Railway Signaling Relay Selection: Critical Differences Between Vital and Industrial Safety Relays

Muhammet Işık

“Gravity Never Fails”: The Physical Foundations of SIL 4 Relay Technology

Can high-security industrial relays be used in interlocking systems? Or are only system-level certified SIL 4 relays permitted? This question highlights a widespread conceptual confusion in the industry. The answer is not simple: “usage is subject to specific conditions.”

Theoretical Background

The Two Worlds of Safety Relays

Relay selection in railway safety depends on design philosophy and certification. There are two main categories:

Category

Principle

Examples

Standalone SIL 4?

Vital Relays

Gravity + Carbon Contact

Mors Smitt N.S1, Clearsy RS4

✅ Yes

Industrial Safety Relays

Forcibly Guided (EN 61810-3)

Finder 7S, Dold OA, Hengstler

❌ No (Can be part of a system)

Vital Relays

These relays are the “gold standard” of railway signaling, based on a century of engineering heritage.

Gravity Fail-Safe (e.g., Mors Smitt N.S1):

  • When coil power is cut, contact opening relies on gravity, not spring force
  • Springs can break, gravity never fails
  • Therefore, relays must always be mounted in a specific orientation

Carbon-Silver Contact Technology (e.g., Clearsy RS4):

  • One contact tip is silver, the other is carbon (graphite)
  • Carbon does not weld to silver → “Weld-No-Transfer” guarantee
  • Contact welding becomes physically almost impossible

Industrial Safety Relays: Forcibly Guided Principle

Relays produced according to EN 61810-3 (formerly EN 50205) follow a different safety strategy. Companies like Dold, Finder, and Arteche offer such relay products.

Mechanical Linkage Principle:

  • NO (Normally Open) and NC (Normally Closed) contacts are mechanically linked
  • If an NO contact welds, the mechanical linkage physically prevents the NC contact from closing and the system from entering an unsafe state
  • At least 0.5mm gap guarantee
⚙️ INDUSTRIAL RELAY
⚡ Coil De-energized🌀 Contact Pushed by SPRING Force
⚠️ Contact Welded?
✅ Contact OPENS
(Normal State)
❌ NC Contact Stays OPEN(Mechanical Failure)🚨 PLC Detects andLOCKS the SystemNOYES!
🔒 VITAL RELAY
⚡ Coil De-energized⬇️ Armature Drops by GRAVITY✅ Carbon-Silver Contact Opens
SAFE STATE

Problem Definition

Field Scenario: Relay Selection in Interlocking (and SIS) Panels

An EPC contractor is selecting relays for a HIMA-based electronic interlocking project. Two options are on the table:

Option

Product

Unit Cost

Requirement

A

Clearsy RS4 (Vital)

~500€

Standalone SIL 4, no feedback required

B

Finder 7S (Industrial)

~100€

PLC monitoring + redundant architecture

Cost Difference: ~5x

Critical Question: Can Option B be used?

Root Cause Analysis

Why Are Industrial Relays Not Standalone SIL 4?

Parameter

Vital Relay

Industrial Relay

Weld Prevention

Physical

None (Spring return)

Fault Detection

Internal

External (PLC read)

Mounting Direction

Gravity Relays: Vertical Only

Any direction

Diagnostic Coverage

Up to 100%

Depends on external system

Conclusion: Industrial relays are not standalone SIL rated. However, in an architecture with diagnostic coverage of 99% (1oo2 redundancy + feedback), they can be part of a SIL 4 system.

Architectural Solution and Operational Logic

There are two different safety architectures in the market. One is based on “buying safety,” the other on “building safety.”

Option A: Component-Level Architecture

Representative: Clearsy RS4 Series

This approach is based on the “Certified Black Box” principle. The relay is a sealed unit designed to SIL 4 requirements during manufacturing, with internal redundancy and self-testing capability.

  • Operating Principle: The integrator connects the relay like a standard industrial relay. The safety case is provided by the manufacturer.
  • Wiring: Only coil and contact terminals are connected. No external feedback wiring or special PLC monitoring software is needed.
  • Internal Mechanism: The relay’s microcontroller or gravity principle continuously monitors contact welding risk. On fault detection, the relay switches to safe state.

Commercial Summary:

  • Plug-and-Play: Minimal engineering and ISA approval process.
  • Cost: Very high unit cost (~500€).
  • Dependency: Full reliance on a single supplier (Monopoly).

Option B: System-Level Architecture

Representatives: Arteche, Finder, Dold (Forcibly Guided Relays)

This approach aims to achieve SIL 4 level by combining standard industrial components with smart “Architectural Design.” Safety is not in a single component but in the overall circuit.

  • Operating Principle: Instead of a single relay, two “Forcibly Guided” relays are connected in series (1oo2 Structure).
  • Wiring and Monitoring:
  1. Series Connection: Contacts of two relays are connected in series to the load. If one welds, the other can still break the circuit for safety.
  2. Feedback (Readback): The NC contacts of the relays are connected to the PLC’s DI card.
  • PLC Software (EDM): The safety PLC checks the NC contacts before energizing the relay. If the relay appears closed while de-energized (welded), the system does not energize and generates an alarm.

Commercial Summary:

  • Cost Effective: Unit cost is ~100€ (~80% savings).
  • Flexibility: Any EN 50205 compliant relay can be used.
  • Engineering Load: Circuit design, wiring, and safety case proof are the integrator’s responsibility.

Conclusion and Industry Lessons

Decision Matrix

Scenario

Recommended Solution

Rationale

Small project, fast approval

Clearsy RS4

Minimize engineering effort

Large project, cost critical

Finder/Arteche + Design

Optimize TCO

Legacy system modernization

Clearsy RS4

Direct replacement of vital relay

New PLC-based design

Finder/Dold + Readback

PLC already provides monitoring

Key Points

  1. “SIL 4 Relay” ≠ “SIL 4 System”: A single component can be SIL 4, but system integrity is a separate matter.
  2. Gravity vs. Spring: Vital relay safety is based on physical principles; industrial relays require external monitoring.
  3. Cost-Responsibility Trade-off: Cheap component = Expensive engineering. Expensive component = Easy certification.
  4. Monopoly Risk: Component-level SIL 4 market is almost fully dependent on a single supplier (Clearsy).

References

  • EN 61810-3: Electromechanical elementary relays – Relays with forcibly guided contacts
  • EN 50129: Railway applications – Communication, signalling and processing systems – Safety related electronic systems for signalling
  • Mors Smitt N.S1 Technical Documentation
  • Clearsy RS4 Datasheet
  • HIMA SILworX Application Notes

📎 Related Resources

📋 Procurement Strategies and Market Dynamics

Strategic Analysis: CENELEC SIL 4 Relay Procurement Strategies and Market Dynamics in Railway Signaling

Last update: January 2026 | Version: 1.0