 |
Code of Federal Regulations (Last Updated: November 8, 2024) |
 |
Title 14 - Aeronautics and Space |
|
Chapter I - Federal Aviation Administration, Department of Transportation |
|
SubChapter C - Aircraft |
|
Part 25 - Airworthiness Standards: Transport Category Airplanes |
|
Subpart F - Equipment |
|
General |
§ 25.1309 - Equipment, systems, and installations.
-
§ 25.1309 Equipment, systems, and installations.
(a) The equipment, systems, and installations whose functioning is required by this subchapter, must be designed to ensure that they perform their intended functions under any foreseeable operating conditionThe requirements of this section, except as identified below, apply to any equipment or system as installed on the airplane. Although this section does not apply to the performance and flight characteristic requirements of subpart B of this part, or to the structural requirements of subparts C and D of this part, it does apply to any system on which compliance with any of those requirements is dependent. Section 25.1309(b) does not apply to the flight control jam conditions addressed by § 25.671(c)(3); single failures in the brake system addressed by § 25.735(b)(1); the failure conditions addressed by §§ 25.810(a)(1)(v) and 25.812; uncontained engine rotor failure, engine case rupture, or engine case burn-through failures addressed by §§ 25.903(d)(1) and 25.1193 and part 33 of this chapter; and propeller debris release failures addressed by § 25.905(d) and part 35 of this chapter.
(a) The airplane's equipment and systems must be designed and installed so that:
(1) The equipment and systems required for type certification or by operating rules, or whose improper functioning would reduce safety, perform as intended under the airplane operating and environmental conditions; and
(2) Other equipment and systems, functioning normally or abnormally, do not adversely affect the safety of the airplane or its occupants or the proper functioning of the equipment and systems addressed by paragraph (a)(1) of this section.
(c) Warning information must be provided to alert the crew to unsafe system operating conditions, and to(b) The airplane systems and associated components, considered evaluated separately and in relation to other systems, must be designed so that—and installed so that they meet all of the following requirements:
(1) The occurrence of any failure condition which would prevent the continued safe flight and landing of the airplane is extremely improbable, and
(2) The occurrence of any other failure conditions which would reduce the capability of the airplane or the ability of the crew to cope with adverse operating conditions is improbable.
Each catastrophic failure condition—
(i) Must be extremely improbable; and
(ii) Must not result from a single failure.
(2) Each hazardous failure condition must be extremely remote.
(3) Each major failure condition must be remote.
(4) Each significant latent failure must be eliminated as far as practical, or, if not practical to eliminate, the latency of the significant latent failure must be minimized. However, the requirements of the previous sentence do not apply if the associated system meets the requirements of paragraphs (b)(1) and (b)(2) of this section, assuming the significant latent failure has occurred.
(5) For each catastrophic failure condition that results from two failures, either of which could be latent for more than one flight, the applicant must show that—
(i) It is impractical to provide additional fault tolerance; and
(ii) Given the occurrence of any single latent failure, the residual average probability of the catastrophic failure condition due to all subsequent active failures is remote; and
(iii) The sum of the probabilities of the latent failures that are combined with each active failure does not exceed 1/1000.
(c) The airplane and systems must provide information concerning unsafe system operating conditions to the flightcrew to enable them to take appropriate corrective action in a timely manner. Systems , and controls, and associated monitoring and warning means including information, indications, and annunciations, must be designed to minimize crew flightcrew errors which that could create additional hazards.
(d) Compliance with the requirements of paragraph (b) of this section must be shown by analysis, and where necessary, by appropriate ground, flight, or simulator tests. The analysis must consider—
(1) Possible modes of failure, including malfunctions and damage from external sources.
(2) The probability of multiple failures and undetected failures.
(3) The resulting effects on the airplane and occupants, considering the stage of flight and operating conditions, and
(4) The crew warning cues, corrective action required, and the capability of detecting faults.
(e) In showing compliance with paragraphs (a) and (b) of this section with regard to the electrical system and equipment design and installation, critical environmental conditions must be considered. For electrical generation, distribution, and utilization equipment required by or used in complying with this chapter, except equipment covered by Technical Standard Orders containing environmental test procedures, the ability to provide continuous, safe service under foreseeable environmental conditions may be shown by environmental tests, design analysis, or reference to previous comparable service experience on other aircraft.
[Amdt. 25-23, 35 FR 5679, Apr. 8, 1970, as amended by Amdt. 25-38, 41 FR 55467, Dec. 20, 1976; Amdt. 25-41, 42 FR 36970, July 18, 1977; Amdt. 25-123, 72 FR 63405, Nov. 8, 2007(f) EWIS must be assessed in accordance with the requirements of § 25.1709.
[Reserved]
(e) The applicant must establish certification maintenance requirements as necessary to prevent the development of the failure conditions described in paragraph (b) of this section. These requirements must be included in the Airworthiness Limitations section of the Instructions for Continued Airworthiness required by § 25.1529.
[Doc. No. FAA-2022-1544, 89 FR 68735, Aug. 27, 2024]