JavaScript is not active in your browser. Activate JavaScript in order to enable the use of all functions of the website.

How to enable JavaScript in your browser

Standards and directives

Guidelines for functional safety

Overview of the main national and international requirements concerning the safety of machinery and functional safety.

Back to Functional safety

Do your products fall within the scope of Machinery Directive 2006/42/EC? Are they intended for the European single market? If so, you must observe the requirements of the Machinery Directive. It is only when these requirements are met in full that machines are allowed to bear the CE mark. This mark is required in order for a machine to be placed on the market and operated without restrictions in the European Economic Area.

The aim of the Machinery Directive is to reduce the number of accidents that occur when using machinery. This directive therefore requires that the aspect of safety is included in the design and construction of machinery. In addition, you must also make sure that the technical documentation required by the Machinery Directive has been created. The technical documentation for a machine must make it possible to assess whether the machine complies with the requirements of the Machinery Directive.

The manufacturer of a machine or their authorized representative is responsible for creating the technical documents as well as adhering to all requirements.

Key contents of the Machinery Directive

Description of the scope of the Machinery Directive
Differentiation from other European directives
Definition of complete and partly completed machinery
Requirements for complete and partly completed machinery
Requirements and measures for placing machinery on the market and putting it into service
Significance of harmonized standards
Procedures for assessing the conformity of machinery
Procedure for partly completed machinery
CE marking
Essential health and safety requirements for the design and construction of machinery
Procedure for the risk assessment of machinery
Required technical documentation

EN standards for the safety of machinery

Safety standards for machinery

The Machinery Directive contains essential health and safety requirements. The harmonized standards for the Machinery Directive are listed in the corresponding Official Journal of the European Union.

A machine meets the essential health and safety requirements if it has been manufactured in accordance with these harmonized standards.

The EN standards are divided into various types:

Type A – basic safety standard
Type B – group safety standard
Type C – product safety standard

Division of the EN standards

Basic safety standards concerning basic concepts, general principles for design, and general aspects (for example, design and methodology) that apply to all machines, devices, and systems.

Example standards:
EN ISO 12100 (safety of machinery)

Group safety standards concerning one safety aspect or one type of safety-related equipment that can be used across a wide range of machines, devices, and systems

Type B1 – special safety aspects, such as safety distances and limit values for surface temperatures
- Example standards:
  EN ISO 13857 (safety distances in danger zones)
  EN ISO 13855 (safety distance calculation)
  EN ISO 13849 (safety of machinery – safety-related parts of control systems)
Type B2 – safety-related equipment, such as emergency switch-off devices or two-hand control devices
- Example standards:
  EN ISO 13850 (safety of machinery – emergency stop)
  EN 574 (two-hand control devices)

Standards concerning the safety of machinery with detailed safety requirements for all significant hazards for a particular machine or group of machines. Type C standards are also often referred to as product standards.

Example standards:
EN 12622 (safety of machine tools – hydraulic press brakes)
EN 415 (packaging machines)

Standards and directives for functional safety

The main standards for functional safety

Functional safety concerns the correct application of safety-related (control) systems and other risk reduction measures that are crucial to the safety of a system. In this case, when a critical error occurs, the controller initiates the safe state.

Standards EN 62061 and EN ISO 13849-1 were derived from EN 61508 for the machine building sector. Both of these standards specifically address the requirements for safety-related components of control systems on machinery.

The following standards for functional safety are the main standards:

EN 61508 is the standard for the functional safety of electrical, electronic, and programmable electronic safety-related systems.
EN ISO 13849-1 describes the design of safety-related parts of control systems. An important parameter for the reliability of safety-related functions is the performance level (PL).
EN 62061 describes the functional safety aspects of safety-related electrical, electronic, and programmable control systems. An important parameter for the reliability of safety-related functions is the safety integrity level (SIL).
The IEC 61511 series of standards governs the application of the functional safety of systems in the process industry.
ISO 26262 (“Road vehicles – Functional safety”) is a standard for safety-related electrical and electronic systems in vehicles.

Harmonized standards for functional safety

The term “harmonized standards” refers to European standards for products. They are part of the European Commission's “New Approach” where essential requirements for products are defined by standards organizations CEN and CENELEC. The harmonized standards are published in the Official Journal of the EU. Only goods and services that satisfy the essential requirements may be placed on the market. They can be identified by certificates or CE markings.

For example, if a machine has been manufactured in accordance with the specified harmonized standards, it can be assumed that the machine satisfies the essential health and safety requirements of the Machinery Directive. EN 62061 and EN ISO 13849-1 were derived from EN 61508 specifically for the machine building sector. Both of these standards address the specific requirements for safety-related parts of control systems on machinery.

