(1) When performing its intended function, may not adversely affect the response, operation, or accuracy of any—
(i) Equipment essential to safe operation; or
(ii) Other equipment unless there is a means to inform the pilot of the effect.
(2) In a single-engine airplane, must be designed to minimize hazards to the airplane in the event of a probable malfunction or failure.
(3) In a multiengine airplane, must be designed to prevent hazards to the airplane in the event of a probable malfunction or failure.
(4) In a commuter category airplane, must be designed to safeguard against hazards to the airplane in the event of their malfunction or failure.
(b) The design of each item of equipment, each system, and each installation must be examined separately and in relationship to other airplane systems and installations to determine if the airplane is dependent upon its function for continued safe flight and landing and, for airplanes not limited to VFR conditions, if failure of a system would significantly reduce the capability of the airplane or the ability of the crew to cope with adverse operating conditions. Each item of equipment, each system, and each installation identified by this examination as one upon which the airplane is dependent for proper functioning to ensure continued safe flight and landing, or whose failure would significantly reduce the capability of the airplane or the ability of the crew to cope with adverse operating conditions, must be designed to comply with the following additional requirements:
(1) It must perform its intended function under any foreseeable operating condition.
(2) When systems and associated components are considered separately and in relation to other systems—
(i) The occurrence of any failure condition that would prevent the continued safe flight and landing of the airplane must be extremely improbable; and
(ii) The occurrence of any other failure condition that would significantly reduce the capability of the airplane or the ability of the crew to cope with adverse operating conditions must be improbable.
(3) Warning information must be provided to alert the crew to unsafe system operating conditions and to enable them to take appropriate corrective action. Systems, controls, and associated monitoring and warning means must be designed to minimize crew errors that could create additional hazards.
(4) Compliance with the requirements of paragraph (b)(2) of this section may be shown by analysis and, where necessary, by appropriate ground, flight, or simulator tests. The analysis must consider—
(i) Possible modes of failure, including malfunctions and damage from external sources;
(ii) The probability of multiple failures, and the probability of undetected faults.;
(iii) The resulting effects on the airplane and occupants, considering the stage of flight and operating conditions; and
(iv) The crew warning cues, corrective action required, and the crew's capability of determining faults.
(c) Each item of equipment, each system, and each installation whose functioning is required by this chapter and that requires a power supply is an “essential load” on the power supply. The power sources and the system must be able to supply the following power loads in probable operating combinations and for probable durations:
(1) Loads connected to the power distribution system with the system functioning normally.
(2) Essential loads after failure of—
(i) Any one engine on two-engine airplanes; or
(ii) Any two engines on an airplane with three or more engines; or
(iii) Any power converter or energy storage device.
(3) Essential loads for which an alternate source of power is required, as applicable, by the operating rules of this chapter, after any failure or malfunction in any one power supply system, distribution system, or other utilization system.
(d) In determining compliance with paragraph (c)(2) of this section, the power loads may be assumed to be reduced under a monitoring procedure consistent with safety in the kinds of operations authorized. Loads not required in controlled flight need not be considered for the two-engine-inoperative condition on airplanes with three or more engines.
(e) In showing compliance with this section with regard to the electrical power system and to equipment design and installation, critical environmental and atmospheric conditions, including radio frequency energy and the effects (both direct and indirect) of lightning strikes, must be considered. For electrical generation, distribution, and utilization equipment required by or used in complying with this chapter, the ability to provide continuous, safe service under forseeable environmental conditions may be shown by environmental tests, design analysis, or reference to previous comparable service experience on other airplanes.
(f) As used in this section, “system” refers to all pneumatic systems, fluid systems, electrical systems, mechanical systems, and powerplant systems included in the airplane design, except for the following:
(1) Powerplant systems provided as part of the certificated engine.
(2) The flight structure (such a wing, empennage, control surfaces and their systems, the fuselage, engine mounting, and landing gear and their related primary attachments) whose requirements are specific in subparts C and D of this part.
[Amdt. 23–41, 55 FR 43309, Oct. 26, 1990; 55 FR 47028, Nov. 8, 1990, as amended by Amdt. 23–49, 61 FR 5168, Feb. 9, 1996]
NEXT: Sec. 23.1311 - Electronic display instrument systems.
PREVIOUS: Sec. 23.1308 - High-intensity Radiated Fields (HIRF) Protection.