ISO/DIS 12100.2:2025(en)
ISO/TC 199/WG 5
Secretariat: DIN
Date: 2025-10-14
Safety of machinery — General principles for design — Risk assessment and risk reduction
© ISO 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
Contents
4 Strategy for risk assessment and risk reduction 11
Figure 1 — Iterative process of risk assessment and risk reduction 11
Figure 3 — Impact of risk reduction measures 12
5.2 Information for risk assessment 13
5.3 Determination of the limits of machinery 14
5.4.2 Human interaction with machinery during the life cycle of the machine 16
5.4.3 Possible states of the machine 17
5.4.4 Unintended behaviour of the operator or reasonably foreseeable misuse of the machine 18
Figure 4 — Elements of risk 19
5.5.3 Aspects to be considered during risk estimation 21
5.6.2 Adequate risk reduction 23
6.2.2 Consideration of geometrical factors and physical aspects 25
6.2.3 Taking into account general technical knowledge of machine design 26
6.2.4 Choice of appropriate technology 27
6.2.5 Applying principle of positive mechanical action 28
6.2.6 Provisions for stability 28
6.2.7 Provisions for maintainability 28
6.2.8 Observing ergonomics principles 28
6.2.10 Pneumatic and hydraulic hazards 30
6.2.11 Limiting exposure to hazards through reliability of equipment 30
6.3 Safeguarding and complementary risk reduction measures 31
6.3.2 Selection and implementation of guards and protective devices 32
Figure 5 — Guidelines for choosing safeguards against hazards 33
6.3.3 Requirements for design of guards and protective devices 35
6.3.4 Safeguarding to reduce emissions 38
6.3.5 Design of control systems 39
6.3.6 Complementary risk reduction measures 48
6.3.7 Risk reduction measures for stability 50
6.3.8 Other protective devices 50
6.4.2 Location and nature of information for use 51
6.4.3 Signals and warning devices 52
6.4.4 Markings, signs (pictograms) and written warnings 52
6.4.5 Accompanying documents (in particular — instruction handbook) 53
7 Documentation of risk assessment and risk reduction 56
Annex A (informative) Schematic representation of a machine 58
Figure A.1 — Schematic representation of a machine 58
Annex B (informative) Examples of hazards, hazardous situations and hazardous events 59
B.3 Examples of hazardous situations 65
B.4 Examples of hazardous events 68
C.2 Basic principles of type-C standards as major element for risk reduction 71
C.3 Deviations in a type-C standard from a type-B standard 71
C.4.2 Application of an appropriate type-C standard 72
Annex D (informative) How this document relates to ISO 13849-1 74
Figure D.1 — General structure of the system of machinery safety standards 74
D.2 The risk assessment and risk reduction process 74
D.3 Interrelation between this document and ISO 13849-1 75
Figure D.3 — Interrelation between this document and ISO 13849-1 75
D.3.2 Input information to ISO 13849-1 75
D.3.3 Output information resulting from ISO 13849-1 76
Annex ZC (informative) Relation of this document to the Machinery Directive 2006/42/EC 96
Annex ZD (informative) Relation of this document to the Regulation (EU) 2023/1230 97
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a) patent(s) which may be required to implement this document. However, implementers are cautioned that this may not represent the latest information, which may be obtained from the patent database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 199, Safety of machinery, in collaboration with the European Committee for Standardization (CEN) Technical Committee CEN/TC 114, Safety of machinery, in accordance with the Agreement on technical cooperation between ISO and CEN (Vienna Agreement).
This second edition of ISO 12100 cancels and replaces ISO 12100:2010, ISO/TR 22100-1:2021 and ISO/TR 22100-2:2013.
The main changes are as follows:
— the Scope has been modified;
— additional normative references were added to Clause 2;
— terms and definitions have been modified in Clause 3;
— new Figure 1 added, and Figure 4 from previous edition replaced by a new Figure 5;
— requirements for control systems moved to 6.3.5;
— reference to self-evolving behaviour of applied artificial intelligence added to 5.4, b) 2);
— new subclause “Hygiene aspects” added as 6.2.14;
— subclause “Safeguarding to reduce emissions” shortened on general aspects only;
— subclause on “Software aspects” completely rewritten;
— updates made to requirements for guards and protective devices (6.3.2)
— new subclauses “Remote control” and “Remote software updates” added as 6.3.5.11 and 6.3.5.12, respectively;
— new subclause “Cybersecurity and protection against corruption” added as 6.3.5.15;
— ISO/TR 22100-1 and ISO/TR 22100-2 incorporated as new Annexes C and D.
In addition to text written in the official ISO languages (English, French, Russian), this document gives text in German. This text is published under the responsibility of the member body for Germany (DIN) and is given for information only. Only the text given in the official languages can be considered as ISO text.
Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.
The primary purpose of this document is to provide designers with an overall framework and guidance for decisions during the development of machinery to enable them to design machines that are adequately safe for their intended use. It also provides a strategy for standards developers and will assist in the preparation of consistent and appropriate type-B and type-C standards.
The concept of safety of machinery considers the ability of a machine to perform its intended function(s) during its life cycle where risk has been adequately reduced.
