To me it’s not clear which applications which usually imply safety levels (SILs) shall be addressed with this architecture. Are you considering homogeneous/heterogeneous redundancy (redundant nodes, redundant topics)? Will redundancy be considered w.r.t. hardware as well? Probably interesting for further design decisions: Functional Safety Design Patterns.