(b) The airplane systems and associated components, considered separately and in relation to other systems, must be designed so that—
(1) The occurrence of any failure condition which would prevent the continued safe flight and landing of the airplane is extremely improbable, and
(2) The occurrence of any other failure conditions which would reduce the capability of the airplane or the ability of the crew to cope with adverse operating conditions is improbable.
(c) Warning information must be provided to alert the crew to unsafe system operating conditions, and to enable them to take appropriate corrective action. Systems, controls, and associated monitoring and warning means must be designed to minimize crew errors which could create additional hazards.
(d) Compliance with the requirements of paragraph (b) of this section must be shown by analysis, and where necessary, by appropriate ground, flight, or simulator tests. The analysis must consider—
(1) Possible modes of failure, including malfunctions and damage from external sources.
(2) The probability of multiple failures and undetected failures.
(3) The resulting effects on the airplane and occupants, considering the stage of flight and operating conditions, and
(4) The crew warning cues, corrective action required, and the capability of detecting faults.
(e) In showing compliance with paragraphs (a) and (b) of this section with regard to the electrical system and equipment design and installation, critical environmental conditions must be considered. For electrical generation, distribution, and utilization equipment required by or used in complying with this chapter, except equipment covered by Technical Standard Orders containing environmental test procedures, the ability to provide continuous, safe service under foreseeable environmental conditions may be shown by environmental tests, design analysis, or reference to previous comparable service experience on other aircraft.
(f) EWIS must be assessed in accordance with the requirements of §25.1709.
[Amdt. 25–23, 35 FR 5679, Apr. 8, 1970, as amended by Amdt. 25–38, 41 FR 55467, Dec. 20, 1976; Amdt. 25–41, 42 FR 36970, July 18, 1977; Amdt. 25–123, 72 FR 63405, Nov. 8, 2007]