This document is the basis for a set of standards which has the following structure:
a) type-A standards (basic safety standards) giving basic concepts, principles for design, and general aspects that can be applied to all machinery;
b) type-B standards (generic safety standards) dealing with one safety aspect or one or more type(s) of safeguard that can be used across a wide range of machinery:
— type-B1 standards on particular safety aspects (e.g. safety distances, surface temperature, noise);
— type-B2 standards on safeguards (e.g. two-hand control devices, interlocking devices, pressure-sensitive devices, guards);
c) type-C standards (machine safety standards) dealing with detailed safety requirements for a particular machine or group of machines.
This document is a type-A standard.
This document is of relevance, in particular, for the following stakeholder groups representing the market players with regard to machinery safety:
— machine manufacturers (small, medium and large enterprises);
— health and safety bodies (regulators, accident prevention organizations, market surveillance);
Others can be affected by the level of machinery safety achieved with the means of the document by the above-mentioned stakeholder groups:
— machine users/employers (small, medium and large enterprises);
— machine users/employees (e.g. trade unions, organizations for people with special needs);
— service providers, e.g. for maintenance (small, medium and large enterprises);
— consumers (in case of machinery intended for use by consumers).
The above-mentioned stakeholder groups have been given the possibility to participate in the drafting process of this document.
When a type-C standard deviates from one or more technical provisions dealt with by this document or by a type-B standard, the type-C standard takes precedence.
It is desirable that this document be referred to in training courses and manuals to convey basic terminology and general design methods to designers.
ISO/IEC Guide 51 has been taken into account as far as practicable at the time of drafting of this document.
A trilingual lookup and index of specific terms and expressions used in this document is given in Annex E.
Safety of machinery — General principles for design — Risk assessment and risk reduction
1.0 Scope
This document defines basic terminology and specifies principles and a methodology for safety in the design of machinery. It specifies principles of risk assessment and risk reduction to help designers in achieving this objective. These principles are based on knowledge and experience of the design, use, incidents, accidents and risks associated with machinery. Procedures are described for identifying hazards and estimating and evaluating risks during relevant phases of the machine life cycle, and for the elimination of hazards or the provision of adequate risk reduction. Guidance is given on the documentation and verification of the risk assessment and risk reduction process.
This document covers principal implications on machinery safety in case of implementation of artificial intelligence/machine learning, and vulnerability against cyber threats and data corruption regarding their impact on safety. It specifies generic measures to address both aspects.
Safety of machinery includes hygiene aspects.
This document is also intended to be used as a basis for the preparation of type-B or type-C safety standards.
It does neither cover risk nor damage, or both, to domestic animals, property or the environment.
NOTE 1 While this document refers to risks of harm to persons, the risk assessment process set out in this document can be equally effective in assessing other types of risks such as damage to domestic animals, property or the environment.
NOTE 2 Annex B gives, in separate tables, examples of hazards, hazardous situations and hazardous events, in order to clarify these concepts and assist the designer in the process of hazard identification.
NOTE 3 The practical use of a number of methods for each stage of risk assessment is described in ISO/TR 14121‑2.
NOTE 4 As used in this document, the designer of a machine can include the manufacturer, integrator, supplier, or the user in case of safety-relevant modifications.
2.0 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 13849‑1:2023, Safety of machinery — Safety-related parts of control systems — Part 1: General principles for design
ISO/TR 14121‑2, Safety of machinery — Risk assessment — Part 2: Practical guidance and examples of methods
ISO 20607, Safety of machinery — Instruction handbook — General drafting principles
IEC 60204‑1:2021, Safety of machinery — Electrical equipment of machines — Part 1: General requirements
3.0 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
3.1
machinery
machine
assembly, fitted with or intended to be fitted with a drive system other than directly applied human or animal effort, consisting of linked parts or components, at least one of which moves, and which are joined together for a specific application
Note 1 to entry: The term “machinery” can include an assembly of machines, which achieves the same purpose, when they are arranged and controlled to function as an integral whole.
Note 2 to entry: Annex A provides a general schematic representation of a machine.
3.2
reliability
ability of a machine or its components or equipment to perform a required function under specified conditions and for a given period of time without failing
3.3
maintainability
characteristic of a machine that allows it to be kept a machine ss in a state which enables it to fulfil its function under conditions of intended use, or to be restored to such a state
3.4
usability
characteristic of a machine that allows it to be easily used including properties or characteristics that enable its function(s) to be easily understood
3.5
harm
physical injury or damage to health
3.6
hazard
potential source of harm
Note 1 to entry: The term “hazard” can be qualified in order to define its origin (e.g. mechanical hazard, electrical hazard) or the nature of the potential harm (e.g. electric shock hazard, cutting hazard, toxic hazard, fire hazard).
Note 2 to entry: The hazard envisaged by this definition either:
— is permanently present during the intended use of the machine (e.g. motion of hazardous moving elements, electric arc during a welding phase, unhealthy posture, noise emission, high temperature); or
— can appear unexpectedly (e.g. explosion, crushing hazard as a consequence of an unintended/unexpected start-up, ejection as a consequence of a breakage, fall as a consequence of acceleration/deceleration).
