For systems where functions are distributed but share support forcomputation, communication, environment sensing and actuation, it is essentialto understand how such functions can affect each other. Preliminary HazardAnalysis (PHA) is the task through which safety requirements are established.This is usually a document-based process where each system function isanalyzed alone, making it difficult to reason about the commonalities of relatedfunctional concepts and the distribution of safety mechanisms across a systemof-systems. This paper presents a model-based approach to PHA with theEAST-ADL2 language and in accordance with the ISO/DIS 26262 standard.The language explicitly supports the definition and handling of requirements,functions and technical solutions, and their various relations and constraints as acoherent whole with multiple views. We show in particular the engineeringneeds for a systematic approach to PHA and the related language features forprecise modeling of requirements, user functionalities, system operationcontexts, and the derived safety mechanisms.