[Embedded World 2026] Zephyr's Roadmap to a Pre-Certified Kernel for Safety-Critical Systems

Zephyr on the path to SIL 3: Tobias Kästner outlines the safety roadmap, SEooC standards and explains why there can be no safety without security.

Safety-critical systems with open source: Zephyr’s path to certification

Open-source technologies are now the de facto standard for non-differentiating software features. However, when used in safety-critical embedded systems, where malfunctions can lead to serious injury, two worlds collide: The dynamic, contribution-driven world of FOSS and the methodical, requirements-driven world of functional safety.

Overcoming the open-source dilemma

In his talk at Embedded World 2026, Dr Tobias Kästner (Safety Architect of the Zephyr Project) outlines how this gap can be bridged. Whilst traditional safety standards such as IEC 61508 are based on strict top-down processes, Zephyr thrives on innovation and community contributions. The solution lies in establishing a ‘Systematic Capability’ through specialised compliance routes (Route 3s) and an adapted governance structure.

Strategy: Safety Element out of Context (SEooC)

As certifying the entire Zephyr code (over 2.4 million lines) is unfeasible, the roadmap focuses on a defined safety scope. This comprises approximately 15,000 lines of code, including kernel services, system initialisation and APIs. Zephyr is treated as a “Safety Element out of Context”, which defines clear integration rules for users.

Key points of the presentation:

  • No Safety without Security: Why insecure systems can never be safe, and how CVE updates affect safety claims.
  • Architectural solutions: Use of hardware features such as MPUs for spatial separation (userspace, stack protection).
  • State-of-the-art tooling: ‘Docs as Code’ approaches using tools such as StrictDoc to keep specifications and code in sync.
  • Certification objective: The roadmap targets IEC 61508 SIL 3, with options for ISO 26262 ASIL D.

Continuous Certifiability as Goal

The presentation concludes by outlining the path to “Continuous Certifiability”. In an ecosystem that evolves at a rate of 6,000 commits per release, security documentation must be automatically kept in sync with the main branch. Find out how Zephyr is pioneering new ground at the cutting edge of established practices.

Download the conference slides here

Zephyr's Roadmap to a Pre-Certified Kernel (PDF)

Haben Sie Fragen?

Dr. Tobias Kästner

Solution Architect Medical IoT