3.7
significant hazard
hazard which has been identified as associated with the machine and which requires specific action to eliminate or to reduce its risk in accordance with the risk assessment
Note 1 to entry: This term is included as basic terminology for type-B and type-C standards.
Note 2 to entry: The prior term ‘relevant hazard’ is included as being a significant hazard.
3.8
hazardous event
event that can cause harm
Note 1 to entry: A hazardous event can occur over a short period of time or over an extended period of time.
3.9
hazardous situation
circumstance in which a person is exposed to at least one hazard
Note 1 to entry: The exposure can result in harm immediately or over a period of time.
3.10
hazard zone
danger zone
any space either within or around machinery, or both, in which a person can be exposed to a hazard
3.11
risk
combination of the probability of occurrence of harm and the severity of that harm
3.12
residual risk
risk remaining after risk reduction measures have been implemented
Note 1 to entry: This document distinguishes:
— the residual risk after risk reduction measures have been implemented by the designer;
— the residual risk remaining after all risk reduction measures by the designer and the user have been implemented.
Note 2 to entry: See also Figure 3.
3.13
risk estimation
defining likely severity of harm and probability of its occurrence
3.14
risk analysis
combination of the specification of the limits of the machine, hazard identification and risk estimation
3.15
risk evaluation
procedure based on the risk analysis to determine whether further risk reduction is required
[SOURCE: ISO/IEC Guide 51:2014, 3.12, modified — The wording “tolerable risk has been exceeded” has been replaced with “further risk reduction is required”.]
3.16
risk assessment
overall process comprising a risk analysis and a risk evaluation
Note 1 to entry: See Figure 1.
3.17
risk reduction measure
DEPRECATED: protective measure
action or means to eliminate hazards or reduce risks
Note 1 to entry: See Figure 2 and Figure 3.
3.18
complementary risk reduction measure
risk reduction measure used in conjunction with inherently safe design, safeguarding or information for use to enhance risk reduction
3.19
tolerable risk
acceptable risk
adequately reduced risk
level of risk that is accepted in a given context based on the current values of society at a minimum in accordance with legal requirements
Note 1 to entry: Tolerable risk usually refers to the level at which further technologically, functionally and financially feasible risk reduction measures or additional expenditure(s) of resources will not result in significant reduction in risk.
Note 2 to entry: Criteria for determining when adequately reduced risk is achieved are given in 5.6.2.
3.20
inherently safe design
risk reduction measure which either eliminates hazards or reduces the risks associated with hazards by changing the design or operating characteristics of the machine without the use of guards or protective devices
Note 1 to entry: See 6.2.
3.21
safeguarding
risk reduction measure using safeguards to protect persons from the hazards which cannot reasonably be eliminated or risks which cannot be sufficiently reduced by inherently safe design
Note 1 to entry: See 6.3.
3.22
information for use
risk reduction measure consisting of details (e.g., text, words, signs, signals, symbols, diagrams, photos) used separately or in combination, to convey information to the user
Note 1 to entry: See 6.4.
3.23
intended use
use of a machine in accordance with the information for use
3.24
reasonably foreseeable misuse
use of a machine in a way not intended by the designer, but which can result from readily predictable human behaviour
3.25
task
specific activity performed by one or more persons on, or in the vicinity of, the machine during its life cycle
3.26
safeguard
guard or protective device
3.27
guard
physical barrier, designed as part of the machine to provide protection
Note 1 to entry: A guard may act either:
— alone, in which case it is only effective when “closed” (for a movable guard) or “securely held in place” (for a fixed guard); or
— in conjunction with an interlocking device with or without guard locking, in which case protection is ensured whatever the position of the guard.
Note 2 to entry: Depending on its construction, a guard may be described as, for example, casing, shield, cover, screen, door, enclosure.
Note 3 to entry: The terms for types of guards are defined in 3.27.1 to 3.27.6. See also 6.3.3.2 and ISO 14120 for more information about types of guards and their requirements.
3.27.1
fixed guard
guard affixed in such a manner (e.g. by screws, nuts, welding) that it can only be opened or removed by the use of tools or by destruction of the affixing means
3.27.2
movable guard
guard which can be opened without the use of tools
3.27.3
adjustable guard
fixed or movable guard which is adjustable as a whole or which incorporates adjustable part(s)
3.27.4
interlocking guard
guard associated with an interlocking device, such that, together with the control system of the machine,
— prevents the operation of the hazardous machine functions associated with the guard until the guard is closed;
— and, if the guard is opened while hazardous machine functions are operating, a command to bring the machine to a safe state is given
Note 1 to entry: An interlocking guard can contain/be equipped with one or more interlocking devices. These interlocking devices can also be of different types.
Note 2 to entry: The generation of the command to bring the machine to a safe state when the guard is open does not apply to guards locked with a trapped key interlocking system.
Note 3 to entry: ISO 14119 gives detailed provisions.
