============================================================ TITLE: Why Safety Certification Assumptions Don’t Survive Reality TYPE: article VERSION: 1 VERSION_ID: 6febfa43-9305-424a-9c54-720b4d64da16 GENERATED_AT: 2026-02-20T16:00:48.040Z SUMMARY: Static safety is not enough, not because functional safety itself is flawed; rather, the systems being certified no longer behave as assumed. Read more! AUTHOR: Michael Entner DATE PUBLISHED: February 17, 2026 DATE MODIFIED: February 18, 2026 READING TIME: 6 min WORD COUNT: 1190 SOURCE URL: https://lhpoas.com/lhp-oa-systems-blog/why-safety-certification-assumptions-dont-survive-reality ============================================================ KEY TAKEAWAYS: * Blog Series: The Death of Static Safety ## Blog Series: The Death of Static Safety This is the first of a six-part guest blog series titled "The Death of Static Safety". We kick things off with the following blog post outlining why safety certification assumptions don't hold up in reality. Let's dive in! ### Why Safety Certification Assumptions Don't Survive Reality Static safety is no longer enough. This is not because functional safety is flawed, but because the systems being certified no longer behave the way static safety assumes they do. ### The Invisible Decay of Assumptions ISO 26262 certification is built on assumptions. That is not a weakness; it is how safety arguments work. A system is shown to be acceptably safe as long as specific conditions remain true. Operating domains are respected. Configurations remain intact. Software behavior stays within validated bounds. In ISO 26262, these bounds are breached by faults; in ISO 21448 (SOTIF), they are breached by the inherent limitations of the system’s performance in a complex world. Hazards remain contained within the analyzed envelope. At the Start of Production (SOP), those assumptions are reviewed, justified, and approved. After SOP, they often become invisible. Once a vehicle enters operation, nothing meaningful stays frozen. Software changes. Data distributions shift. Fleets encounter environments that were not fully represented during development. Sensors degrade. Machine-learned components evolve. Even when no individual change appears safety-critical, the cumulative effect drifts away from the conditions under which the system was certified. The safety case does not collapse entirely, but it quietly becomes stale. ### When the Safety Case Stops Tracking Reality This is the uncomfortable reality of post-SOP operation. The system continues to change while the safety argument does not. While ISO 26262 manages systematic faults, it and the current application of SOTIF often lack the runtime mechanisms to detect when real-world Triggering Events push the system beyond its validated performance envelope. There is no built-in requirement to demonstrate, months or years later, that certified constraints are still being respected in the field. On paper, the system remains certified. In practice, the link between certification and real-world behavior weakens over time. Static safety worked when systems were largely deterministic, updated infrequently, and deployed into stable operating environments. Autonomy shifts the challenge from Functional Safety (mitigating faults) to SOTIF (mitigating functional insufficiency). The former manages bugs; the latter manages the unknown. Vehicles are now software-defined, continuously updated, and exposed to long-tail operational variability that no validation campaign can fully exhaust. In this context, safety cannot be a one-time proof. A safety argument that cannot be checked at runtime becomes an assumption that the industry has no mechanism to verify. ------------------------------------------------------------ ABOUT THIS CONTENT ------------------------------------------------------------ Source: https://lhpoas.com/lhp-oa-systems-blog/why-safety-certification-assumptions-dont-survive-reality Author: Michael Entner Published: February 17, 2026 This content is provided for informational purposes. Please visit the original source for the most up-to-date information.