The First Certified Embedded Database: Inside RaimaDB Cert with Raima’s Engineering Team
Q1: RaimaDB Cert is being marketed as “the only certified embedded database for functional safety.” What makes certification so significant in the database industry, and why has it taken this long for an embedded database to pursue it?
Steinar Sande, CEO:
Raima is proud to offer RaimaDB with support for key safety standards across multiple industries: ISO 26262 for automotive, DO-178C for aviation, IEC 61508 for industrial and general safety, EN 50716 for rail, and IEC 62304 for medical devices. Delivering this breadth of support has been a long-term strategic goal for the company.
In safety-critical environments like aviation, software isn’t just expected to work—it must be reliable. That’s where a DO-178C-aligned database becomes a strategic advantage, not just a technical component.
Applications in autonomous driving, aerospace and defense, medical devices, and even nuclear control systems have always required highly reliable data management. Until now, many teams have relied on custom-built storage layers or flat files—often spending months on verification and certification because no embedded database provided the necessary safety evidence out of the box. Raima is now changing that by delivering a ready-to-use solution designed to support certification from day one.
Certifying a database engine against standards like DO-178C, ISO 26262, and IEC 61508 requires significant investment—both financial and engineering rigor. It demands a mature codebase, disciplined processes, and the willingness to undergo independent third-party scrutiny. With more than three decades of deployment in mission-critical systems, RaimaDB had the foundation needed to achieve this milestone.
Q2: Neil, can you walk us through the certification process? What are the biggest challenges when certifying RaimaDB across five safety standards simultaneously?
Neil Langmead, Certification Lead:
The process follows six main phases. We start with planning and safety strategy—mapping RaimaDB’s architecture against the requirements of each standard and aligning terminology so we don’t end up maintaining five parallel certification stacks. Then we produce safety-grade requirements with complete traceability from high-level requirements down to every line of code.Implementation happens under strict configuration control. All code follows MISRA C:2023, and every change, rationale, and anomaly is tracked. The core challenge here is maintaining one codebase that satisfies aviation-level determinism, automotive safety mechanisms, industrial SIL decomposition, medical device traceability, and nuclear-grade defensive programming— simultaneously.
Verification is where most of the cost sits. For our DAL A and ASIL D targets, we need 100% statement, branch, and MC/DC coverage, independently reviewed test cases, fault-injection testing, and a complete verification chain. After that, an independent assessor—in our case TÜV SGS—reviews everything: plans, code, tests, coverage data, and change records.
The biggest technical challenge is proving deterministic worst-case execution in what is inherently a complex system with concurrency, locking, indexing, and caching. Making a feature-rich database behave like a safety-critical real-time component is one of the hardest engineering problems in this space.
On the logistics side, each certification authority works on different schedules and requests different artifact formats. Coordinating across all of them is a multi-month exercise. And the evidence volume is massive—tens of thousands of pages of documentation that must remain consistent, cross-referenced, and audit-ready.
Typically, these certifications take 12–24 months each when done sequentially. Because we’re running them concurrently with a shared artifact stack and using AI-driven automation, we’re targeting significant compression of that timeline.
Q3: David, achieving 100% MC/DC coverage on a full database engine is extremely demanding. What is Raima’s technical approach?
David Nguyen, Head of Engineering:
It starts with decision analysis before writing a single test. For every module, we decompose each decision expression into its atomic conditions—every AND, OR, NOT, and multi-clause conditional. We identify which conditions mask others and which branches are reachable under what preconditions. This upfront work lets us design tests that explicitly target each individual condition’s effect on the outcome, which is the core rule of MC/DC.
We also do what we call MC/DC-oriented refactoring: restructuring complex decision logic so each condition is testable in isolation, there are no unreachable paths, and implicit short- circuiting doesn’t hide conditions. This improves both coverage and code clarity.
On the tooling side, we’ve pioneered an approach that combines large language models with the Z3 symbolic solver to automatically “solve” for difficult combinations of decisions and statements, then generate new test vectors that close coverage gaps much faster than manual methods. We’re writing a paper on this approach with the University of Bath Computer Science Department.
The traceability matrix ties it all together. Every safety requirement maps to a design element, through to the implementing code, and into verification test cases. For DO-178C DAL A, this traceability must be absolutely complete—no untraced line of code, no unverified requirement.
Q4: RaimaDB Cert follows MISRA C:2023 guidelines. What does MISRA compliance actually look like in a database engine, and what does it give customers?
David Nguyen:
In the certified core, we treat C as a restricted language. No dynamic memory allocation— memory is statically or pool-managed with clear ownership. No recursion, so stack usage is bounded and analyzable. No arbitrary casts, no reliance on undefined or implementation- defined behavior. We use fixed-width types throughout and document all assumptions about size and range.
For control flow, we decompose complex conditionals into named booleans, separate side effects from expressions, handle all switch cases explicitly with default clauses, and raise errors early and consistently. Pointers—which are everywhere in a database engine—follow strict rules: no arithmetic across unrelated objects, consistent null handling, clear ownership, and bounds-checked access through wrapper functions.
