system is developed on the basis of the requirements set out in point 2.5.5, the principle of mutual recognition is applicable in accordance with Article 15(5). Nevertheless, if for a specific hazard the proposer can demonstrate that the existing level of safety in the Member State where the system is being used can be maintained with a design target that is less demanding than the harmonised design target, then this less demanding design target may be used instead of the harmonised one. 2.5.12. The explicit risk estimation and evaluation shall satisfy at least the following requirements: (a) the methods used for explicit risk estimation shall reflect correctly the system under assessment and its parameters (including all operational modes); (b) the results shall be sufficiently accurate to provide a robust basis for decision-making. Minor changes in input assumptions or prerequisites shall not result in significantly different requirements. (1) Directive 2008/57/EC of the European Parliament and of the Council of 17 June 2008 on the interoperability of the rail system within the Community (OJ L 191, 18.7.2008, p. 1)."