History of standards for functional safety in machinery

Standards for functional safety

Functional standards in the field of safety for machinery comprises :
  • Standards EN 954-1 / EN 954-2
  • Standards EN 13849-1 and EN 13849-2
  • Standards IEC 62061

EN 954-1: Origins

Following the publication of the Machinery Directive 89/392/EEC and its application to safety components through the   Directive 93/44/EEC (which extended the scope of the Machinery Directive tor safety components), the question arose as to the evaluation and validation of these safety devices.

The first standard for the Safety of machinery for control systems related to safety was EN 954 standard who comprises two parts:

  • EN 954-1: 1996 - Safety of machinery: parts of control systems for safety - Part 1: General principles for design and
  • EN 954-2: Safety of machinery: parts of control systems for safety - Part 2: Validation (Part 2 of this standardwas only a draft document withform Several edition is DRAFT. have succeeded without lead).

EN 954-1 deals with parts of control systems related to safety and regardless of technology (electrical, mechanical, hydraulic, and pneumatic).

At this time the safety systems were primarily technology based relay systems using the concepts of safe design defined in prEN 954-2 project.

This standard was very well suited for the design of control system relating to safety on the basis of electromechanical technologies with low complexity safety relay and electronic low complexity.

In addition, for low complexity electronic technology, one standard prescription gave design principle: EN 61496 for light curtains.

The situation at the time was still supported by the fact that another installation standard: EN 60204-1 1997 for the chapter on stop functions stated:

9.2.2 Functions judgment

There are three categories of judgment:

- Category 0: Stopping by immediate removal of power to the actuators (eg uncontrolled stop - see 3.56);

- Category 1: controlled stop (see 3.11) keeping the power to the actuators to stop the machine and cut off the power when the stop is achieved;

- Category 2: Controlled by maintaining power to the actuators stop.

Note - the exception of emergency modes (see 9.2.5.4), and depending on the risk assessment, the power loss can be achieved by electromechanical components or semiconductors.

(...)

9.2.5.4.2 Emergency Stop

In addition to the requirements of a judgment (see 9.2.5.3), the emergency stop meets the following requirements:

- It must be a priority over all other functions and controls in all modes;

- The energy of the actuator which can cause hazardous conditions, or should be removed as quickly as possible without creating other (s) risk (s) (e.g. by initiating a mechanical locking device that requires no external energy by braking against the current for stop category 1);

- The reset does not cause a reboot.

The emergency stop must act as a stop category 0 or 1 (see 9.2.2). The choice of the type of the emergency stop has to be determined according to the risk assessment of the machine.

If u stop category 0 is used for the emergency stop function, it must be connected only in electromechanical technology. In addition, this function should not depend on the electronics (hardware or software) or transmission of orders by a network or communication link.

If a Category 1 stop function is used for the emergency stop function, final removal of power to the actuators must be guaranteed, and should be performed by means of electromechanical components.


The STSARCES project 

Solutions based on complex technologies were therefore prohibited.

Technical solutions on these technologies, however, some german notified bodies began to certifiy products  on the basis of another functional safety standard IEC 1508 (listed in EN 954-1) and compliance with the essential requirements for health and safety of the Machinery Directive at the time was made through compliance with EN 954-1.

However, although the product was certified, prevention agencies in some other countries of Europe do not always accept these products.

To ensure the free movement of goods within Europe and especially the harmonization of practices of notified bodies, a European project led by INERIS was created in 1999: the STSARCES project.

 

At the same time, a non-standard applicable to the machinery sector was published IEC 61508,


EN 13849-1

EN 954-1 includes mainly non complex technology.

In order to integrate these new technologies for the machine sector, a new standard was published in order to complete EN 954-1 speciably for complex technologies by integrating the results of the SAFEC project.

At this time that normative work began to integrate complex technologies in two new standards: EN 13849-1 and 13849-2.


IEC 62061

Some Anglo-Saxon countries were in favor of this new IEC 61508, and it was decided at the European level to create a new standard: IEC 62061: Safety of machinery: Functional safety of electrical, electronic and control systems relating to safety standard which originally was intended to transpose the new IEC 61508 to the machinery sector. The first edition of this standard was published in 2005.

Participants in the drafting of this standard were in most cases people who participated in the work of EN 954-1, IEC 61508 and STSARCES project. 


The regulatory situation in the field of machinery

At the regulatory level, several competing standards exist to certify and demonstrate the conformity of the safety components with:

  • EN 954-1
  • EN 13849-1 and
  • IEC 62061 standards

EN 954-1 is not a harmonized standard since December 31, 2011.

At the origin, it should have been deleted with the entry into force of the new Directive 2006/42/EC (applicable from 29 December 2009), but been extended by the European Commission during a transition period for EN 954-1 until 31 December 2011.


ISO 17305

These standards with requirements and procedures that were not always similar, work is in progress at the international level to merge these two standards: the draft standard ISO / AWI 17305 - Safety of machinery - Safety functions of control systems

 


Safety in Ex field : The SAFEC project 

In the field of ATEX for safety devices, pre-standardization work was performed in the same manner as in the field of machinery through the SAFEC project that later gave birth to EN 50495 standard which has finally been published after a period of 10 years