The aim of the Machinery Directive is to reduce the number of accidents that occur when using machinery. This directive therefore requires that the aspect of safety is included in the design and construction of machinery. In addition, you must also make sure that the technical documentation required by the Machinery Directive has been created. The technical documentation for a machine must make it possible to assess whether the machine complies with the requirements of the Machinery Directive.
The manufacturer of a machine or their authorized representative is responsible for creating the technical documents as well as adhering to all requirements.
It is only when these requirements are met in full that machines are allowed to bear the CE marking. This marking is required in order for a machine to be placed on the market and operated without restrictions in the European Economic Area.
Key contents of the Machinery Directive
- Description of the scope of the Machinery Directive
- Differentiation from other European directives
- Definition of complete and partly completed machinery
- Requirements for complete and partly completed machinery
- Requirements and measures for placing machinery on the market and putting it into service
- Significance of harmonized standards
- Procedures for assessing the conformity of machinery
- Procedure for partly completed machinery
- CE marking
- Essential health and safety requirements for the design and construction of machinery
- Procedure for the risk assessment of machinery
- Required technical documentation
EN standards for the safety of machinery
The Machinery Directive contains essential health and safety requirements. The harmonized standards for the Machinery Directive are listed in the corresponding Official Journal of the European Union.
A machine meets the essential health and safety requirements if it has been manufactured in accordance with these harmonized standards.
The EN standards are divided into various types:
- Type A – basic safety standard
- Type B – group safety standard
- Type C – product safety standard
Division of the EN standards
Type A
Basic safety standards concerning basic concepts, general principles for design, and general aspects (for example, design and methodology) that apply to all machines, devices, and systems.
Example standards:
EN ISO 12100 (safety of machinery)
Type B
Group safety standards concerning one safety aspect or one type of safety-related equipment that can be used across a wide range of machines, devices, and systems.
Type B1 – Special safety aspects, e.g. safety distances and limits for surface temperatures.
Example standards:
EN ISO 13857 (safety distances in hazard zones)
EN ISO 13855 (safety distance calculation)
EN ISO 13849 (Safety of machinery – Safety-related parts of control systems)
Type B2 – Safety-related equipment, such as emergency switch-off devices or two-hand control devices.
Example standards:
EN ISO 13850 (Safety of machinery – Emergency stop function)
EN 574 (two-hand control devices)
Type C
Standards concerning the safety of machinery with detailed safety requirements for all significant hazards for a particular machine or group of machines. Type C standards are also often referred to as product standards.
Example standards:
EN 12622 (Safety of machine tools – Hydraulic press brakes)
EN 415 (packaging machines)
Standards and directives for functional safety
Functional safety concerns the correct application of safety-related (control) systems and other risk reduction measures that are crucial to the safety of a system. In this case, when a critical error occurs, the controller initiates the safe state.
Standards EN 62061 and EN ISO 13849-1 were derived from EN 61508 for the machine building sector. Both of these standards specifically address the requirements for safety-related components of control systems on machinery.
The following standards for functional safety are the main standards:
- EN 61508 is the standard for the functional safety of electrical, electronic, and programmable electronic safety-related systems.
- EN ISO 13849-1 describes the design of safety-related parts of control systems. An important parameter for the reliability of safety-related functions is the performance level (PL).
- EN 62061 describes the functional safety aspects of safety-related electrical, electronic, and programmable control systems. An important parameter for the reliability of safety-related functions is the safety integrity level (SIL).
Harmonized standards for functional safety
The term “harmonized standards” refers to European standards for products. They are part of the European Commission’s “New Approach” where essential requirements for products are defined by standards organizations CEN and CENELEC. The harmonized standards are published in the Official Journal of the EU. Only goods and services that satisfy the essential requirements may be placed on the market. They can be identified by certificates or CE markings.
For example, if a machine has been manufactured in accordance with the specified harmonized standards, it can be assumed that the machine satisfies the essential health and safety requirements of the Machinery Directive. EN 62061 and EN ISO 13849-1 were derived from EN 61508 specifically for the machine building sector. Both of these standards address the specific requirements for safety-related parts of control systems on machinery.
Both standards are harmonized for the Machinery Directive and represent state-of-the-art technology. Unlike the previous standard, EN 954, these standards can also be applied for complex and programmable systems. In addition, they include all aspects of functional safety derived from EN 61508. It is therefore no longer the case that only deterministic aspects play a role. Furthermore, the statistical probability of failure of systems as well as organizational measures, measures for fault avoidance, and measures for error detection are also important.
