CE
Compliance Engineering
search
Join Our Discussions
Find Suppliers Useful Links
calendar
Click here for information on advertisers and products!
About CE-Mag
Free Subscriptions
Current Issue
Article Archives
ESD Help
Mr. Static
Web Gallery
Staff Info
Contact us

Find EMC products and services
  

 

 

feature article

IEC 61496: A Safety Standard for Electrosensitive Protective Equipment

Jan Jacobson

Light grids, light curtains, and light beams have been used for many years in machinery-related safety applications. Requirements governing their use have been specified in a number of different national regulations and standards, notably the new international standard IEC 61496, the first two parts of which were published in 1997.

Electrosensitive protective equipment (ESPE) can be used for a variety of purposes, from keeping fingers, hands, or arms away from a particularly hazardous part of a machine to scanning the path of an automated vehicle to encircling and safeguarding a buffer area around an industrial robot. In each of these applications, the ESPE will produce an output signal when a person or an object comes within the detection zone; the dangerous movement of the machine can then be stopped or reversed. Such equipment has long been subject to national regulations and standards, but over the past several years it has become clear that an international framework of safety requirements and a recognized terminology are also badly needed.

Taking up the challenge, standards makers within the European Committee for Electrotechnical Standardization(CENELEC) began work on an ESPE standard, provisionally designated prEN 50100. The effort became a global one with the involvement of the International Electrotechnical Commission (IEC), whose new numbering system changed the standard's designation to IEC 61496 (or EN 61496). The requirements remain essentially the same from one standard to the other, though the differing numbers have caused a measure of confusion.

Although the original designation has now been superseded, some products on the market still carry claims of having been "developed according to the draft prEN 50100." All new products should, however, refer to IEC (or EN) 61496.

The fourth annex of the European Machinery Directive contains a list of machines and safety components covered by the directive. Electrosensitive devices designed expressly to detect the presence of persons in order to ensure their safety are included in that list. As a harmonized European standard, EN 61496 will be of real use in explaining the requirements of the machinery directive as they apply to ESPE. Under its terms, developing companies will be able to elect either to undergo a type examination at a notified body or follow the requirements of the harmonized standard.

The Standard's Two Parts

The first part of the standard, IEC 61496-1, sets out the general requirements and necessary tests for ESPE, including testing for functionality (e.g., response time and number of outputs), design (e.g., electrical supply and software), and environmental stress (e.g., stress and mechanical vibration).

The standard's second part, IEC 61496-2, deals with active optoelectronic protective devices (AOPDs), the most common types of electrosensitive protective equipment. The optical requirements for such devices are specified in this part of the standard.

Type 1, 2, 3, or 4?

Four different types of ESPE are defined by IEC 61496. Fault-detection capability is the most important parameter to be considered in determining whether an apparatus should be categorized as Type 1, 2, 3, or 4. The four types are related to the categories of EN 954-1, but because parameters other than fault detection are also taken into account, they do not have precisely the same meaning here.

Originally, only what are now Types 2 and 4 were to be defined. Later work, however, pointed to a need to define four different types. The fault-detection capability of Types 1 and 3 is still under consideration in the first issue of the standard.

It does not fall within the scope of the standard to prescribe appropriate applications for the various types of equipment; rather, the standard restricts itself to the actual functioning of the ESPE and how it interfaces with the machine. When it comes to projected use, it is thus up to the manufacturer to conduct a risk analysis and decide which type is required. Merely stating that a piece of equipment complies with IEC 61496 will not be sufficient; the particular type must also be specified to prevent equipment with limited fault-detection capability from being installed in high-risk applications.

As indicated in Table I, the minimum number of outputs (output signal switching devices) required suggests that single-fault tolerance is the anticipated norm for Types 3 and 4, but not for Types 1 and 2.

Type
Fault Detection
Minimum Number of Output Signal Switching Devices
4
 A single fault resulting in a loss of detection capability shall cause the ESPE to go to lockout condition
2
3
 Under consideration
2
2
 Periodic test to reveala danger of failure
1
1
 Under consideration
1
Table I. Summary of requirements for fault detection and outputs.

Fault Modes for FMEA

The fault-detection capability of a device must be validated, and a list of faults must be assigned to electronic components such as resistors, transistors, and integrated circuits. A very useful catalog of single faults to be employed in the failure mode effects analysis (FMEA) may be found in IEC 61496-1, Annex B. (No such list exists in any other standard relating to the safety of machinery.)

Tests to evaluate the effects of single faults are to be carried out on all relevant components of the ESPE. For Type 4, fault-accumulation testing must be performed where a single fault is not detected. Testing of more than three accumulated faults is unnecessary, provided that the probability of a greater number of faults is low.

For many machine control systems, the system behavior at fault will need to be analyzed. The annex of fault modes may also be used in validating other safety-related parts of machinery. An FMEA to validate a category according to EN 954-1 may use the IEC 61496-1 fault modes for electronic equipment.