3.27.5
interlocking guard with guard locking
guard associated with an interlocking device and a guard locking device so that, together with the control system of the machine, the following functions are performed:
— the hazardous machine functions associated with the guard cannot operate until the guard is closed and locked;
— the guard remains closed and locked until the risk due to the hazardous machine functions associated with the guard has ceased; and
— when the guard is closed and locked, the hazardous machine functions associated with the guard can operate (the closure and locking of the guard do not by themselves start the hazardous machine functions)
Note 1 to entry: ISO 14119 gives detailed provisions.
3.27.6
interlocking guard with a start function
control guard
special form of interlocking guard which, once it has reached its closed position, gives a command to initiate the hazardous machine function(s) without the use of a separate start control
Note 1 to entry: See 6.3.3.2.5 for detailed provisions on the conditions of use.
3.28
protective device
safeguard other than a guard
Note 1 to entry: Examples of types of protective devices are 3.28.1 to 3.28.8.
3.28.1
interlocking device
interlock
mechanical, electrical or other type of device, the purpose of which is to prevent the operation of hazardous machine functions under specified conditions (generally as long as a guard is not closed)
Note 1 to entry: ISO 14119 gives detailed provisions.
3.28.2
enabling control device
additional manually operated device used in conjunction with a start control and which, when continuously actuated, allows a machine to function
3.28.3
hold-to-run control device
control device which initiates and maintains machine functions only as long as the manual control (actuator) is actuated
3.28.4
two-hand control device
control device which requires simultaneous actuation by both hands in order to initiate and to maintain hazardous machine functions, thus providing a risk reduction measure only for the person who actuates it
Note 1 to entry: ISO 13851 gives detailed provisions.
3.28.5
sensitive protective equipment
SPE
equipment for detecting persons or parts of persons which generates an appropriate signal to the control system to reduce risk to the persons detected
Note 1 to entry: The signal can be generated when a person or part of a person goes beyond a predetermined limit, for example, enters a hazard zone (tripping) or when a person is detected in a predetermined zone (presence sensing), or in both cases.
3.28.6
active optoelectronic protective device
AOPD
device whose sensing function is performed by optoelectronic emitting and receiving elements detecting the interruption of optical radiation, generated within the device, by an opaque object present in the specified detection zone
Note 1 to entry: The IEC 61496 series gives detailed provisions.
3.28.7
limiting device
device which prevents a machine or hazardous machine condition(s) from exceeding a designed limit (e.g. space limit, pressure limit, load moment limit, speed limit)
3.28.8
mechanical restraint device
device which introduces into a mechanism a mechanical obstacle [e.g. wedge, spindle, strut, slide locks, safety blocks, scotch (pin)] which by its design can prevent any hazardous movement(s) of such mechanism
3.28.9
limited movement control device
control device, a single actuation of which, together with the control system of the machine, permits only a limited amount of travel of a machine element
Note 1 to entry: Limited movement control devices include jog controls, step-by-step controls, inching controls, pulse controls, feed controls, and similar devices.
3.29
impeding device
physical obstacle (e.g. low barrier, rail) which, without totally preventing access to a hazard zone, reduces the probability of access to this zone by offering an obstruction to free access
3.30
safety function
function of a machine whose failure can result in an immediate increase of the risk(s)
3.31
unexpected start-up
unintended start-up
start-up which, because of its unanticipated nature, generates a risk to persons
Note 1 to entry: For example, this can be caused by:
— a start command which is the result of a failure in or an external influence on the control system;
— a start command generated by inopportune action on a start control or other parts of the machine such as a sensor or a power control element;
— restoration of the power supply after an interruption;
— external/internal influences (e.g. gravity, wind, self-ignition in internal combustion engines) on parts of the machine.
Note 2 to entry: Machine start-up during normal sequence of an automatic cycle is not unintended, but can be considered as being unexpected from the point of view of the operator. Prevention of hazardous situations in this case involves the use of safeguarding (see 6.3).
[SOURCE: ISO 14118:2017, 3.2, modified —– The word “unexpected” has been replaced by “unanticipated”. In Note 2 to entry “hazardous events” has been replaced by “hazardous situations.]
3.32
fault
fault of an item
inability to perform as required, due to an internal state
Note 1 to entry: A fault of an item results from a failure, either of the item itself, or from a deficiency in an earlier stage of the life cycle, such as specification, design, manufacture or maintenance. .
Note 2 to entry: Qualifiers, such as specification, design, manufacture, maintenance or misuse, can be used to indicate the cause of a fault.
Note 3 to entry: The type of fault can be associated with the type of associated failure, e.g. wear-out fault and wear-out failure.
Note 4 to entry: The adjective “faulty” designates an item having one or more faults.
[SOURCE: IEC 60050-192:2015, 192-04-01, modified – In Note 1 to entry the former cross-reference to latent fault has been deleted. In Note 2 and Note 3 to entry “may” have been changed to “can”.]
3.33
failure
failure of an item
loss of ability to perform as required
Note 1 to entry: A failure of an item is an event that results in a fault of that item .
Note 2 to entry: Qualifiers, such as catastrophic, critical, major, minor, marginal and insignificant, can be used to categorize failures in accordance with the severity of consequences, the choice and definitions of severity criteria depending upon the field of application.
