Microsoft wants safer C# without turning it into Rust
Jump to main content
Search
REG AD
DevOps
Microsoft wants safer C# without turning it into Rust
Unsafe bits get a warning label in planned low-level coding shake-up
Tim Anderson
Tim<br>Anderson
Published<br>tue 26 May 2026 // 17:50 UTC
.NET product manager Richard Lander has written a<br>lengthy<br>post describing how the team intends to improve the memory<br>safety of C# by introducing a new model and redefining the existing unsafe<br>keyword, making the language more like Rust, though without giving up automatic<br>memory management.<br>"We envision a future where C# is among a set of<br>languages chosen and noted for the type- and memory-safety enforcement,"<br>said Lander.<br>Many C# developers never use unsafe, but it has been<br>part of the language from its first release. "Writing unsafe code is like<br>writing C code within a C# program," said an early book called The C#<br>Programming Language, written by its inventor Anders Hejlsberg and others. Examples<br>of where unsafe code is necessary include interop with the underlying operating<br>system, accessing memory-mapped devices, or implementing time-critical code. Unsafe<br>code allows the use of pointer types, which are not tracked by the .NET garbage<br>collector, and pointer operators. Other than that, the existing unsafe<br>modifier has no effect on a type or member.
REG AD
This will change in C# 16, which is two versions in the<br>future and will be released in late 2027, according to the usual annual .NET cycle,<br>along with .NET 12, which will be a long-term support (LTS) release. Developers<br>can also expect a preview in C# 15 and .NET 11.
REG AD
In the new model, marking a method as unsafe will "also mark it as requires-unsafe, meaning callers must be in<br>an unsafe context and overrides cannot be unsafe if the base members is<br>safe," states the current language<br>proposal. This means that the unsafe designation propagates to<br>callers until it is suppressed by including an unsafe context<br>within a method, but not marking the method as unsafe.<br>Some have questioned why the team will rely on the absence<br>of unsafe to suppress propagation, rather than using the safe modifier. "I've<br>been advocating the design team for just this thing," said<br>Lander.
MORE CONTEXT
Microsoft wants to replace its entire C and C++ codebase, perhaps by 2030
CPython may go Rusty, but older platforms risk getting iced out
Anthropic’s Bun Rust rewrite merged at speed of AI
Microsoft aims to speed Windows with 'leap forward' in WinUI 3 perf
It will no longer be possible to mark a type as unsafe; the<br>unsafe scope moves down to individual methods, properties, and fields.<br>Another change is that the use of pointer types and some<br>pointer expressions will no longer be considered unsafe; it is only dereferencing<br>a pointer and therefore accessing unmanaged memory that will require an unsafe<br>context.<br>The changes will be opt-in for C# 16, meaning that<br>developers can continue with the C# 1.0 model, but the .NET runtime libraries will<br>opt-in, said Lander. In addition, Microsoft is considering adding badges on<br>packages in NuGet, the .NET package repository, to show whether they have opted<br>in and to encourage adoption. A future version of C# may make the model opt out<br>instead. "Our intention is to make the new C# safety model the new<br>normal," said Lander.<br>The idea is not to make unsafe code less dangerous, but<br>rather to make it more visible and easier to review. This extends to safety<br>documentation, via a comment on an unsafe member that defines a contract for its<br>use, which will be encouraged by static code analyzers.<br>Developer reaction so far is largely positive. "I'm<br>both a C# and Rust dev, and I really welcome it ... I wouldn't hate it if C# became<br>closer to a managed Rust," said<br>one.<br>One odd thing about this proposal is that<br>C# developers working on business applications will not notice any change, as<br>they never use unsafe code. Nevertheless, Lander stated that "this feature<br>is among the highest-leverage changes that we can make" to improve<br>confidence in C# code safety. ®
.net<br>microsoft<br>memory safety<br>rust<br>devops
REG AD
Science
Swift thinking buys NASA observatory a little more time before re-entry
Rescue mission might have until the end of summer after science operations halted
Security
India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat
CERT-In says internet-facing or critical systems should be patched, mitigated, or cut off within half a day where feasible
THE REGISTER EXPLAINER
Explainer: Edge AI
You can run AI at the edge, if your infrastructure supports it
Personal Tech
Windows 11 update preview promises faster launches, puts Task Manager on NPU patrol
Just mind the known issue that can still send installs rolling back
Systems
EU's digital sovereignty boo-boo may be the best thing to ever happen to the project
DIY or die. Just don't let the CIA buy it
Broadcom gets early start on WiFi 8 with next-gen wireless...