Complex Electronics and Software

A quality system compliant with the requirements of ISO 9001 is mandated for those designing with software or complex integrated circuits. The IEC standard does not require the manufacturer to actually hold a certificate, but a quality system must be in place. It is interesting that this requirement covers not only the functionality and features of the product but also its development. In fact, most of the standard's requirements concerning software and complex electronics address the documentation and development process; measures for fault avoidance during development are strongly emphasized.

Over time, the market has come to accept the use of electronics such as microcontrollers, software, and application-specific integrated circuits (ASICs) in ESPE. Few now question whether it is possible to create a design of adequate safety using complex electronics. IEC 61496 stipulates that two independent channels must be employed when programmable or complex integrated circuits are used in Type 4 ESPE, reflecting the fact that it is extremely difficult to prove whether or not a single-channel design can ever be fault-tolerant.

Environmental Stress

IEC 61496 specifies which kinds of environmental disturbances must be tested. Certain requirements are common to all types of ESPE, but in some cases a higher severity level will be needed for Type 4 products (see Table II). Several aspects of EMC are covered, but emissions requirements are not included.

Environmental Stress
Refer to Standard
Severity

Additional Severity
for Type 4

Ambient temperature
0 to 50°C
Supply voltage variations
Supply voltage interruptions
10, 20, 500-ms dip time
Fast transients/burst
IEC 61000-4-4
1/2 kV
2/4 kV
Fast transients/surge
IEC 61000-4-5
1/2 kV
2/4 kV
Electromagnetic field
IEC 61000-4-3
10 V/m
30 V/m
Conducted disturbances
IEC 61000-4-6
3/10 V
10/30 V
Electrostatic discharge
IEC 61000-4-2
6/8 kV
8/15 kV
Mechanical vibration
IEC 61000-2–6
10 to 55 Hz, 0.35 mm
Mechanical shock
IEC 61000-2-29
10 g, 16-ms duration, 1000 pulses
Enclosure
IEC 60529
IP54
Table II. Summary of environmental requirements for ESPE.

Optional Functions

ESPE may perform other functions in addition to the detection of objects and persons. Annex A of IEC 61496-1 defines the following options:
  • External device monitoring.
  • Stopping performance monitor.
  • Secondary switching device.
  • Start interlock.
  • Restart interlock.
  • Muting.
  • Reinitiation of machine operation (single break,
    double break).
The definitions and corresponding functional requirements provided in this annex can be a useful tool for manufacturers in need of a well-established terminology.

Optical Requirements

The accuracy of the sensing function of ESPE will to a large extent depend on the optical design of the particular device, which will be required to detect objects of a certain size throughout the detection zone. This parameter is tested by placing a test piece in the detection zone, often a rod of a specific diameter.

Objects with reflective surfaces positioned close to the detection zone may cause the light beam to be transmitted even if a target is present (see Figure 1). This possibility is covered by the requirement for a maximum effective aperture angle (EAA) in the ESPE. Note, here, that misalignment may also be the source of undesirable hazards.

Figure 1. Risks with reflective surfaces.

The AOPD will also need to be tested for resistance to interfering light: neither fluorescent light, strong daylight, welding flashes, nor even other emitting AOPDs must be able to cause a danger of failure. If interfering light can be interpreted by the receiving part of the AOPD as having been sent by its corresponding emitting part, there is a risk that the equipment may go to "on" state, even if a target object is present in the detection zone.

Future Development

Even though it is already an international standard, Part 2 (EN 61496-2) has not yet been approved as a European standard, and certain points will have to be clarified before that can happen. Even as this work is under way, however, the working group within CENELEC/IEC is proceeding with the next parts of the standard. Future documents will cover AOPDs that respond to diffuse reflection, passive infrared sensors, capacitive sensors, and ultrasonic sensors. A draft of Part 3 (IEC 61496-3) was circulated for comments in 1998 and will be further developed.
Bibliography
European Council Directive of 14 June 1989 on the Approximation of the Laws of the Member States Relating to Machinery, (89/392/EEC).
Part 1: General Standards and Tests. (IEC 61496-1, 1997) Safety of Machinery—Electrosensitive Protective Equipment.
Part 2: Particular Requirements for Equipment Using Active
Optoelectronic Protective Devices (AOPDs). (IEC 61496-2, 1997) Safety of Machinery—Electrosensitive Protective Equipment.
Part 1: Safety of Machinery: Safety-Related Parts of Control Systems—General Principles for Design, (EN 954-1).
Jan Jacobson is head of the Software & Safety section of SP Swedish National Testing and Research Institute (Borås, Sweden). He has an MSc in electrical engineering from Chalmers University of Technology in Sweden. His research activities are focused on safety of machinery and programmable electronic systems. He can be contacted by e-mail at jan.jacobson@sp.se. More information about the SP Institute can be found on the Internet at http://www.sp.se/.

Back to March/April Table of Contents