Accident prevention thanks to safe systems - highest machine safety with AVENTICS

“Safety starts in the design and selection of components”

Each accident at work on a machine is one too many.

Protecting people, machines, animals, and property is the primary objective of safety-related pneumatics systems and components. For all production machinery, standards and regulations define measures to prevent accidents through safe machine design. This guide covers key topics in the implementation of relevant directives and standards for safety-related pneumatics using examples, circuit diagrams, and products. Use our know-how from practice! Our experts can offer advice on all matters relating to the implementation of safe machines.

Get a free consultation from the experts!

Your advantages with AVENTICS

  • Proven expertise thanks to many years of experience in equipping machines and systems in line with standards
  • Products including complete documentation with reliability ratings (B10/MTTF values)
  • Free access to IFA-rated switching examples on our website
  • Safety-related pneumatic components in certified quality  

1. Directives and standards

The European Machinery Directive 2006/42/EC on machine engineering aims to ensure a common safety level for new machines distributed and operated in the member states. It governs safety and occupational health requirements for design and engineering. The CE mark indicates that the manufacturer has achieved an adequate level of protection.

Harmonized standards from the European standards organizations provide additional assistance to machine operators and manufacturers, since they enhance compliance with the Machinery Directive through what is called “presumption of conformity”. This principle, however, only applies to the legal requirements that the harmonized standards actually cover. Almost all laws mandate a risk assessment to analyze and assess risks and finally implement risk reduction measures

Machine-specific standards

  • A-type standards (basic safety standards) define basic concepts, terminology and design principles that can be applied to machines
  • B-type standards (generic safety standards) deal with a single safety aspect or protective device for a series of machines
  • B1-type standards cover specific safety aspects (e.g. safety clearances, surface temperature, noise)
  • B2-type standards cover protective devices (e.g. two-hand circuits, guards)
  • C-type standards (machine safety standards) contain detailed safety requirements for a certain machine  

2. Hazards and risks: Estimate – assess – eliminate

The risk assessment process provides the basis for machine safety (see figure on pages  6, 7). The machine manufacturer starts with a risk analysis, minimizes identified risks, and finally determines whether an adequate level of safety is present. If the answer is negative, risk reduction measures must be implemented and quantified in terms of effectiveness.

Let’s take a look at some basic terms defined in ISO 12100, which provides a general description of the risk assessment process:

Hazards: Potential sources of harm

Hazardous situation: Situation in which a person is exposed to at least one hazard. The resulting harm can be immediate or occur over time.

Risk: Results from a hazard and is assessed by combining the likelihood of the occurrence of harm and the severity of consequence.

Risk assessment

  • Must be performed by machine manufacturer; results remain with the manufacturer
  • Must account for both proper use and any foreseeable misuse of the machine
  • Provides an important body of proof for the manufacturer for liability claims in accident cases

The risk analysis as the basis of the evaluation and the determination of the measures

The actual risk analysis starts with defining the limits of a machine when considering all phases of its lifecycle. Once all hazards have been identified, the risk of each hazard must be estimated. In addition to spatial limits and the overall duration of use, operating limits are a prime focus. Proper use is analyzed, including all operating modes and different intervention options, as well as reasonably foreseeable misuse.

For risk analysis, it is necessary to consider the entire machine lifecycle, from transport to installation, commissioning and cleaning, disassembly and, finally, disposal.

Performance level as a measurement for risk assessment

Risk reduction measures are derived based on the severity of possible injury, the frequency of the hazard, and the probability of its occurrence. Performance level is a technical target: it conveys the effort required to reduce risk at a machine. The target must be met as a minimum requirement. Every safety function has a required safety level. This is described by the required performance level, PLr for short, which is defined based on the following criteria from ISO 13849-1:

  • S Severity of injury
  • S1 Minor (normally temporary injury)
  • S2 Serious (normally permanent injury, including death)
  • F Frequency and/or duration of exposure
  • F1 Rare to infrequent and/or brief
  • F2 Frequent to continuous and/or long
  • P Possibility of avoiding hazard
  • P1 Possible under certain conditions
  • P2 Scarcely possible  

Risk assessment

During a risk analysis, should you conclude that risk reduction is required, you will need to adopt corresponding preventive measures to achieve an adequate safety level. The best solution is an inherently safe design. Instructional measures such as user information harbor the risk of non-compliance and are thus only permissible as supplement once all technical options to improve safety have been exhausted. Technical measures present an additional route.

Preventive technical measures

If a machine’s safety depends on a properly functioning control, this can be termed “functional safety”. The “active” parts of the control are the main focus, i.e. components that detect a dangerous situation (signal recording, “I” =  input), derive suitable reactions (evaluation, “L” = logic), and implement reliable measures (execution, “O” = output). The term “control” thus refers to the entire signal processing system.

“Safety-related parts of control systems” are not necessarily “safety components” as defined by the Machinery Directive. SRP/CS (Safety Related Parts of a Control System) can, however, be such safety components, e.g. two-hand controls or logic units with safety function. Actuators (cylinders), energy supply (e.g. pressure supply or maintenance units) and connections are not directly factored into dangerous failure rates.

ISO  13849 is the generic standard for safety components in controls.

3. Practical examples

To support machine and systems manufacturers, we offer individualized consulting based on our long-term experience. Here you will find circuit examples and parts from our product portfolio.

Scope of ISO 13849 for pneumatic controls

For fluid power systems, the valve area is an especially critical control component in terms of safety. More specifically: valves that control potentially hazardous movements or system states. Required safety functions can usually be achieved by other linked controls with the appropriate valve versions or even by additional mechanical solutions such as holding devices or brakes. Drive elements as well as energy conversion and transfer components in fluid power systems are usually beyond the scope of the standard. In pneumatic systems, components must be protected against hazards associated with energy changes. Moreover, the maintenance unit used to process compressed air must be safely connected to the valve area. To reliably control possible energy changes, an exhaust valve is often used in conjunction with a pressure switch.

