Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC 62566: HDL-Programmed Integrated Circuits for Nuclear Power Safety Systems
IEC Standard Explained — Engineering Insights for Professionals
Key Insight: IEC 62566 establishes requirements for developing HDL-programmed integrated circuits (HPDs) used in nuclear power plant systems performing category A safety functions, the most critical safety classification.
1. Scope and Lifecycle Requirements
IEC 62566 addresses the development of Hardware Description Language (HDL) programmed devices including FPGAs, CPLDs, and ASICs for nuclear I&C systems performing category A functions. Category A encompasses systems whose failure could lead to accidents with severe radiological consequences, demanding the highest levels of design rigor and verification. The standard covers the entire lifecycle from requirements specification through design, verification, validation, and configuration management.
The lifecycle model parallels IEC 61513 and IEC 60880 requirements for software-based systems but adapts them specifically for hardware description languages. Key phases include: HPD requirements specification, component acceptance, design and implementation, verification and validation, and integration into the overall I&C architecture.
| Phase | Key Activities | Outputs |
|---|---|---|
| Requirements specification | Functional requirements, fault detection, deterministic design | HPD requirements specification document |
| Component acceptance | Documentation review, operating experience, blank IC selection | Acceptance justification report |
| Design & implementation | HDL coding, defensive design, testability | HDL source code, design documentation |
| Verification & validation | Simulation, static analysis, formal methods | V&V report |
| Integration | System integration testing, configuration management | Integration test report |
Critical Requirement: Category A HPDs must implement defensive design techniques including separation of safety and non-safety functions, diverse redundancy, and deterministic behavior under all operating conditions.
2. Defensive Design and Verification
The standard mandates defensive design principles throughout the HPD development process. This includes avoiding latches where possible, implementing synchronous design methodologies (with asynchronous paths minimized and formally verified), comprehensive power management, and deterministic initialization sequences. HDL coding rules must prevent ambiguous constructs that could lead to synthesis mismatches between simulation and actual hardware behavior.
Verification requirements include:
- Dynamic simulation covering normal, abnormal, and boundary conditions
- Static code analysis for coding rule compliance
- Formal equivalence checking between RTL and gate-level implementations
- Timing analysis under worst-case conditions (voltage, temperature, process corners)
- Fault injection testing to validate fault detection and tolerance mechanisms
Best Practice: Use Electronic System Level (ESL) tools for high-level requirements capture and automated interface with design tools. This bridges the gap between system-level specifications and HDL implementation while maintaining traceability.
3. Acceptance Process for Pre-Developed Components
IEC 62566 introduces structured acceptance procedures for pre-developed components, including intellectual property (IP) cores, native blocks, and purchased programmable ICs. The acceptance process requires: thorough documentation review, operating experience assessment, and specific verification related to the blank integrated circuit’s suitability for safety applications. Any modifications to accepted components require re-validation through a defined modification process.
Configuration management is particularly emphasized, requiring unique identification of each HPD version, management of tool versions (synthesis, simulation, analysis tools), and strict control of the bitstream or programming file generation process.
The standard also addresses tool qualification requirements for synthesis, simulation, and analysis tools used in HPD development. Tools must be qualified for their intended use, with documented evidence of correct operation. Any tool updates or patches require re-qualification to ensure that changes do not introduce defects that could affect safety function performance. This rigorous approach to tool management is essential for maintaining design integrity throughout the product lifecycle.
Independent assessment is another key requirement of IEC 62566. The verification and validation activities must be performed by personnel independent from the design team, with organizational independence commensurate with the safety significance of the HPD. This ensures objective evaluation of the design and its documentation, identifying potential defects that the design team might overlook due to familiarity or assumption bias. The independence requirements apply to all V&V activities including simulation, analysis, and test witnessing.
4. Frequently Asked Questions
❓ Does IEC 62566 apply to both FPGAs and ASICs?
Yes, the standard applies to any HDL-programmed integrated circuit, including FPGAs, CPLDs, and ASICs used in category A nuclear safety systems.
❓ How does this standard relate to IEC 60880?
IEC 62566 complements IEC 60880 (software for nuclear safety systems) by addressing hardware description languages and programmable logic devices, which have different failure modes and verification requirements than software.
❓ What HDL languages are covered?
The standard is language-agnostic but primarily addresses VHDL and Verilog/SystemVerilog, requiring coding rules that prevent synthesis mismatches and ambiguous constructs.
❓ Is third-party IP core use permitted?
Yes, but with rigorous acceptance testing including documentation review, operating experience analysis, and verification that the IP core meets the same reliability standards as internally developed HPDs.
