The classic trap
Article 106 amends the railway interoperability Directive (EU) 2016/797 to require that any AI system acting as a safety component in rail comply with the requirements of Chapter III, Section 2, of the AI Act, namely those applicable to high-risk systems. The trap: rolling stock manufacturers, infrastructure managers and their integrators believe they fall solely under railway interoperability and the ERA (European Union Agency for Railways), whereas an obstacle-detection classifier, an ATO (Automatic Train Operation) system or a predictive maintenance module shifts into the high-risk regime. The EU AI Office oversees the framework, and any failure in technical documentation, risk management or human oversight becomes enforceable once the regime applies.
Key vigilance points for an AI rail safety component
Qualification as a safety component within the meaning of Regulation (EU) 2024/1689 triggers a cascade of obligations that stack on top of classic railway authorisation. In practice, you must verify:
- If your AI component is embedded in a third-party conformity assessment procedure under Directive 2016/797, it almost automatically inherits high-risk status.
- The risk management system (Article 9) must be documented across the entire lifecycle, not just validated at market placement.
- Training data governance (Article 10) must cover sensor, video and signalling datasets, with bias traceability.
- Effective human oversight (Article 14) must be demonstrable for automated driving or braking decisions.
- Consistency between the AI Act technical documentation (Annex IV) and the ERA authorisation file must be maintained at every software update (OTA included).
How Luxgap automates this risk
Our Luxgap Safety-AI Conformity Bridge automatically reconciles your railway authorisation files with your high-risk AI Act obligations, and makes it impossible to miss a requirement from Chapter III, Section 2. The tool ingests your compliance repositories (ERA files, software configuration sheets, MLOps pipelines on Azure ML or AWS SageMaker, and your SharePoint M365 document management) to map each AI component and compute its risk status without a manual questionnaire.
- Automatically detects each AI component classifiable as a safety component as soon as a model is versioned or redeployed in your connected MLOps pipelines.
- Maps each requirement of Articles 9 to 15 of the AI Act onto the existing artefacts of your 2016/797 authorisation file and flags missing evidence.
- Verifies training data governance (Article 10) by tracing the provenance of sensor and video datasets stored in your S3 or Azure Blob buckets.
- Alerts in real time via Teams when an OTA software update modifies a safety component without updating the corresponding Annex IV documentation.
- Produces a timestamped PDF report, enforceable before the market surveillance authority and usable before the EU AI Office, demonstrating that Chapter III, Section 2, has been taken into account.
Available as a complement to a Luxgap CISO mandate or as a dedicated SaaS module depending on your scope. Request a personalised quote and our teams will prepare a demonstration on your real components, with a free blank audit within 48h to measure your exposure before any commitment.