Automatic Train Operation

Railway networks are under pressure to carry more passengers, reduce energy consumption, and operate with greater precision — all while maintaining the highest standards of safety. Human-driven train operation is increasingly a constraint, not an asset.

The risk? Automation programmes that underestimate the complexity of ATO certification, cybersecurity, and the path to Grade of Automation 4 on national networks.

The solution: A clear-eyed understanding of what ATO involves technically, operationally, and from a safety assurance perspective.

From Assisted to Autonomous — the Path is Navigable.

This white paper examines the state of Automatic Train Operation today and what it will take to bring fully autonomous rolling stock to mainline networks — covering the technology, the standards, and the critical role of cybersecurity.

What Makes This Approach Different

• Clarifies the relationship between ATO and ETCS — and why they are complementary, not competing

• Addresses GoA 4 directly and what it will require from a systems and certification perspective

• Integrates cybersecurity considerations throughout, not as an add-on

• Draws on Critical Software's direct experience in ATO certification activities

What's Inside This White Paper

• How ATO is currently deployed across urban and mainline railway environments

• The efficiency, capacity, and emissions benefits already being realised

• The relationship between ATO and the European Train Control System (ETCS)

The Road to Full Automation

• The Grades of Automation framework and what each level means operationally

• Grade of Automation 4: what it requires technically and why mainline deployment is complex

• The systems engineering challenges of moving from supervised to unsupervised operation

Safety and Certification

• The CENELEC standards framework applicable to ATO systems

• How to structure certification activities to reduce programme risk

• How Critical Software supports certification across the ATO development lifecycle

Cybersecurity in Automated Rail

• Why increased automation expands the attack surface of rolling stock systems

• The cybersecurity risks introduced at each level of automation

• Integrating IEC 62443 and railway-specific security requirements into ATO programmes

Who Should Read This

• Systems engineers and architects working on ATO or ETCS programmes

• Safety and certification leads managing GoA upgrades

• Cybersecurity engineers responsible for automated rolling stock

• Programme managers at operators, OEMs, and rail technology integrators