Both standards are harmonized for the Machinery Directive and represent state-of-the-art technology. Unlike the previous standard, EN 954, these standards can also be applied for complex and programmable systems. In addition, they include all aspects of functional safety derived from EN 61508. It is therefore no longer the case that only deterministic aspects play a role. Furthermore, the statistical probability of failure of systems as well as organizational measures, measures for fault avoidance, and measures for error detection are also important.

The degree of safety is measured in both standards by the level of safety integrity. EN 62061 uses SIL 1 to SIL 3 and EN 13849 uses PL a to PL e as discrete levels for safety integrity.

Scope of EN 62061 and EN ISO 13849-1

Why are there two different standards for supposedly the same area of application? You'll find the answers to this question in the table below.

EN 62061	EN ISO 13849-1
EN 62061 describes the functional safety aspects of safety-related electrical, electronic, and programmable control systems.	EN ISO 13849-1 describes the design of safety-related parts of control systems. An important parameter for the reliability of safety-related functions is the performance level (PL).
Simple electromechanical systems such as relays or electronics.	Simple electromechanical systems such as relays or electronics.
Complex electronic systems as well as programmable systems with all architectures.	Complex electronic systems as well as programmable systems with planned architectures.
The requirements are specifically designed for electrical control systems. Nevertheless, the defined framework and methodology can be applied to other forms of technology.	Can be applied directly for technology outside of electrical engineering, such as hydraulics and pneumatics.

Step 1: Determination of the required performance level

Determining the safety integrity level limit of harm (P)

EN 62061

An important parameter for the reliability of safety-related functions is the safety integrity level (SIL). Various criteria are assessed in order to determine the required SIL:

Severity of injury (S)
Frequency and duration of exposure to the hazard (F)
Probability of the occurrence of a hazardous event (W)
Possibility of avoiding or determining the safety integrity level limit of harm (P)

Determination of the performance level

EN ISO 13849-1

In order to determine the required PL, various criteria must be assessed: the extent of harm, frequency and duration as well as possibilities for avoiding the hazard.

Risk parameters

S: Severity of injury
- S1 – slight injury (normally reversible)
- S2 – serious injury, including death (normally irreversible)
F: Frequency and/or length of exposure to a hazard
- F1 – seldom to quite often and/or the exposure time is short
- F2 – frequent to continuous and/or the exposure time is long
P: Possibility of avoiding the hazard
- P1 – possible under specific conditions
- P2 – scarcely possible

Note: Where the probability of occurrence can be classified as low, PLr may be reduced by one level.

Step 2: Specification

EN 62061 and EN ISO 13849-1

When it comes to the specification of the functional requirement, the relevant safety functions must be described in detail. To ensure this is done, the crucial interfaces to other control functions and error responses must be defined. Finally, you must define the safety integrity level (SIL) or performance level (PL).

Step 3: Design and determination of the control system architecture and the achieved performance, relationship between the PL and SIL concepts

EN 62061

The safety-related parameter for subsystems is based on the following values:

Hardware fault tolerance (HFT), application-specific
Safe failure fraction (SFF), manufacturer's information
Diagnostic coverage (DC), manufacturer's information or EN ISO 13849-1
Probability of a dangerous failure per hour (PFHd), based on the other values
Proof test interval or duration of use, manufacturer's information/manufacturer-specific
Diagnostic test interval, application-specific
Susceptibility to failures resulting from a common cause, manufacturer's information or EN ISO 13849-1

Relationship between the PL and SIL concepts

EN ISO 13849-1

The performance level (PL) of the safety-related part of a control system (SRP/CS) is determined by assessing the following parameters:

Category: specified as a defined structure in the standard.
Mean time to dangerous failure (MTTFd): specified by the component manufacturer.
Diagnostic coverage (DC): can be found in the standard.
Failure as a result of a common cause (CCF): to be determined as a point system according to various criteria.
Achieved performance level (PL): determined using a table and must be equal to or greater than the required PLr.

Step 4: Verification

EN 62061	EN ISO 13849-1
As a result of hardware failures, it is possible that other dangerous failures of the SRCF (safety-related control function) may occur. Here the probability must be less than or equal to the failure threshold defined in the specification (step 2). The SIL (safety integrity level) that is achieved by the SRECS (safety-related electrical control system) is less than or equal to the lowest SILCL (safety integrity level claim limit) of any subsystem involved in the performance of the safety function.	For the various safety functions, the PL (performance level) of the corresponding SRP/CS (safety-related parts of control systems) must match the “required PL”. Where various SRP/CS form part of a safety function, their PLs must be greater than or equal to the required performance level for this function.

