The safety of a complex infrastructure never coincides solely with compliance with a standard. In road tunnels, in particular, the critical point is not only designing adequate safety systems, but understanding how these systems react over time, in real, degraded or unforeseen conditions. This is where risk stops being a theoretical exercise and becomes an operational tool.

For years, design and management were approached as two separate fields. On one side, system sizing; on the other, ordinary operation and maintenance. This separation, however, is fragile. A system may have been designed according to formally correct criteria and yet lose effectiveness during operation if it is not observed as part of a wider system made up of traffic, weather, procedures, residual reliability of subsystems and the quality of the operational response.

From static design to continuous risk assessment

A truly advanced approach to tunnel safety starts from a different logic: risk is not just something to be estimated at the initial stage, but a synthetic indicator that must accompany the infrastructure throughout its entire service life. Risk-based design makes it possible to identify vulnerable points and allocate resources where risk is greatest; operational risk management translates that same logic into monitoring, procedures and continuous control of operating conditions.

The difference compared to a conventional approach is substantial. In a classic deterministic logic, systems are sized by adding safety margins to a rigidly optimized design. In a risk-based logic, by contrast, the design takes into account uncertainties, undesirable system behaviors and the actual performance of subsystems in different scenarios, including degraded ones. This step is decisive because it avoids both unnecessary oversizing and dangerous savings.

In road tunnels, risk never depends on a single element. Ventilation systems, traffic, procedures, external conditions and the state of subsystems all contribute together to determining the real level of safety. For this reason, reasoning in terms of individual components is not enough. A fan may be available, but its contribution to overall risk varies depending on the context. In the same way, defining minimum operating thresholds is necessary, but not sufficient to govern complex or off-design situations.

Why a single indicator is needed

The introduction of a risk indicator makes precisely this leap possible: moving from a sum of isolated checks to a synthetic and systemic assessment of safety. In operational terms, risk monitoring produces two different but complementary effects.

The first is a short-term effect: identifying conditions that require rapid intervention, for example due to abnormal traffic or exceptional weather. The second is a long-term effect: assessing how dangerous known or planned conditions really are, such as major works or peak travel periods, and calibrating management accordingly.

In this sense, infrastructure safety can no longer be thought of as a fixed quality, acquired once and for all. It is rather a dynamic ability to react to uncertainty, read signs of fragility and intervene before an unfavorable chain of events turns into a crisis.

Conclusion

Risk is not an addition to design. It is the language that makes it possible to truly connect design and management. In road tunnels, this means overcoming the logic of a system verified once and for all and moving towards a vision in which safety is continuously read, measured and governed.