Note 3 to entry: Qualifiers, such as misuse, mishandling and weakness, can be used to categorize failures in accordance with the cause of failure.
[SOURCE: IEC 60050-192:2015, 192-03-01, modified – In Note 1 to entry the former cross-reference to fault has been deleted. In Note 2 and Note 3 to entry “may” have been changed to “can”.]
3.34
common cause failures
failures of multiple items, which would otherwise be considered independent of one another, resulting from a single cause
Note 1 to entry: Common cause failures can also be common mode failures.
Note 2 to entry: The potential for common cause failures reduces the effectiveness of system redundancy.
[SOURCE: IEC 60050-192:2015, 192-03-18, modified – In Note 1 to entry the former cross-reference to common mode failures has been deleted.]
3.35
common mode failures
common mode failures within a system
failures of different items characterized by the same failure mode
Note 1 to entry: Common mode failures can have different causes.
Note 2 to entry: Common mode failures can also be common cause failures.
Note 3 to entry: The potential for common mode failures reduces the effectiveness of system redundancy.
[SOURCE: IEC 60050-192:2015, 192-03-19, modified – In Note 1 to entry “may” has been changed to “can”. In Note 2 to entry the former cross-reference to common cause failures has been deleted.]
3.36
malfunction
failure of a machine to perform an intended function
Note 1 to entry: See 5.4, item b) 2) for examples.
3.37
emergency situation
hazardous situation needing to be urgently ended or averted
Note 1 to entry: An emergency situation can arise
— during normal operation of the machine (e.g. due to human interaction, or as a result of external influences); or
— as a consequence of a malfunction or failure of any part of the machine.
3.38
emergency stop
emergency stop function
function which is intended to
— avert arising or reduce existing hazards to persons, damage to machinery or to work in progress; and
— be initiated by a single human action
Note 1 to entry: ISO 13850 gives detailed provisions.
3.39
emission value
numerical value quantifying an emission generated by a machine (e.g. noise, vibration, hazardous substances, radiation)
Note 1 to entry: Emission values are part of the information on the properties of a machine and are used as a basis for risk assessment.
Note 2 to entry: The term “emission value” is different from “exposure value”, which quantifies the exposure of persons to emissions when the machine is in use. Exposure values can be estimated using the emission values.
Note 3 to entry: Emission values are preferably measured and their associated uncertainties determined by means of standardized methods (e.g. to allow comparison between similar machines).
3.40
cybersecurity
measures to protect a machine control system against unauthorized access or attack that can result in a hazardous situation
Note 1 to entry: Damage or changes can be made to the machine control system hardware, software or information, as well as from disruption or misdirection of the intended function.
Note 2 to entry: Cybersecurity is covering both, information technology security (IT security) and operational technology (OT).
3.41
remote access
process of communicating with one or more device on the machinery from another network or from a terminal device which is not permanently connected, physically or logically, to the device(s)
3.42
remote control
process where parameters can be changed and machine functions can be initiated, stopped or modified from a location without visibility to the hazard zones.
Note 1 to entry: The term remote control should not be confused with cableless control.
3.43
remote programming
process where active programs can be created, modified or tested from a location without visibility to the hazard zones.
Note 1 to entry: Remote programming can apply to safety-related or non-safety-related portions of the program.
4.0 Strategy for risk assessment and risk reduction
Figure 1 shows the basic approach to the risk assessment and risk reduction process.
To implement risk assessment and risk reduction, the following process shall be applied, in the given order a) to e) (see Figure 2).
Any misuse of a machine which is illegal or not readily predictable human behaviour is outside the scope of a risk assessment. However, cyber threats with potential impacts to safety shall be considered.
a) Determine the limits of the machinery, which include the intended use and any reasonably foreseeable misuse thereof.
b) Identify the hazards and associated hazardous situations.
c) Estimate the risk for each identified hazard and hazardous situation.
d) Evaluate the risk and make decisions about the need for risk reduction.
e) Eliminate the hazard or reduce the risk associated with the hazard by means of risk reduction measures until the risk is adequately reduced.
Actions a) to d) are related to risk assessment, and e) to risk reduction.
a | This is part of setting limits. |
Figure 1 is based on ISO/IEC Guide 51:2014. |
Figure 1 — Iterative process of risk assessment and risk reduction
Two important aspects of the overall process in Figure 1 are
— identifying hazards, hazardous situations and hazardous events, and
— reducing risks.
Resources should be directed at risk reduction efforts rather than attempting to achieve absolute precision in risk estimation.
Risk assessment is a series of logical steps to enable, in a systematic way, the analysis and evaluation of the risks associated with machinery.
Risk assessment is followed, whenever necessary, by risk reduction. Iteration of this process can be necessary to eliminate hazards as far as practicable and to adequately reduce risks by the implementation of risk reduction measures.
Figure 2 intentionally mirrors Figure 1, but provides additional details on the aspects of the three steps of risk reduction to be taken by the machine designer to achieve tolerable risk. Whereas Figure 1 highlights the “what” of the risk assessment process, Figure 2 demonstrates “how” the intended risk reduction is achieved.
