Ethernet networks in railway applications are no longer just a simple communication layer. Increasingly, they are responsible for CCTV monitoring, passenger information systems, onboard Wi-Fi, telemetry, diagnostics, communication between devices, remote supervision and data exchange between elements of transport infrastructure. The more functions depend on stable data transmission, the more important it becomes to select the right network device.

This is why railway projects increasingly raise the question: is a standard industrial switch enough, or is an EN50155-compliant railway switch required? The answer depends on the application, installation location and project requirements. If the device is to operate in a rail vehicle, in an onboard system, near transport infrastructure or in an environment exposed to vibration, shock, electromagnetic interference and variable temperatures, a standard industrial switch may not be sufficient. In such conditions, a much safer choice is a switch compliant with EN50155, designed specifically for the requirements of railway transport.

NIS2 and CRA. A new context for network infrastructure in railway

The NIS2 Directive and the Polish amendment to the regulations on the National Cybersecurity System strengthen the emphasis on the security of information systems in strategic sectors, including transport. Materials from the Ministry of Digital Affairs indicate that NIS2 covers essential and important entities operating, among others, in the transport sector, and the new regulations require them to apply appropriate technical and organisational measures to increase the security of IT systems.

The Cyber Resilience Act goes even further towards the cybersecurity of products with digital elements. The act entered into force on 10 December 2024, reporting obligations are to begin applying from 11 September 2026, and the main obligations from 11 December 2027.

This does not mean that NIS2 or CRA directly require the use of EN50155 railway switches. Such a simplification would be imprecise. It does mean, however, that designers, integrators and infrastructure operators will increasingly analyse the security, manageability, resilience, documentation, updates and predictability of network components. And this directly concerns Ethernet switches used in railway systems.

How does a railway switch differ from a standard industrial switch?

A typical industrial switch may work well in a control cabinet, production hall or classic Ethernet application. Railway, however, imposes additional requirements. Devices installed in rolling stock or transport systems must operate in conditions where vibration, temperature changes, EMC interference, limited service access and the need for continuous operation are present.

An EN50155 railway switch is designed precisely for such an environment. In practice, it is not only about data transmission itself, but about connection stability, mechanical resistance, power supply reliability, diagnostic capability and predictable device behaviour under difficult operating conditions. Connectors are also important. In railway applications, M12 connectors are often used because they provide a more stable mechanical connection in environments exposed to vibration. Compared to standard RJ45, the M12 connector is better suited to onboard installations, rail vehicles and transport infrastructure, where accidental loosening of a cable can lead to communication problems.

EN50155 as a practical selection filter for a switch

A switch compliant with EN50155 should be treated as a practical selection filter for a device intended for railway applications. EN50155 indicates that the device has been designed for operation in a railway environment, where temperature, power supply, environmental resistance and operational stability are important.

In practice, when selecting a railway switch, several elements should be considered:

  • operating temperature range,
  • resistance to vibration and shock,
  • electromagnetic compatibility,
  • connector type, e.g. M12,
  • ability to operate with power supply used in transport applications,
  • redundancy functions,
  • VLAN, QoS and traffic control,
  • diagnostics and alarms,
  • secure management,
  • technical documentation and manufacturer certificates.

Only the combination of these features shows why a standard industrial switch is not always the right choice for railway applications.

Cybersecurity as an increasingly important element in railway switch selection

In the context of NIS2 and CRA, not only the physical resistance of the device is becoming increasingly important, but also the way the network is managed. A modern railway switch should enable traffic segmentation, access control, event monitoring and fast diagnostics. In practice, functions such as VLAN, QoS, IGMP Snooping, ACL, SNMP, LLDP, port mirroring, logs, alarms, HTTPS, SSH and support for users with different permission levels are highly important. These functions help organise communication, reduce uncontrolled traffic, separate critical systems from less important ones and diagnose failures faster. In railway applications this is particularly important because different types of systems may operate in one network, such as video monitoring, passenger information, Wi-Fi, diagnostics, telemetry, auxiliary systems and devices responsible for technical communication. Without segmentation and traffic control, such a network may be harder to maintain, less transparent and more susceptible to operational problems.

IEC 62443-4-1 certificate for 3onedata Secure Development Process

When choosing 3onedata railway switches, it is worth looking more broadly than just at compliance with the EN50155 standard. In railway infrastructure projects, not only the device’s resistance to difficult operating conditions is becoming increasingly important, but also how the manufacturer approaches cybersecurity already at the product design and development stage.

This is where 3onedata gains an additional, very strong argument. The manufacturer has received a TÜV SÜD certificate in the area of Industrial Cyber Security Capability for Process Capability Assessment. The certificate covers Secure Development Process for 3onedata V1.0.0 compliant with IEC 62443-4-1:2018, with maturity level ML2. This means that cybersecurity is not treated merely as a single feature in the switch software, but as an element of the entire product development process.

