The Machinery Directive 2006/42/EC states that when a machine manufacturer is unable to eliminate the risks of potential hazardous situations (for example, mechanical hazards such as crushing or cutting) through safe design methods, the next step is to reduce the risks through technical protective measures. These technical measures include protective devices, such as door locks and light curtains, and monitoring devices to ensure safe operating parameters such as speed and position.

The method through which the protective measure reduces the risk of a hazard is referred to as a safety function. For example, one common safety function is to stop the machine or movement when a protective device, such as a light curtain, is triggered. These machine safety functions can be implemented by disconnecting the power supply to the motor, through external monitoring devices, or through safety functions integrated directly into the drive (commonly referred to as drive-based safety).

When the function of the protective devices depends on the proper operation of a control system, the safety principle is referred to as functional safety, which is defined in two standards: IEC 62061 and ISO 13849-1.

The IEC 61800-5-2 standard, Adjustable speed electrical power drive systems – Part 5-2: Safety requirements – Functional, divides safety functions into three categories: stopping functions, safe motion functions, and safe braking functions. Probably the most common machine safety functions refer to safe stopping of the machine. These include Safe Torque Off (STO), which immediate removes power form the motor (but not from the drive), Safe Stop 1 and 2 (SS1 and SS2), which provide a controlled deceleration of the motor, and Safe Operating Stop (SOS), which monitors the position and speed of the motor to ensure it does not deviate from a specified point or from zero speed.

But not all situations that require “safe” operation necessitate that the machine be completely stopped, or that it maintain a constant position or zero speed. For example, in cases of startup and troubleshooting, the machine often needs to be operable even while operators work on or in a potentially hazardous area. In these scenarios, safe motion functions allow the machine to continue operating within a defined, speed, position, and/or acceleration to ensure the risk posed by the machine is minimized.

There are three safe motion functions that can be used to ensure a machine operates below a specified speed, or within a specified speed range:

Safely Limited Speed (SLS) — This function ensures that a maximum, predefined speed is not exceeded. When SLS is initiated, the motor undergoes a controlled deceleration to a speed equal to or below the specified maximum. Then, if the maximum speed is exceeded, power to the drive is switched off, typically by using the Safe Torque Off (STO) or Safe Stop 1 (SS1) function.

Safe Speed Range (SSR) — This function ensures the motor’s speed does not fall below a predefined minimum or exceed a predefined maximum. If the motor speed falls outside of the specified range, power to the drive is switched off.

Safe Speed Monitoring (SSM) — This function monitors the motor’s maximum speed, similar to the SLS function. But as a monitoring function, if the maximum speed is exceeded, the only action that is initiated is a safety message, which can be analyzed by the higher-level control or by the operator.