Figure 2 — Schematic representation of risk reduction process including iterative three-step method
Risk reduction measures are the combination of the measures implemented by the designer and the user in accordance with Figure 3. Measures which can be incorporated at the design stage are preferable to those implemented by the user and usually prove more effective.
Further details on the impact of risk reduction measures taken by both the machine designer and machine user are shown in Figure 3. The impacts shown illustrate the effectiveness of the three-step method shown in Figure 2 and the information flow between the designer and user in order to achieve and maintain an overall outcome of tolerable risk.
a Providing proper information for use is part of the designer's contribution to risk reduction, but the risk reduction measures concerned are only effective when implemented by the user.
b The user input is that information received by the designer from either the user community, regarding the intended use of the machine in general, or from a specific user.
c These risk reduction measures are outside the scope of this document.
d These are risk reduction measures required due to a specific process or processes not envisaged in the intended use of the machine or to specific conditions for installation that cannot be controlled by the designer.
Figure 3 — Impact of risk reduction measures
The objective to be met is the greatest practicable risk reduction, taking into account the four factors below. The strategy defined in this Clause is represented by the flowcharts in Figure 1 and Figure 2. The process itself is iterative and several successive applications can be necessary to reduce the risk, making the best use of available technology. In carrying out this process, the following four factors shall be taken into account, in the following order of preference:
— the safety of the machine during all the phases of its life cycle;
— the ability of the machine to perform its function;
— the usability of the machine;
— the manufacturing, operational and dismantling costs of the machine.
NOTE The ideal application of these principles requires knowledge of the function and use of the machine, the accident history and health records, available risk reduction techniques, and the legal framework in which the machine is to be used.
It is presumed that the particular design achieved as a result of this process leads to a machine that can be used with tolerable risks (see Figure 1).
Annex C provides guidance as to how the system of existing type-A, type-B and type-C standards on machinery safety should be applied in order to design a machine to achieve tolerable risk by adequate risk reduction. It explains how this type-A standard should be used for practical cases in conjunction with type-B and type-C standards on machinery safety.
All products and systems include hazards and, therefore, some level of residual risk. However, the risk associated with those hazards shall be reduced to a tolerable level.
5.0 Risk assessment
5.1 General
Risk assessment (see Figure 2) comprises
a) risk analysis, that includes
1) determination of the limits of the machinery (see 5.3),
2) hazard identification (see 5.4 and Annex B), and
3) risk estimation (see 5.5), and
b) risk evaluation (see 5.6).
Risk analysis provides information required for the risk evaluation, which in turn shall be used to determine the required risk reduction.
These judgments shall be supported by a qualitative or, where appropriate, quantitative estimate of the risk associated with the hazards present on the machinery.
NOTE A quantitative approach can be appropriate when useful data are available. However, a quantitative approach is restricted by either the useful data that are available or the limited resources of those conducting the risk assessment, or both. Therefore, in many applications only qualitative risk estimation is possible.
The risk assessment shall be documented in accordance with Clause 7.
5.1.1 Information for risk assessment
5.2.1 The information for risk assessment should include the following.
a) Related to machinery description:
1) user input and specifications;
2) anticipated machinery specifications, including;
i) a description of the various phases of the whole machinery life cycle,
ii) design drawings or other means of establishing the nature of the machinery, and
iii) required energy sources and how they are supplied.;
3) documentation on previous designs of similar machinery, if relevant;
4) information for use of the machinery, as available.
b) Related to regulations, standards and other applicable documents:
1) applicable regulations;
2) relevant standards;
3) relevant technical specifications;
4) relevant safety data sheets.
c) Related to experience of use:
1) any accident, incident or malfunction history of the actual or similar machinery;
2) the history of damage to health resulting, for example, from emissions (e.g. noise, vibration, dust, fumes), chemicals used or materials processed by the machinery;
3) the experience of users of similar machines and, whenever practicable, an exchange of information with the potential users.
NOTE An incident that has occurred and resulted in harm can be referred to as an “accident”, whereas an incident that has occurred and that did not result in harm can be referred to as a “near miss”.
d) Related to human factors and ergonomics aspects, for example:
1) required variability for different operators, e.g. size, weight, manoeuvrability;
2) required work postures or movements and manual force exertions;
3) required space for movements of the parts of the operator's body;
4) required human-machine interactions;
5) machine work rate.
5.2.2 The information shall be updated as the design develops or when modifications to the machine are required.
Comparisons between similar hazardous situations associated with different types of machinery are often possible, provided that sufficient information about hazards and accident circumstances in those situations is available.
The absence of an accident history, a small number of accidents or low severity of accidents should not be taken as a presumption of a low risk.
For quantitative analysis, data from databases, handbooks, laboratories or manufacturers' specifications may be used, provided that there is confidence in the suitability of the data. Uncertainty associated with these data shall be indicated in the documentation (see Clause 7).