EN 62061

EN ISO 13849-1

As a result of hardware failures, it is possible that other dangerous failures of the SRCF (safety-related control function) may occur. Here the probability must be less than or equal to the failure threshold defined in the specification (step 2).

The SIL (safety integrity level) that is achieved by the SRECS (safety-related electrical control system) is less than or equal to the lowest SILCL (safety integrity level claim limit) of any subsystem involved in the performance of the safety function.

For the various safety functions, the PL (performance level) of the corresponding SRP/CS (safety-related parts of control systems) must match the “required PL”.

Where various SRP/CS form part of a safety function, their PLs must be greater than or equal to the required performance level for this function.

Step 5: Validation

EN 62061 and EN ISO 13849-1

Finally, the entire safety-related control function of an application must be assessed to validate its capability in the application. Here suitability can be determined by analysis or testing, for example, by simulating defined error types.

Source:
In accordance with ZVEI – Safety of Machinery: Notes on the application of standards EN 62061 and EN ISO 13849-1 (Edition 2).

International legal basis for the safety of machinery

Legislation in various regions of the world

Brief characteristics:

Essential safety requirements are defined in Annex I of the Machinery Directive.
The design takes place via harmonized standards.
The presumption of conformity is linked to the application of these harmonized standards.
The application of standards is optional, i.e., deviating solutions are possible.
Approvals or permits from the authorities for placing the product on the market are basically not necessary.
The manufacturer produces a declaration of conformity, a third-party certificate is not required.
The product is designated with the CE mark, not with the test mark.
There is only an obligation to involve a third party (“notified body”) for certain risk products.
The role of the state is limited to market surveillance.

Brief characteristics:

Essential obligatory occupational safety laws are described in the OSHA (Occupational Safety & Health Administration) standards which are directed at the operator.
Requirements for the manufacturers of machinery and safety components result indirectly from the OSHA standards.
ANSI standards are very often called on for product liability cases in the context of civil law suits.
Although the application of ANSI standards is not legally mandatory, they have a “quasi obligatory” character due to civil law contracts.
In many cases, ANSI and UL standards deviate to a greater or lesser extent from international or European standards.
There is no governmental market surveillance in the USA. A test mark from an NRTL is necessary for the commissioning of a plant.

Brief characteristics:

There is (still) no pronounced market surveillance, but there are checks by the customs authorities.
Many international standards have been adopted into the Chinese regulations concerning the safety of machinery, but are not always up to date.
Machines do not have to be CCC-certified, but this is necessary for central machine components.
In addition to the national standards and industry standards, there are also numerous regional standards and company-internal standards.

Brief characteristics:

There exist legal regulations for the import of goods [Lei N° 8078 Art. 8] and indirectly for machinery and components [NR12 § 12.134].
At the moment there is no general obligatory certification. Obligatory certification for certain safety products is expected in the future.
Certifications by European and American institutes and authorities are only accepted in the context of mutual acknowledgments.
As a control, works inspections (also without prior notification) are possible.
Valid international standards can only be applied when no national standards are available. In some instances, these national standards have more stringent requirements than the international standards.
If there is an immediate and high risk for workers, an immediate operational (and sales) ban can be declared.

Source:
Taken from ZVEI brochure: Principles of Market Access in Various Regions of the World.

Table comparing the various regions

Technical market access conditions for essential electrical products

	Europe	USA	China	Brazil
Mandatory certification with mark	(-)	(+)	+	(+)
(Quasi-) monopoly of the certification authority	-	(+)	+	-
Mandatory works inspections (with follow-up inspections)	(-)	(+)	+	(+)
Property rights possible in standards	(-)	+	-	(-)
Specific national standards instead of international standards	(-)	+	(+)	(+)
Non-recognition of test results	-	(+)	(+)	(-)
Public “Black List”	(-)	(+)	(+)	(-)

Key: + Applies / (+) Applies to a greater extent / (-) Applies to a lesser extent / - Does not apply

Source: ZVEI

International institutions

Functional safety – standards and directives

Several international institutions are responsible for safety directives and standards:

New Approach
Joint efforts of the three European Standards Organizations (CEN, CENELEC, and ETSI) together with both the European Commission and EFTA.

The European Committee for Standardization
Information on European standards, applications, and developments.

European Committee for Electrotechnical Standardization
Standards for the field of electrotechnical engineering.

International Organization for Standardization
International standards for business, government, and society.

International Electrotechnical Commission
International standards and conformity assessment for all electrical, electronic, and related technologies.

EUR-Lex
Portal for access to EU law.