The architecture itself supports this. The safety-critical engine is self-contained and MISRA- compliant, with platform-specific services abstracted behind narrow interfaces. Non-critical features sit outside the certified kernel. The engine supports build-time configuration to include only what’s needed, keeping the certified code surface tight.
For customers, this means you can integrate RaimaDB Cert without triggering a storm of MISRA violations from third-party code. Our deviation list and compliance report plug directly into your own coding standard reviews. Your static analysis tools work on our code with minimal tuning.
And because MISRA-compliant code is more predictable across compilers and platforms, updates are easier to review and re-accept within a certified system—which matters when you’re managing change over a 10–20 year product lifecycle.
Q5: Steinar, what market need drove Raima to invest in this certification effort, and how do you see it changing the landscape for safety-critical applications?
Steinar Sande:
The investment is driven by direct requests from clients. Organizations building safety-critical systems face rising complexity and cost in achieving certification. Every software component in the safety-critical path must carry its own evidence. If the database layer lacks that evidence, the integrating team has to generate it—and certifying a database engine from scratch is not a realistic undertaking for most project teams.
RaimaDB Cert changes this by providing a pre-certified data management component. Teams get a certified data layer with audit-ready artifacts, faster compliance with international safety standards, lower development and certification costs, and the ability to focus engineering effort on their application rather than infrastructure.
As industries move toward greater autonomy and data dependency—software-defined vehicles, autonomous industrial systems, AI-driven medical devices—we see RaimaDB Cert setting a new standard for embedded data management in regulated environments.
Q6: Can you elaborate on the partnership with TÜV and other safety-certification partners? How important is independent third-party validation?
Neil Langmead:
Independent validation is non-negotiable. Our certification is not a self-assessment—it is an independent, third-party certification by SGS-TÜV Saar confirming that RaimaDB meets the requirements of the applicable safety standards.
TÜV brings recognized authority and deep domain expertise. They review our safety plans, development processes, codebase, verification evidence, and traceability artifacts with a rigor that system integrators and regulatory bodies expect. Their involvement ensures our certification claims are technically sound and internationally accepted.
Beyond the formal certification, these partnerships help us align with evolving global best practices. When a customer integrates RaimaDB Cert and faces an audit, they can point to
TÜV’s independent assessment as part of their safety case—that carries real weight with assessors across aerospace, automotive, industrial, medical, and nuclear sectors.
Q7: You’ve introduced AI-driven automation for functional safety engineering. How does this complement RaimaDB Cert, and do you see AI as the future of safety certification?
Steinar Sande:
We’ve developed TimeZero, an independent spin-off from Raima, which automates functional safety certification end-to-end. It handles some of the most labor-intensive tasks in the certification lifecycle: requirements refinement, traceability maintenance, automated test generation with MC/DC coverage, evidence consistency checks, and gap detection in safety documentation.
While RaimaDB Cert provides the certified database engine, TimeZero accelerates the engineering processes around it. For our own certification work, the combination has reduced delivery times for key artifacts by up to 90%.
We see AI-driven automation as an inevitable part of the future of safety certification—not as a replacement for human judgment, but as a force multiplier that reduces manual burden, improves quality, and shortens certification cycles. The industry is moving in this direction, and we intend to be at the front of it.
Q8: With a footprint under 500 KB, how do you balance safety requirements with the performance demands of embedded systems and RTOS platforms?
David Nguyen:
It starts with architectural restraint. We stripped the core to essential database primitives: predictable indexing, fixed-size page management, static memory pools, and deterministic transaction paths. Non-critical features are either isolated outside the certified kernel or excluded entirely through build-time configuration.
For RTOS platforms like AUTOSAR Classic, VxWorks, QNX, and Green Hills INTEGRITY, we focused on zero-dynamic-allocation operation, bounded worst-case execution times, andminimally blocking concurrency. All I/O, threading, and timing interactions go through narrow abstraction layers so the engine is both portable and certifiable.
The key insight is that the same design principles that make code certifiable—determinism, bounded resource usage, explicit error handling—also make it perform well in constrained environments. There’s no inherent trade-off between safety and embedded performance when the architecture is designed correctly from the start.
Q9: What has been the early market response, and where is Raima headed over the next 3–5 years?
Steinar Sande:
Early response has been strong, particularly from companies building next-generation aerospace & defense modules, automotive ECUs, robotics controllers, and medical devices.
RaimaDB Cert fills a gap that has existed for decades: a high-performance, small-footprint database engine that is actually certified to the highest integrity levels.
Looking ahead, we plan to expand certification coverage into additional standards
Over the next 3–5 years, we expect the certified embedded database market to accelerate as OEMs move away from custom data storage code toward fully certifiable, off-the-shelf data engines. The drivers are clear: increasing system complexity, cross-domain reuse, regulatory pressure, and the industry-wide shift toward software-defined safety architectures. RaimaDB
Cert is positioned to lead that transition.
Resources
Sponsored by Raima.