Example: Maintenance unit 0Z usually comprises:

  • Manual shutoff valve 0V10
  • Filter with water separator 0Z10 and filter monitoring
  • Pressure regulator 0V11 with adequate relieving exhaust
  • Pressure indicator 0Z11 for system parameter monitoring

The structures of most fluid power system controls are designed to comply with the categories 1, 3, or 4. Because category  B already requires compliance with the relevant standards and basic safety principles, fluid power system controls in the categories B and 1 do not differ substantially in terms of their control structures, but instead in the higher reliability of relevant safety-related valves.

Circuit example: “Safe exhaust” (Cat. 3), potential PL a-e

The basic valve position depressurizes the system. Redundant safe exhaust is guaranteed via two exhaust pathways:

  • Via non-return valves 2V2 and 2V3 and the directional valve 2V1. The minimum opening pressure of the non-return valves must be taken into account.
  • über Wegeventil 1V1.

Cylinder extension and retraction is only possible with the combined actuation of 1V1 and 2V1. The safety-related switching position is achieved by removing the electrical control signal. Failure of one of the valves does not jeopardize the safety function.

Design features

Basic and well-tried safety principles are met for all relevant components. The directional valves comply with the quiescent current principle and have sufficient positive overlap. The nonreturn valves must be engineered to assume an open state, even with failure, to safely exhaust the cylinder chambers. The switching valve function of 1V1 and 2V1 is periodically checked by querying the cylinder position switches 1S1 and 1S2 and the pressure switch 2S1.

A block diagram is created from the circuit diagram.

  • The components are arranged in series when the components work together to execute a function.
  • The components are arranged in parallel “channels” if they perform the function independently (redundant).
  • There are monitoring elements in addition to the functional block diagram.
  • Drive-related hazards are not taken into account.

4. AV valve system with AES fieldbus system

Numerous electrical and pneumatic connection options make the AV system a strong performer that easily adapts to the demands of safetyrelated pneumatic controls. The valve system plays the long game with a service life that tops 150 million cycles without maintenance or failure in safety-related controls.

The consistent modular design offers additional functions at your fingertips and is impressively systematic. This comfortable approach simplifies your project planning for machine safety. As a result, the family concept pays off directly: you can meet even the most demanding of requirements with ease, giving you a crucial competitive edge.

Though the product is not a complete safety device in itself, it can be used as part of an overall solution.

1. AES bus coupler

Galvanic isolation between the logic voltage (UL) and actuator voltage (UA) in the bus coupler; this achieves a safe separation of other functions in the application. Consistent use of standardized and commercially available M12 connectors throughout the system.

2. AV series valves

AV series valves have an extremely long service life of over 150  million cycles. Good leakage values plus easy maintenance minimizes the risk of failure. Pilot air can be controlled internally or externally: should a problem occur, the valves switch to a defined safe state. The valves comply with basic and proven principles in safety-related controls

3. Electrical supply plate

The electrical supply plate supplies actuator voltage to the valves. This enables independent voltage zones with any number of valves. Safety functions thus remain separate from other functions. In addition, the supply plate makes it possible to use separate cables for logic and actuators, thus reducing the potential for error.

4. Pressure supply plate

The pressure supply plate enables mutually independent pressure zones for customized pressure supply to different safety circuits and ensures adequate, rapid system exhaust. Optional: Module for monitoring the switch-off voltage threshold of the valves

5. Electrical valve control module

The electrical valve control module for direct actuation of 2 valves in AV03 and AV05 valve systems. The valve control module can be integrated at the right end of D-Sub or fieldbus valve systems. The two following valve positions are controlled via the M12 connection. No electrical connection to the previous base plates exists. It is possible to use multiple valve control plates.

6. Pressure regulator

Safe control of compressed air in the working lines for safe working pressures and controlled cylinder movement. Many safety functions can thus be supplemented by reducing pressure and force.

7. Exhaust module

In case of emergency stop, cylinder chambers may remain under pressure. To perform maintenance, release trapped personnel, or correct workpiece positioning, the cylinder chambers must be exhausted to change the cylinder piston position. The solution: targeted system exhaust to disable the cylinder without application of energy. Integrating the module in valve systems reduces sensitivity to actuator movements, while considerably minimizing installation space for the cylinder compared to conventional components.

8. Shut-off module

The shut-off module serves to separate actuators from the pneumatic supply, e.g. for maintenance purposes.

9. Pressure sensor module

The pressure sensor module processes four pneumatic inputs (pressure) from a pneumatic control and converts the pneumatic pressure into digital information of the serial transmission system for processing in the machine control. The module provides diagnostic capabilities via LED and supply voltage monitoring. All necessary functions are integrated; the module is also protected against manipulation. It safely monitors system pressures and provides reliable, fast information about the pressure conditions in all relevant modes of operation.

Media Center
Media Centre

Use the AVENTICS Media Centre to search for promotional media, technical documents and images.

Media Centre

AVENTICS Circuit Examples ISO 13849

Easily download SISTEMA data set libraries (including certificates)

AVENTICS is synonymous with fast, straightforward support in all aspects of machine safety. This also applies to calculating the performance level (PL) as part of the risk assessment to be conducted for every machine. Design engineers and machine manufacturers have constant access to safety parameter libraries for AVENTICS components in the SISTEMA database format, including certificates. Complete the form quickly and easily and request download. We will notify you via email if parameters are changed at a later date.

 Yes, I have read the Privacy Policy and agree to them. I hereby agree to receive E-Mails from AVENTICS GmbH. *
Engineering Tools