Safety is a serious concern for machine builders, system integrators, and end users. Not only do they have a responsibility to provide a safe production environment, they must also meet regulatory requirements for machine safety. And of course, all of this should occur with minimal impact on operational efficiency and productivity. Fortunately, functional safety features in machines and systems allow both scenarios to be realized—mitigating the risk of injury without needlessly affecting production.

Designers of industrial machinery and equipment have to account for the fact that automated motion poses a significant risk of injury or damage. The aim of functional safety is to ensure that equipment operates correctly in response to its inputs. It requires a system to detect potentially dangerous conditions and to activate a protective or corrective device or command that will prevent, or reduce the consequences of, a hazardous event. To this end, drives play a central part in safety solutions.

Although the EU was the first market to mandate integrated safety functions in machinery, manufacturers around the world have begun to integrate functional safety features in machines marketed and sold outside of the EU. There are two primary standards that govern machine safety for industrial equipment—EN/IEC 62061 and EN/ISO 13849-1. Most equipment that includes integrated safety follows one of these two standards.

According to the IEC (International Electrotechnical Commission) website:

IEC 62061 specifies requirements and makes recommendations for the design, integration and validation of safety-related electrical, electronic and programmable electronic control systems (SRECS) for machines. It is applicable to control systems used, either singly or in combination, to carry out safety-related control functions on machines that are not portable by hand while working, including a group of machines working together in a coordinated manner.

According to the ISO (International Standards Organization) website:

EN/ISO 13849-1:2005 provides safety requirements and guidance on the principles for the design and integration of safety-related parts of control systems (SRP/CS), including the design of software. For these parts of SRP/CS, it specifies characteristics that include the performance level required for carrying out safety functions. It applies to SRP/CS for high demand and continuous mode, regardless of the type of technology and energy used (electrical, hydraulic, pneumatic, mechanical, etc.), for all kinds of machinery.

So why do some standards begin with the prefix EN?

In short, the EN prefix designates a harmonized standard. That means it is listed under the EU Machinery Directive 2006/42/EC. The Machinery Directive specifies essential safety and health requirements that all machines in the EU must meet. Harmonized standards include standards from ISO, IEC, and the European Union. These standard provide the technical specifications and procedures to fulfill the Machinery Directive requirements.

Comparison of EN/IEC 62061 with EN/ISO 13849-1

EN/IEC 62061 …

• Uses the SIL (Safety Integrity Level) rating system to indicate the level of functional safety
• Assigns a numeric score from 1 to 4, with 1 being the lowest and 4 being the highest; example: SIL3 (note that only levels 1-3 apply to machine systems)
• Risk assessment for determining the required SIL level is based on severity of injury (Se), frequency and duration of exposure (Fr), probability of occurrence of a hazardous event (Pr), and probability of avoiding or limiting harm (Av)
• SIL rating indicates the Probability of Dangerous Failure per Hour (PFH_D) and the Risk Reduction Factor (RRF)
• Takes into account both low frequency demand (i.e low frequency of a machine process or action) and high frequency demand.

EN/ISO 13849-1 …

• Uses the PL (Performance Level) rating system to indicate the level of functional safety
• Assigns an alphabetic score from a to e, with a being the lowest and e being the highest; example: Category 4 PLe
• Risk assessment for determining the required PL is based on severity of injury, frequency and/or exposure time to the hazard, and possibility of avoiding the hazard or limiting harm
• PL rating indicates the system’s architecture (referred to as Category), Mean Time to Dangerous Failure (MTTF_d), Diagnostic Coverage (DC), and Common Cause Failures (CCF)
• Takes into account only high frequency demand

Note that the Performance Levels (PL) under ISO 13849-1 correspond to certain PFH_D ranges — so can be cross-referenced to SIL levels from IEC 62061.

When implementing functional safety, machine builders, integrators, and users are free to choose either standard — EN/IEC 62061 or EN/ISO 13849-1. But whichever standard is used, it must be used in its entirety, and the two standards cannot be mixed.

Remember that functional safety is applicable to the machine and its control system — not to a specific component or type of device. For example, a servo drive may include features and functionality that enable a system to achieve a specific EN/IEC 62061 or EN/ISO 13849-1 safety category, but the use of the drive itself does not confer that safety level to the machine.

Many drive manufacturers have published brochures or white papers addressing functional safety, and for good reason. While the concept of functional safety is relatively simple, the decision regarding what safety level should be applied to a particular machine or process is based on a complex mix of quantitative factors and qualitative assessments. Some manufacturers have even developed proprietary software to assist designers in determining what functional safety level is required and in choosing the appropriate components to achieve that safety level.

Article updated August 2019.