Trusted Real-Time Performance for Mission-Critical Industrial Systems

Building a Certifiable FSoE-Enabled EtherCAT Platform

In modern industrial automation, the need for deterministic communication, functional safety, and mixed-criticality system consolidation continues to accelerate. Applications in robotics, motion control, transportation, and smart manufacturing require not only high-performance networking but also a certifiable safety architecture capable of operating under stringent industrial standards.

Acontis Technologies, ISIT and SYSGO have jointly developed a comprehensive solution that bridges these requirements by combining Functional Safety over EtherCAT (FSoE), a certified communication stack, and the PikeOS real-time operating system and hypervisor. This collaboration delivers an end-to-end, certifiable platform for mission-critical embedded systems.

EtherCAT and Functional Safety: A Perfect Match for modern Automation

EtherCAT is widely deployed because of its outstanding real-time capabilities, low jitter, and scalability. For safety-critical environments, the Functional Safety over EtherCAT (FSoE) protocol extends EtherCAT with robust SIL-rated safety communication defined by IEC 61784-3-12.

A key enabler is the black-channel principle, which ensures the integrity of safety data independently of the underlying transport medium. With FSoE, no additional certification is needed for the standard EtherCAT stack, Ethernet hardware, or fieldbus application layers. This leads to enormous reductions in certification cost, integration effort, and time-to-market.

FSoE’s design delivers:

• End-to-end data protection between safety components
• Hardware- and OS-agnostic implementation flexibility
• Strict separation between safety and non-safety communication
• SIL-compliant mechanisms based on IEC 61784-3

This system design allows system integrators to reuse proven EtherCAT infrastructure while achieving certifiable functional safety up to SIL 3.

Certified FSoE Stack: ISIT’s Safety-focused Approach

ISIT contributes a SIL 3-certified FSoE communication stack, developed according to IEC 61508 and designed for industrial-grade communication reliability. 

Key characteristics include:

• Certified up to SIL 3 with extensive safety documentation
• Master and slave components available as modular building blocks
• Seamless integration with EtherCAT masters and simulators
• Robust early-stage simulation and system validation tools
• Support for flexible network architectures

Beyond the stack, ISIT provides consulting, cybersecurity expertise (IEC 62443), and development services, enabling OEMs to build secure and certifiable systems with reduced development risk.

Acontis EC-Master: High-Performance EtherCAT for Mission-Critical Systems

Acontis’ EC-Master is deployed in more than 1.5 million devices worldwide across robotics, semiconductor manufacturing, power systems, aerospace, and medical equipment. 

For the FSoE solution, EC-Master delivers:

• Sub-microsecond jitter and highly deterministic cycle times
• Support for 120+ hardware/OS platforms
• Direct sub-device to sub-device communication, required for FSoE
• Advanced diagnostics and monitoring tools (EC-Monitor, EC-Inspector)
• Black-channel readiness verified by the EtherCAT Technology Group
• Redundancy support (cable + main device) to minimize single-point failures

For complex systems such as industrial robots or railway controllers, these capabilities ensure operational reliability and predictable timing—both essential foundations for functional safety.

PikeOS: Safety-certified RTOS and Hypervisor for Mixed-Criticality Designs

SYSGO’s PikeOS forms the architectural backbone of the solution. As a certifiable real-time OS and separation kernel hypervisor, PikeOS meets the highest levels of IEC 61508 (up to SIL 3/4) and supports separation between safety-critical and non-critical components.

Key PikeOS Capabilities

• Spatial and temporal separation using partitions
• Mixed-criticality consolidation on a single multi-core processor
• RTOS performance for deterministic control tasks
• Hardware-virtualized guest OS environments, including Linux, ELinOS, Android, Windows, …
• Certifiable networking, file systems, and POSIX APIs
• Modular, certifiable architecture with reusable certification artifacts

This separation-kernel approach allows the FSoE safety domain to operate independently from the standard EtherCAT stack running inside a Linux guest—without interfering with each other.

Integrating the Full Stack: Architecture Overview

The joint solution integrates the three technologies on hardware such as the NXP i.MX8MP:

• Linux guest (hosted by PikeOS hypervisor) running Acontis EC-Master
• PikeOS native partitions hosting ISIT’s SIL-certified FSoE stack
• Queuing ports enabling safe inter-partition communication
• Black-channel implementation ensuring end-to-end safety guarantees
• Shared HMI through a Linux-based graphical interface

This architecture delivers:

• Deterministic EtherCAT communication
• Certified FSoE safety logic
• Mixed-criticality isolation
• Flexible platform-level scalability

Together, these components create a de-risked, certifiable system that can pass audits and accelerate industrial deployments.

Industrial Use Cases

The combined platform is ideal for demanding industrial environments such as:

• Collaborative Robots (Cobots): 
  High-speed motion control with SIL-rated safety responses and integrated vision systems.
• Virtual PLC and Software-Defined Controllers: 
  Consolidation of PLC logic, safety tasks, and non-critical services into a single multi-core embedded controller.
• Intelligent 3D Safety Camera Systems: 
  Real-time perception with safe decision-making pipelines using isolated safety and AI partitions.
• High-Voltage Switchgear and Remote I/O Control: 
  Reliable monitoring of distributed assets with guaranteed safety communication paths.

The architecture’s flexibility means industries can build advanced features—AI, HMI, analytics—without compromising deterministic safety operations.

Conclusion

The combination of SYSGO's PikeOS, Acontis' EC-Master, and ISIT’s SIL-certified FSoE stack results in a robust platform designed for mission-critical industrial environments. By leveraging a separation-kernel architecture, the black-channel approach, and proven EtherCAT technologies, the solution dramatically reduces certification effort, integration complexity, and system risk.

This collaborative technology stack provides:

• Certifiable real-time performance
• Mixed-criticality system consolidation
• SIL-compliant safety communication
• Hardware-agnostic portability
• Reduced development time and cost

For OEMs, integrators, and industrial automation designers, this platform represents a powerful foundation for the next generation of safe, connected, and intelligent industrial systems.