Sjoerd van der Zwaan

While substantial progress has been made in the functional safety of modern robotics, the integrity of the software build process remains largely unaddressed. This talk exposes the silent risk of toolchains: the reality that latent compiler or library defects can systematically corrupt the core THINK and ACT loops of a robotic system. When the translation from high-level safety logic to machine code is flawed, even a perfectly designed perception-action cycle can fail, leading to catastrophic physical outcomes.

This risk is further amplified by the increasing need for frequent software updates, driven by cybersecurity requirements and continuous product improvement. These updates can invalidate previously trusted toolchain baselines, creating an ‘update paradox’ that slows both deployment and innovation. At the same time, the introduction of the EU Machinery Regulation makes this issue unavoidable. If a robot uses AI or machine learning in its safety functions—such as an AI vision system governing the THINK phase of collision avoidance—it is classified as high-risk machinery. Under this new regime, toolchain trust must be explicitly demonstrated. The regulation recognizes that the tools used to build software are as vital as the code itself; therefore, toolchain qualification is no longer an optional checkbox, but a prerequisite for market access.

Taken together, this regulatory shift and the update paradox fundamentally redefine the build process. Qualification can no longer be a one-off certification step; it must evolve into a continuous process that maintains trust across updates, toolchain changes, and evolving system requirements. By reframing compilers and libraries as active components of the functional safety chain, this talk provides a roadmap for closing the trust gap—enabling safer robots and sustained compliance in the age of physical AI.