The Air India Flight AI171 tragedy of June 12, 2025, has raised not only concerns about the level of human lives lost but the technologically related irregularities which indicate the latent weakness in the Boeing 787-8 Dreamliner’s system. The incident chain from the initial electrical problems before the flight to the unwarranted activation of the Ram Air Turbine (RAT) indicates the concealed Single Point of Failure in the essence of the airplane’s system.
1. Core Network A Single Point of Failure
At the forefront of the inquiry is the Boeing 787’s Common Core System (CCS) and the Common Data Network (CDN), which serves as the electronic backbone connecting more than 50 different systems, 22 of which are safety-critical, including Full Authority Digital Engine Control (FADEC). Cybersecurity specialists at IO Active pointed out in 2020 that this design presents a potential single point of failure (SPoF), which has the potential to compromise data across different domains, even with software partitioning. The FAA has pointed out in the past the potential problems with power buses on the 787, which, despite software partitioning, do not necessarily isolate due to shared hardware failure paths.
2. Pre-Crash Electrical Fault Pattern
Repair records reveal that in the 48 hours preceding the accident, VT-ANB experienced no fewer than three Category A electrical failures and 11 other minor failures. On the 9th, a core network fault was recorded as a Category C MEL, described as a ‘medium risk’ problem, which required attention within a 10-day time frame, though this condition directly impacted the critical systems, while on the 10th, the Nitrogen Generation System, which purifies fuel tanks with inert gas, experienced a failure (Category A MEL), and on the 12th, the stabilizer trim motor and sensor systems failed. Each of these systems traces its electrical lineage back to a common point, a high voltage AC power bus energized by engine-driven generators.
3. Bus Power Control Unit (BPCU) Gateway Faults
Fifteen minutes prior to departure, there were malfunctions in the left and right BPCU gateway functions recorded by the ACARS system. The BPCU serves as the electrical traffic manager on an aircraft by directing the generator’s power to the proper buses and thereby isolating faulty areas. A malfunction in the gateway function can cause instabilities in the electrical power distribution, resulting in surges or collapses in systems. A faulty gateway function in an integrated electrical system such as in the 787 can cause the FADEC “RUN” signal path to produce a false shutdown signal to the engine control computer.
4. Uncommanded Fuel Cutoff and FADEC Role
Flight records show that at 08:08:42 UTC, the fuel control switch on Engine 1 switched from the RUN position to the CUTOFF position; this was followed a second later on Engine 2. On the Boeing 787, the position of the fuel control switches is detected as voltage, which is converted to digits and processed to the FADEC and the flight data recorder through the CDN. The absence of the “RUN” signal due to transient shorting, network failure, or BPCU fault triggers the FADEC system to shut down the engine, as it would when the fuel control switch is switched to the CUTOFF position.
5. Timing of Ram Air Turbine Activation
The RAT, intended for activation only under emergency conditions like simultaneous engine failures or the loss of instrument bus power, began applying hydraulic pressure starting from 1:38:47 IST. With its six-second spin-up time, this would have taken place somewhere between 1:38:41-42 IST, seconds after the aircraft departed and before it could leave the airport boundary. The implication is that the triggering factor, loss of power on the C1/C2 TRU lines that supply the instrument buses, was already present before the engines spooled down, indicating an unstable electrical situation rather than the electrical situation developed due to fuel shutdown.
6. Architecture Vulnerabilities and FAA Directives
The 787’s CCS supports multiple avionics functions via shared GPMs on two Common Computing Resource cabinets that are interconnected over the CDN’s fibre-optic Ethernet infrastructure. Issues such as the possible loss of stale-data monitoring beyond 51 days of continuous operation, potentially resulting in unnoticed CDN switch failures and subsequent invalidation of flight-critical information, have been resolved as mandated by the FAA. Such problems demonstrate the fallibilities of highly integrated electrical and data systems, within which one error propagates systemically across multiple networks.
7. Underplaying by the Manufactures and
The Airbus subsidiary, through their operating instructions, has traditionally downplayed a failure in the main network by emphasizing that such a failure is only relevant to ‘minor’ functions such as display maps at airports or printer functions in the cockpit. This impacted their approval of a FAA Cat C MEL rating, exemplified by India’s DGCA regulatory body similarly approving of this assessment. Conversely, independent analysts see a high risk in main network failure, inasmuch as this network connects FADEC, flight control computers, along with ‘other significant systems,’ noting that a precedent exists in Lion Air Flight 610, in which a single sensor in MCAS in a 737 MAX led to ‘hidden’ issues related to ‘significant components’ going unchecked until a tragedy occurred.
8. Fleet-wide Implications and Groundings
After the incident, Air India locally pulled three 787-8 aircraft for a detailed check during heavy checks, whereas there have been severe incidents on some aircraft from the same airline’s fleet ranging from the uncommanded extension of the RAT system to flight control system malfunctions. Worldwide, there have been reports by Boeing Company of a total of 31 incidences related to the uncommanded extension of the RAT system since the aircraft was unveiled.
To recapitulate, the AI171 series “core network degradation, BPCU gateway failures, uncommanded fuel cutoffs, deployment of RATs, and double flameouts” presents a related series that has its roots in the integrated electrical architecture that is part of the 787 aircraft system. For people in the airline safety industry, this particular case has reiterated the insufficiencies that arise from the way that MELs are designated for network-level issues.