This is important especially in the context of NIS2, CRA and the growing responsibility for supply chain security. The certified development process includes, among others, security management, defining security requirements, secure by design engineering, secure implementation, verification and validation testing, vulnerability handling, security updates and guidelines for users.

For integrators, designers and investors, this means a real advantage when selecting a supplier. A railway switch is no longer just an Ethernet network component, but becomes part of critical infrastructure that must be resilient not only environmentally, but also organisationally and procedurally. Therefore, in the case of 3onedata railway series, the argument is not only the EN50155 standard, but also the TÜV SÜD-confirmed approach of the manufacturer to secure product development in accordance with IEC 62443-4-1:2018.

3onedata TNS5500 and TNS5800 railway switches in the Consteel Electronics offer

The Consteel Electronics offer includes EN50155 railway switches, including the 3onedata TNS5500 and TNS5800 series. These are solutions designed for demanding transport applications where environmental resistance, manageability and stable Ethernet communication are important.

The TNS5500 series consists of 12-port managed Layer 2 switches designed for railway applications. They support gigabit M12 ports and 100M M12 ports, are optionally available in PoE versions, support SW-Ring technology with network recovery time below 20 ms, STP/RSTP, VLAN, QoS, DHCP, IGMP Static Multicast, LLDP, port trunking, port mirroring, SNMP, alarms and an operating range from -40°C to +75°C. The series is compliant with EN50155 and EN50121 and is intended, among others, for PIS - Passenger Information Systems, CCTV, video monitoring and control systems in railway transport.

Models from the TNS5500 series have passed industrial tests covering, among others, ESD, EFT, Surge, magnetic field, vibration and shock resistance, and have certificates such as CE, FCC, RoHS, EN50155 and EN50121-3-2.

TNS5800 is a Layer 3 EN50155 railway switch with M12 ports. It supports 8 10/100Base-T(X) M12 ports and 4 10/100/1000Base-T(X) M12 ports, static routing, RIP, OSPF, BGP, VRRP, MSTP, ACL, IEEE 802.1X, HTTPS, SSH, SNMPv1/v2/v3, VLAN, QoS, IGMP Snooping, port mirroring and functions increasing management security. The operating temperature range is from -40°C to +75°C. TNS5800 is a good example of a device for more complex railway networks where Layer 2 alone may not be sufficient. Support for Layer 3 functions, routing mechanisms and security functions makes it possible to build a more organised, scalable and easier-to-control Ethernet infrastructure.

When to choose an EN50155 railway switch?

An EN50155 railway switch is worth considering wherever Ethernet infrastructure operates in a transport or railway application, especially when the device is installed in a vehicle, near the track, in an onboard system or in an environment exposed to interference and vibration.

Typical applications include:

  • CCTV monitoring in vehicles and railway infrastructure,
  • passenger information systems,
  • Wi-Fi networks in trains and trams,
  • onboard telemetry and diagnostics,
  • communication between devices in a vehicle,
  • control and supervision systems,
  • data recording,
  • industrial Ethernet networks in infrastructure projects,
  • applications where compliance with railway standards is important.

In simple stationary applications, a standard industrial switch may be sufficient. However, if the project requires compliance with railway standards, stable M12 connectors, increased EMC resistance, a wide temperature range, redundancy and remote management, a switch compliant with EN50155 becomes a much more justified choice.

EN50155 switch, documentation and project requirements

Documentation is very important in railway projects. Integrators and designers often have to demonstrate why certain components were selected, what standards they meet, what security functions they offer and whether they are suitable for operation in a given environment.

In this context, an EN50155 railway switch has an advantage over a standard industrial switch because its use is easier to justify with the requirements of the railway environment. If the manufacturer additionally has a certified secure development process compliant with IEC 62443-4-1, the argument becomes even stronger. It demonstrates not only hardware resistance, but also the maturity of the product design and maintenance process from a cybersecurity perspective. This is particularly important in projects where the end customer asks not only about price and number of ports, but also about security, updates, vulnerability management, documentation availability and solution resilience throughout the entire life cycle.

EN50155, IEC 62443 and a new approach to railway networks

NIS2 and CRA are a clear signal that network infrastructure in strategic sectors will increasingly be assessed in terms of security, resilience, manageability, documentation and product life cycle.

In railway Ethernet networks, this means the need for more conscious device selection. An EN50155 railway switch is not just a standard industrial switch with a different label. It is a device designed to operate in an environment where vibration resistance, temperature, EMC, connector stability, fast diagnostics, redundancy and management security matter.

An additional argument in the case of 3onedata solutions is the TÜV SÜD certificate for Secure Development Process for 3onedata V1.0.0 compliant with IEC 62443-4-1:2018, with maturity level ML2. This does not replace the EN50155 standard, but complements it with an important cybersecurity aspect of the product development process.

Therefore, when designing Ethernet networks for railway applications, it is worth asking a simple question: is a standard industrial switch really enough? If the system is to operate in rolling stock, a transport application or an environment with increased requirements, a switch compliant with EN50155 may be a much safer and more future-proof choice.