Strategic Analysis: CENELEC SIL 4 Relay Procurement Strategies and Market Dynamics in Railway Signaling
SIL 4 (Safety Integrity Level 4) safety relays, one of the most critical safety components in railway signaling projects, present significant supply risks and cost pressures due to the current market structure. This report analyzes the monopolistic nature of the market, the two main architectural approaches—”Component-Level” and “System-Level”—and their impact on 5-year Total Cost of Ownership (TCO).
Strategic Findings:
- Market Monopoly: The “plug-and-play” (Component-Level) SIL 4 relay market is dominated by a single manufacturer (Clearsy), resulting in high costs and supply dependency.
- Architectural Shift Opportunity: The “System-Level” architecture, built with industrial relays and safety PLCs, offers over 50% cost advantage in the long term despite initial engineering investment.
- Critical Turning Point: The main barrier to market transformation is not technical, but the transfer of “Safety Case” preparation responsibility from the supplier to the integrator, and the acceptance of this new model by the end user (Authority).
Market Structure and Product Ecosystem
Relays used in railway safety should be evaluated in three main categories according to certification and design philosophy.
Product Categorization Matrix
|
Category |
Definition |
Typical Examples |
SIL 4 Compliance |
Supply Risk |
|---|---|---|---|---|
|
Component-Level |
Self-monitored, “smart” units that require no additional circuitry. |
Clearsy RS4 |
✅ Certified standalone |
🔴 High (Monopoly) |
|
System-Level |
Industrial relays with forcibly guided contacts, requiring external monitoring. |
Arteche FF, Dold OA, Finder 7S |
⚠️ Achieved via architectural design |
🟢 Low (Multi-source) |
|
Legacy |
Gravity fail-safe mechanical relays based on old national standards. |
Mors Smitt N.S1 |
❌ Not suitable for modern CENELEC projects |
🟡 Medium (Rare parts) |
Player Analysis: Monopoly vs. Alternatives
Relay technologies in the railway signaling market are divided into two main classes based on the source of their safety mechanisms. This distinction directly determines procurement strategy and engineering workload.
Vital Relays (Component-Level Solution)
Representative: Clearsy RS4 Series. This product group, considered the market’s “comfort zone,” guarantees safety through physical laws.
- Technical Basis: Gravity Fail-Safe. When coil power is cut, contact opening relies on gravity and mass, not spring force.
- Certification: Component is SIL 4 certified standalone.
- Commercial Characteristic: Very high unit cost and full dependency on a single source (Monopoly).
Industrial Safety Relays (Building Blocks)
Representatives: Arteche FF, Dold OA, Finder 7S Series. These components are the “bricks” of system-level architecture.
- Technical Basis: “Forcibly Guided Contacts” structure compliant with EN 61810-3 and spring return mechanism.
- Limitation: Not SIL 4 on their own. Require active external monitoring (PLC Readback) against contact welding risk.
- Commercial Characteristic: Low unit cost and multiple supplier alternatives.
System-Level Architecture (Strategic Alternative)
This approach is not a product, but an engineering methodology.
- Philosophy: Safety by Design.
- Implementation: Multiple industrial safety relays are combined in a redundant architecture (e.g., 1oo2).
- Safety Layer: Software compensates for hardware limitations. With a “Readback Loop” established via the safety PLC, the system achieves a safety level equivalent to component-level SIL 4 relays.
Architectural Paradigm: Where Is Safety Located?
The fundamental difference between the two approaches is whether safety is confined to a purchased physical component or distributed across the entire system design.
Approach A: Component-Level Safety (Clearsy Model)
This model is based on the “Certified Black Box” principle.
- Intrinsic Monitoring: All diagnostics, redundancy, and safety logic are embedded inside the sealed unit before leaving the factory.
- Integrator’s Role Is Passive: The integrator only sends “On/Off” commands. There is no need to consider contact welding, coil health, or internal mechanisms. The product handles this internally (“Self-Checking”).
- Result: Safety is purchased as a “Product.”
Approach B: System-Level Safety (Engineering Model)
This model is based on the “Architectural Oversight” principle.
- Extrinsic Monitoring: Safety is not in the relay itself, but in the PLC software that controls it. Standard industrial relays are used, but not left “unattended.”
- Integrator’s Role Is Active: The integrator must establish a mechanism called a “Readback Loop.” Before issuing a “Pull” command to the relay, the PLC physically checks whether the relay has successfully reset (contact released) from the previous command.
- Result: Safety is built as a “Process.”
Summary Comparison: Responsibility Matrix
The table below summarizes the technical and operational responsibility differences between the two approaches:
|
Criterion |
Clearsy (Component-Level) |
Industrial (System-Level) |
|---|---|---|
|
Source of Safety |
Embedded in the product |
In the architecture (external) |
|
Feedback |
Internal (invisible to user) |
External (wired to PLC DI card) |
|
Diagnostics |
Automatic / Hardware-based |
Software-based (PLC code & logic) |
|
Wiring Complexity |
Low (coil only) |
High (coil + NC contact feedback) |
|
Responsible Party |
Manufacturer (Clearsy) |
Integrator Engineer |
Economic Analysis and Break-Even Point (TCO)
A 5-year projection based on an annual need for 1,000 safety functions reveals the dramatic cost difference between the two approaches.
Cost Data
|
Cost Item |
Clearsy (Component-Level) |
Industrial + Eng. (System-Level) |
|---|---|---|
|
Unit Relay Cost |
~500 € |
~100 € |
|
Required Quantity (per function) |
1 unit |
2 units (1oo2 architecture) |
|
Hardware Cost (Annual) |
500,000 € |
200,000 € |
|
Initial Investment (Engineering & ISA) |
0 € (included in product price) |
~50,000 € (one-time) |
TCO Break-Even Analysis
The following chart shows how quickly the System-Level approach amortizes its initial engineering cost and the financial advantage it provides in the medium term.
As seen in the chart, the System-Level approach (Blue Line) starts higher due to the one-time engineering cost, but thanks to dramatically lower unit costs, it surpasses the break-even point within the first year and delivers ~1.45 Million € savings by the end of year 5.
Strategic Recommendations
In light of the current market situation and economic analysis, the following hybrid transition strategy is recommended for integrator companies:
- Short Term (Defensive): Continue using Clearsy in cases of customer insistence or project urgency. This minimizes “project risk.”
- Medium Term (Preparation): Implement Arteche/Dold-based system architecture in pilot projects and mature the “Safety Case” documentation. Obtain ISA (Independent Safety Assessor) approval at this stage.
- Long Term (Breakthrough): Once the system architecture is mature and approved, standardize it for all high-volume projects. This will maximize the company’s competitiveness and profitability.
Conclusion
The use of component-based SIL 4 relays (Clearsy model) in railway signaling is not a technical necessity, but a commercial “comfort zone” preference. For organizations with high engineering capability, the System-Level approach provides not only significant cost advantage but also supply chain independence and strategic flexibility.
The key to transformation is not the technical perfection of the solution, but the ability to convincingly demonstrate its reliability to the customer (with a Safety Case and ISA approval).
Brands like FEST, previously active in Turkey, have competed by introducing such relays to the market. Today, this process can certainly be advanced again with a new brand and initiative.
📎 Related Resources
📋 Technical Deep Dive
→ Vital vs. Forcibly Guided: Engineering Analysis of Relay Technologies
Last update: January 2026 | Version: 1.0