The degree of safety is measured in both standards by the level of safety integrity. EN 62061 uses SIL 1 to SIL 3 and EN 13849 uses PL a to PL e as discrete levels for safety integrity.
Scope of EN 62061 and EN ISO 13849-1
Why are there two different standards for supposedly the same area of application? You’ll find the answers to this question in the table below.
EN 62061 | EN ISO 13849-1 | |
---|---|---|
Contents | Safety-related electrical, electronic, and programmable control systems | Design of safety-related parts of control systems: The important parameter is the performance level |
Scope | Simple electromechanical systems such as relays or electronics | Simple electromechanical systems such as relays or electronics |
Complexity | Complex electronic systems as well as programmable systems with all architectures | Complex electronic systems as well as programmable systems with planned architectures |
Application | Specific to electrical control systems; framework/methodology applicable to other technologies | Can be applied directly for technology outside of electrical engineering, such as hydraulics and pneumatics |
Risk assessment
Step 1: Determination of the required performance level
EN 62061
An important parameter for the reliability of safety-related functions is the safety integrity level (SIL). Various criteria are assessed in order to determine the required SIL:
- Severity of injury (S)
- Frequency and duration of exposure to the hazard (F)
- Probability of the occurrence of a hazardous event (W)
- Possibility of avoiding or determining the safety integrity level limit of harm (P)
EN ISO 13849-1
In order to determine the required PL, various criteria must be assessed: The extent of harm, frequency, and duration, as well as possibilities for avoiding the hazard.
Risk parameters:
S: Severity of injury
- S1 – slight injury (normally reversible)
- S2 – serious injury, including death (normally irreversible)
F: Frequency and/or length of exposure to a hazard
- F1 – seldom to quite often and/or the exposure time is short
- F2 – frequent to continuous and/or the exposure time is long
P: Possibility of avoiding the hazard
- P1 – possible under specific conditions
- P2 – hardly possible
Note: Where the probability of occurrence can be classified as low, PLr may be reduced by one level.
Step 2: Specification
EN 62061 and EN ISO 13849-1
When it comes to the specification of the functional requirement, the relevant safety functions must be described in detail. To ensure this is done, the crucial interfaces to other control functions and error responses must be defined. Finally, you must define the safety integrity level (SIL) or performance level (PL).
Step 3: Design and determination of the control system architecture and of the achieved performance
EN 62061
The safety-related parameter for subsystems is based on the following values:
- Hardware fault tolerance (HFT), application-specific
- Safe failure fraction (SFF), manufacturer’s information
- Diagnostic coverage (DC), manufacturer’s information or EN ISO 13849-1
- Probability of a dangerous failure per hour (PFHd), based on the other values
- Proof test interval or duration of use, manufacturer’s information/manufacturer-specific
- Diagnostic test interval, application-specific
- Susceptibility to failures resulting from a common cause, manufacturer’s information or EN ISO 13849-1
EN ISO 13849-1
The performance level (PL) of the safety-related part of a control system (SRP/CS) is determined by assessing the following parameters:
- Category: specified as a defined structure in the standard.
- Mean time to dangerous failure (MTTFd): specified by the component manufacturer.
- Diagnostic coverage (DC): Can be found in the standard.
- Failure as a result of a common cause (CCF): To be determined as a point system according to various criteria.
- Achieved performance level (PL): Determined using a table and must be equal to or greater than the required PLr.
Step 4: Verification
EN 62061
As a result of hardware failures, it is possible that other dangerous failures of the SRCF (safety-related control function) may occur. Here the probability must be less than or equal to the failure threshold defined in the specification (step 2).
The SIL (safety integrity level) that is achieved by the SRECS (safety-related electrical control system) is less than or equal to the lowest SILCL (SIL claim limit) of any subsystem involved in the performance of the safety function.
EN ISO 13849-1
For the various safety functions, the PL (performance level) of the corresponding SRP/CS (safety-related parts of control systems) must match the “required PL”.
Where various SRP/CS form part of a safety function, their PLs must be greater than or equal to the required performance level for this function.
Step 5: Validation
EN 62061 and EN ISO 13849-1
Finally, the entire safety-related control function of an application must be assessed to validate its capability in the application. Here, suitability can be determined by analysis or testing, for example by simulating defined error types.
Source: In accordance with ZVEI – Safety of Machinery: Notes on the application of standards EN 62061 and EN ISO 13849-1 (Edition 2).