5.1.2 Determination of the limits of machinery
5.1.3 General
Risk assessment begins with the determination of the limits of the machinery, taking into account all the phases of the machinery life cycle. This means that the characteristics and performances of the machine or a series of machines in an integrated process, and the related people, environment and products, shall be identified in terms of the limits of machinery as given in 5.3.2 to 5.3.5.
5.1.4 Use limits
Use limits include the intended use and the reasonably foreseeable misuse. The following aspects shall be taken into account, if applicable:
a) the machine operating modes and intervention procedures for the users, including interventions required by malfunctions of the machine;
b) the use of the machinery (e.g. industrial, non-industrial and domestic) by persons identified by sex, dominant hand usage, age, or limiting physical abilities (e.g. visual or hearing impairment, size, strength);
c) the anticipated levels of training, experience or ability of users including
1) operators,
2) maintenance personnel or technicians,
3) trainees and apprentices, and
4) the general public;
d) exposure of other persons to the hazards associated with the machinery where it can be reasonably foreseen:
1) persons likely to have a good awareness of the specific hazards, such as operators of adjacent machinery;
2) persons with little awareness of the specific hazards but likely to have a good awareness of site safety procedures, authorized routes, etc., such as administration staff;
3) persons likely to have very little awareness of the machine hazards or the site safety procedures, such as visitors or members of the general public, including children.
e) specific limitations of cybersecurity attributes for a machine (e.g. restricted user access, restricted data flow);
f) limitations for the use of artificial intelligence (e.g. machine learning), such as the type of data used to train artificial intelligence system. For more information see ISO/IEC TR 5469.
If specific information is not available in relation to b), the manufacturer should take into account general information on the intended user population (e.g. appropriate anthropometric data).
5.1.5 Space limits
The following aspects of space limits shall be taken into account, if applicable
a) the range of movement,
b) space requirements for persons interacting with the machine, such as during operation and maintenance,
c) human interaction ( e.g. the position of the operator–machine interface), and
d) the machine–power supply interface.
5.1.6 Time limits
The following aspects of time limits shall be taken into account, if applicable
a) the intended lifetime of either the machinery or of some of its components (e.g. tooling, parts that can wear, electromechanical components), or both, taking into account its intended use and reasonably foreseeable misuse, and
b) recommended service intervals.
5.1.7 Other limits
Examples of other limits include
a) properties of the material(s) to be processed,
b) housekeeping — the level of cleanliness required, and
c) environmental — the recommended minimum and maximum temperatures, whether the machine can be operated indoors or outdoors, in dry or wet weather, in direct sunlight, tolerance to dust and wet, etc.
5.2 Hazard identification
5.2.1 General
After determination of the limits of the machinery, the systematic identification of reasonably foreseeable hazards (permanent hazards and those which can appear unexpectedly), hazardous situations and hazardous events during all phases of the machinery lifecycle shall be performed, i.e.:
— transport, assembly and installation;
— commissioning;
— use;
— dismantling, disabling and scrapping.
See also Table B.3.
Only when hazards have been identified can steps be taken to eliminate them or to reduce risks. To accomplish this hazard identification, the following shall be performed by the machinery and the tasks to be performed by persons who interact with it shall be identified, taking into account the different parts, mechanisms or functions of the machine, the materials to be processed, if any, and the environment in which the machine can be used.
A cybersecurity breach does not introduce new hazards; however, it should be seen as a source for initiating hazardous events (e.g. cybersecurity is an additional consideration). For more information see also ISO/TR 22100-4.
The designer shall identify hazards taking into account 5.4.2 to 5.4.4.
5.2.2 Human interaction with machinery during the life cycle of the machine
Task identification shall be performed for all modes of operation and all tasks associated with every phase of the machine life cycle as given above. Task identification shall at least include the following tasks:
— setting;
— testing;
— teaching/programming;
— process/tool changeover;
— starting the machine;
— feeding the machine;
— removal of product from machine;
— stopping the machine;
— stopping the machine in case of emergency;
— recovery of operation from jam or blockage;
— restart after unscheduled stop;
— fault-finding/troubleshooting (operator intervention);
— cleaning and housekeeping;
— preventive maintenance;
— corrective maintenance.
All reasonably foreseeable hazards, hazardous situations or hazardous events associated with the various tasks shall then be identified. Annex B gives examples of hazards, hazardous situations and hazardous events to assist in this process. Several methods are available for the systematic identification of hazards. For more information see also ISO/TR 14121-2.
In addition, reasonably foreseeable hazards, hazardous situations or hazardous events not directly related to tasks shall be identified.
EXAMPLE Seismic events, lightning, excessive snow loads, noise, break-up of machinery, hydraulic hose burst.
5.2.3 Possible states of the machine
Possible states of the machine are as follows:
a) The machine performs the intended function (the machine operates normally).
b) The machine does not perform the intended function (i.e. malfunctions) due to a variety of reasons, including
— variation of a property or of a dimension of the processed material or of the workpiece,
— failure of one or more of its component parts or services,
— external disturbances (e.g. shocks, vibration, electromagnetic interference),
— design error or deficiency (e.g. software errors),
— disturbance of its power supply,
— surrounding conditions (e.g. damaged floor surfaces),
— unintended self-evolving behaviour of applied artificial intelligence (for more information see ISO/TR 22100-5), and
— cybersecurity breach.
