Certification doesn't usually consider the odds of power plant or prop failure. You have to demonstrate continued flight and control after a failure of one motor/ prop/ battery/ controller.

This is a simplification, and for some current designs it's an over-simplification. Essentially, you have a target FIT rate for each category of failure -- catastrophic may be 10^-7 (one failure in 10^7 hours), hazardous 10^-6, major 10^-5, minor 10^-4. (These numbers depend on the category, size, and type of aircraft -- a commercial airliner may target 10^-9 for hazardous, and go from there).

If you demonstrate that failure of one power plant is minor, then you also have to show that the chance of this is 10^-4 or better -- which, if you have ten power plants, means that the rate of any one failing is 10^-5 or better. This is very achievable, so this is a reasonable approach, which is approximated as "demonstrate continued flight after one failure." But there's two ways this can vary -- the first is to have a more serious impact of a failure, but show that the failure is less common; this is viable for example an eVTOL that will be forced to make an immediate landing after one failure (which is probably "major") due to, say, motor thermal limits, but can substantiate a 10^-5 failure rate for power plants. The other way this can vary is if the chance of

*two* failures starts to matter. If each motor fails at, say, 10^-5, then twelve motors have one failure at near enough 10^-4, but have two failures at worse than 10^-9. If you need to reach 10^-9 for catastrophic, this means you have to either show that two failures is not catastrophic, or improve reliability per motor. (Or make an exposure argument -- if you escalate single failure to major with a "land within five minute" restriction, then the chance of a second failure in this time window is reduced per flight hour.)

Sorry to go deep on this stuff, I just find that it's super interesting, and one of the most reasonable things about the FAA regulations. The rules-of-thumb that I use are (1) electronic components (including motors) have a failure rate of 10^-4 individually; therefore (2) continued operation after single failure can reach 10^-7 (which is permitted for catastrophic for small Part 23); so (3) dual redundancy is sufficient for detectable failures, and triplex is sufficient for undetectable failures. It's important to know when these rules of thumb don't work, but they're a great start.