<Back to DO-254 Guide

 

Design Assurance Levels (DAL) in DO-254

Understanding DAL A Through DAL E for Airborne Electronic Hardware

Design Assurance Levels (DALs) are one of the foundational concepts within DO-254 certification. They define the level of rigor required during the development and verification of airborne electronic hardware based on the potential effect a hardware failure could have on aircraft safety.

For FPGA-based avionics and airborne systems, the assigned DAL directly affects:

• Verification rigor
• Traceability expectations
• Review independence
• Configuration management
• Certification evidence
• Coverage analysis
• Process assurance activities
• Audit expectations

Understanding DAL classification is critical for aerospace and defense companies developing certifiable airborne electronic hardware.

What Is a Design Assurance Level (DAL)?

A Design Assurance Level is a classification assigned to airborne systems, software, or hardware according to the severity of failure conditions that could result from malfunction or incorrect behavior.

In DO-254, DALs range from:

• DAL A (most critical)
   to
• DAL E (least critical)

The higher the DAL, the greater the certification rigor required.

DALs are derived from system safety assessments performed at the aircraft or system level. Hardware developers typically receive the assigned DAL as part of the system requirements and certification basis.

The Five DO-254 Design Assurance Levels

DAL A — Catastrophic Failure Condition

DAL A represents the highest level of certification rigor.

A hardware failure condition classified as catastrophic could contribute to:

• loss of aircraft
• loss of life
• inability to continue safe flight and landing

DAL A airborne electronic hardware requires the most stringent DO-254 objectives, including:

• extensive verification
• high traceability rigor
• strong configuration management
• verification independence
• comprehensive certification evidence
• detailed review activities
• robust process assurance

DAL A FPGA systems are common in:

• flight control systems
• critical display systems
• flight management systems
• engine control systems
• safety-critical processing systems

DAL B — Hazardous / Severe-Major Failure Condition

DAL B hardware failures could contribute to hazardous or severe-major aircraft conditions.

Potential effects may include:

• serious crew workload increase
• significant reduction in safety margins
• physical distress to occupants
• major operational disruption

DAL B still requires substantial certification rigor, though typically with slightly reduced requirements compared to DAL A.

DAL B programs commonly require:

• requirements-based verification
• traceability
• verification independence
• coverage analysis
• strong review processes

Many mission-critical FPGA systems fall into DAL B classifications.

DAL C — Major Failure Condition

DAL C hardware failures may contribute to major aircraft operational issues, but are less severe than hazardous or catastrophic failures.

Possible impacts may include:

• increased crew workload
• operational difficulties
• passenger discomfort
• reduced safety margins

DO-254 DAL C programs still require disciplined development and verification processes, though the overall certification burden is lower than DAL A or DAL B.

DAL C FPGA systems often include:

• monitoring systems
• support avionics
• data handling systems
• non-flight-critical processing systems

DAL D — Minor Failure Condition

DAL D hardware failures are considered minor in effect.

Potential impacts may include:

• small operational inconveniences
• minor crew workload increase
• limited operational impact

DO-254 objectives for DAL D are reduced compared to higher DAL programs, though disciplined engineering practices are still expected.

DAL E — No Effect

DAL E systems have no effect on operational safety if failures occur.

DO-254 compliance is generally not required for DAL E systems because the failure condition does not impact aircraft safety.

How DALs Affect DO-254 Certification

The assigned DAL dramatically changes the required certification effort.

Higher DALs increase:

• verification rigor
• documentation requirements
• lifecycle traceability
• independence expectations
• audit scrutiny
• process assurance activities
• certification evidence

This means a DAL A FPGA program may require significantly more engineering effort than a DAL C or DAL D program.

The differences are not simply paperwork. Higher DAL programs require deeper verification confidence and stronger objective evidence.

DAL A FPGA Certification Challenges

DAL A FPGA certification is often considered one of the most difficult certification efforts in airborne electronic hardware development.

Several factors contribute to this challenge:

Verification Complexity

Modern FPGA systems may contain:

• millions of logic gates
• multiple clock domains
• embedded processors
• high-speed interfaces
• third-party IP
• complex state machines

Each element must be verified thoroughly against approved hardware requirements.

Traceability Requirements

DAL A programs require extremely strong traceability across:

• requirements
• design
• implementation
• verification
• certification evidence

Incomplete traceability can create major certification risk.

Independence Requirements

Higher DAL programs require increased verification independence.

