§25.671 General.

(a) Each control and control system must operate with the ease, smoothness, and positiveness appropriate to its function.
(b) Each element of each flight control system must be designed, or distinctively and permanently marked, to minimize the probability of incorrect assembly that could result in the malfunctioning of the system.
(c) The airplane must be shown by analysis, tests, or both, to be capable of continued safe flight and landing after any of the following failures or jamming in the flight control system and surfaces (including trim, lift, drag, and feel systems), within the normal flight envelope, without requiring exceptional piloting skill or strength. Probable malfunctions must have only minor effects on control system operation and must be capable of being readily counteracted by the pilot.
(1) Any single failure, excluding jamming (for example, disconnection or failure of mechanical elements, or structural failure of hydraulic components, such as actuators, control spool housing, and valves).
(2) Any combination of failures not shown to be extremely improbable, excluding jamming (for example, dual electrical or hydraulic system failures, or any single failure in combination with any probable hydraulic or electrical failure).
(3) Any jam in a control position normally encountered during takeoff, climb, cruise, normal turns, descent, and landing unless the jam is shown to be extremely improbable, or can be alleviated. A runaway of a flight control to an adverse position and jam must be accounted for if such runaway and subsequent jamming is not extremely improbable.
(d) The airplane must be designed so that it is controllable if all engines fail. Compliance with this requirement may be shown by analysis where that method has been shown to be reliable.

§25.672 Stability augmentation and automatic and power-operated systems.
If the functioning of stability augmentation or other automatic or power-operated systems is necessary to show compliance with the flight characteristics requirements of this part, such systems must comply with §25.671 and the following:

(a) A warning which is clearly distinguishable to the pilot under expected flight conditions without requiring his attention must be provided for any failure in the stability augmentation system or in any other automatic or power-operated system which could result in an unsafe condition if the pilot were not aware of the failure. Warning systems must not activate the control systems.
(b) The design of the stability augmentation system or of any other automatic or power-operated system must permit initial counteraction of failures of the type specified in §25.671(c) without requiring exceptional pilot skill or strength, by either the deactivation of the system, or a failed portion thereof, or by overriding the failure by movement of the flight controls in the normal sense.
(c) It must be shown that after any single failure of the stability augmentation system or any other automatic or power-operated system—
(1) The airplane is safely controllable when the failure or malfunction occurs at any speed or altitude within the approved operating limitations that is critical for the type of failure being considered;
(2) The controllability and maneuverability requirements of this part are met within a practical operational flight envelope (for example, speed, altitude, normal acceleration, and airplane configurations) which is described in the Airplane Flight Manual; and
(3) The trim, stability, and stall characteristics are not impaired below a level needed to permit continued safe flight and landing.