This means verification activities and reviews may need to be performed by personnel independent from the original development activities.

Coverage Analysis

Coverage analysis becomes increasingly important for higher DAL programs.

Certification authorities expect confidence that:

• requirements are fully verified
• tests adequately exercise the design
• unverified functionality is understood
• unexpected logic behavior is identified

Configuration Management

Strict configuration control is required to ensure:

• certification evidence matches the implemented design
• changes are controlled
• baselines are preserved
• tool versions are documented
• verification environments remain reproducible

DAL Assignment Process

Hardware developers do not usually assign DALs independently.

DAL assignment originates from:

• aircraft functional hazard assessments
• system safety assessments
• certification authority guidance
• system-level failure condition analysis

The system-level safety process determines how severe a hardware failure could be at the aircraft level.

The resulting DAL then flows down into:

• software
• hardware
• FPGA systems
• integrated avionics subsystems

FPGA Complexity and DAL Impact

As FPGA complexity increases, achieving higher DAL objectives becomes more difficult.

Challenges increase when FPGA designs include:

• embedded CPUs
• high-speed transceivers
• AXI interconnects
• large IP integration
• dynamic interfaces
• video processing
• DDR memory controllers
• advanced timing architectures

Complex FPGA systems often require:

• larger verification environments
• advanced testbench architectures
• longer simulation runtimes
• more sophisticated traceability methods
• stronger regression testing approaches

Verification Expectations by DAL

Verification rigor increases substantially across DAL levels.

Typical differences may include:

Activity	DAL A	DAL B	DAL C
Requirements-based verification	Extensive	Extensive	Required
Verification independence	High	Moderate	Reduced
Traceability rigor	Very High	High	Moderate
Coverage analysis	Extensive	Significant	Limited
Review rigor	Very High	High	Moderate
Certification evidence	Comprehensive	Extensive	Reduced

The exact objectives depend on the certification strategy and system context.

DAL and Certifiable FPGA IP

When integrating certifiable FPGA IP into airborne systems, the assigned DAL remains extremely important.

The DAL affects:

• reusable certification evidence
• verification expectations
• integration requirements
• traceability obligations
• review activities
• certification authority expectations

For example, DAL A integration may require significantly more system-level verification than DAL C integration.

This is why understanding DAL applicability is essential when selecting FPGA IP for airborne applications.

DO-254 DAL Compliance Best Practices

Successful DAL-based certification programs often include:

Early Verification Planning

Verification strategy should begin early in development rather than after implementation.

Strong Requirements Definition

Poor requirements create major downstream verification and traceability problems.

Controlled Design Changes

Late HDL or requirements changes can significantly impact certification evidence and coverage closure.

Continuous Traceability

Traceability should be maintained throughout development rather than reconstructed near certification.

Independent Reviews

Independent review activities help identify certification gaps earlier.

Structured Verification Environments

Well-designed testbenches and regression environments improve repeatability and coverage confidence.

LogiCircuit DAL Support Services

LogiCircuit supports aerospace and defense companies developing FPGA-based airborne electronic hardware across multiple Design Assurance Levels.

Our services include:

• DAL A FPGA support
• DAL B verification support
• DO-254 consulting
• requirements traceability
• verification planning
• certification evidence preparation
• FPGA verification
• certifiable FPGA IP integration
• audit support
• IV&V support

We help customers align engineering execution with the rigor expected for their assigned certification level.

Why DAL Understanding Matters

Design Assurance Levels are not simply labels within DO-254. They define the rigor, discipline, and certification confidence expected throughout the airborne electronic hardware lifecycle.

Understanding DAL expectations early helps organizations:

• reduce certification risk
• improve planning accuracy
• avoid verification gaps
• manage certification costs
• improve audit readiness
• reduce late-stage rework

For FPGA-based airborne systems, proper DAL execution is often one of the most important factors in achieving successful certification outcomes.

Start Your Path to Certification Today

 

1. Call or Email

Let us know your questions, or schedule an introductory discussion.
We would love to see how we can help you.

770-887-7293

info@logicircuit.com

 

2. Allow us to create a customized plan.

Whether you need a full-service solution, DO-254 certifiable IP, or a combination of the two that’s somewhere in-between, we can put together a plan that’s just right for you.

3. Let's execute that plan together.

Our aim is to free you from the burden of the compliance process so you can put your focus fully back on your project. Gain peace of mind knowing compliance is done.