5.2.4 Unintended behaviour of the operator or reasonably foreseeable misuse of the machine
Examples include
— loss of control of the machine by the operator (especially for hand-held or mobile machines),
— reflex behaviour of a person in case of malfunction, incident or failure during the use of the machine,
— behaviour resulting from lack of concentration, psychological stress or carelessness,
— behaviour resulting from taking the “path of least resistance” in carrying out a task,
— behaviour resulting from pressures to keep the machine running in all circumstances,
— behaviour of certain persons (e.g. children, disabled persons), and
— accidental or inadvertent actions by untrained or inexperienced operators leading to the disablement of machinery safety functions.
5.3 Risk estimation
5.3.1 General
After hazard identification, risk estimation shall be carried out for each hazardous situation by determining the elements of risk given in 5.5.2. When determining these elements, it is necessary to take into account the aspects given in 5.5.3.
If standardized (or other suitable) measurement methods exist for an emission, they should be used, in conjunction with existing machinery or prototypes, to determine emission values and comparative emission data.
This makes it possible for the designer to
— estimate the risk associated with the emissions,
— evaluate the effectiveness of the protective measures implemented at the design stage,
— provide potential buyers with quantitative information on emissions in the technical documentation, and
— provide users with quantitative information on emissions in the information for use.
Hazards other than emissions that are described by measurable parameters can be dealt with in a similar manner.
The efficiency of technical measures to reduce risks is enhanced, if a good quality technical dialog takes place between the manufacturer and the user.
NOTE In the case of the hazards “noise and vibration”, standards (noise and vibration test codes) provide, for families of machines, methods for measuring and declaring these emissions. Noise and vibration emission values obtained with the same method can be compared. This allows reduced noise and vibration emission to be a sell and purchase parameter.
5.3.2 Elements of risk
General
The risk associated with a particular hazardous situation depends on the following elements:
a) the severity of harm;
b) the probability of occurrence of that harm, which is a function of
1) the exposure of person(s) to the hazard,
2) the occurrence of a hazardous event, and
3) the technical and human possibilities to avoid or limit the harm.
The elements of risk are shown in Figure 4. Additional details are given in 5.5.2.2, 5.5.2.3 and 5.5.3.
Severity of harm
The severity of harm shall be estimated. The following can be taken into account:
a) the severity of injuries or damage to health, for example,
— slight,
— serious,
— death.
b) the extent of harm, for example, to
— one person,
— several persons due to a single hazardous event.
When carrying out a risk assessment, the risk from the most severe harm that can realistically occur from each identified hazard, even if the probability of such an occurrence is not high, shall be considered. For more information see ISO/TR 14121-2.
Probability of occurrence of harm
General
The probability of occurrence of harm shall be estimated. For factors that can be considered see 5.5.2.3.2 to 5.5.2.3.4.
Exposure of persons to the hazard
The exposure of a person to the hazard influences the probability of the occurrence of harm. Factors that can be considered when estimating the exposure are, among others,
a) the need for access to the hazard zone (e.g. during use, correction of malfunction, maintenance, repair)
b) the nature of access (e.g. manual feeding of materials),
c) the time spent in the hazard zone,
d) the number of persons requiring access, and
e) the frequency of access.
Occurrence of a hazardous event
The occurrence of a hazardous event influences the probability of occurrence of harm. Factors that can be considered when estimating the occurrence of a hazardous event are, among others,
a) reliability and other statistical data,
b) accident history,
c) history of damage to health, and
d) comparison of risks (see 5.6.3).
NOTE The occurrence of a hazardous event can be of a technical or human origin.
Possibility of avoiding or limiting harm
The possibility of avoiding or limiting harm influences the probability of occurrence of harm. Factors that can be considered when estimating the possibility of avoiding or limiting harm are, among others, the following:
a) different persons who can be exposed to the hazard(s), for example,
— skilled,
— unskilled;
b) how quickly the hazardous situation can lead to harm, for example,
— suddenly,
— quickly,
— slowly;
c) any awareness of risk, for example,
— by general information,
— by direct observation,
— through warning signs and indicating devices, in particular, on the machinery;
d) the human ability to avoid or limit harm (e.g. reflex, agility, possibility of escape);
e) practical experience and knowledge, for example,
— of the machinery,
— of similar machinery,
— no experience.
5.3.3 Aspects to be considered during risk estimation
Persons exposed
Risk estimation shall take into account all persons (operators and others) for whom exposure to the hazard is reasonably foreseeable.
Type, frequency and duration of exposure
The estimation of the exposure to the hazard under consideration (including long-term damage to health) requires analysis of, and shall account for, all modes of operation of the machinery and methods of working. In particular, the analysis shall account for the needs for access during loading/unloading, setting, teaching, process changeover or correction, cleaning, fault-finding and maintenance.
The risk estimation shall also take into account tasks, for which it is necessary to suspend risk reduction measures.
Relationship between exposure and effects
The relationship between an exposure to a hazard and its effects shall be taken into account for each hazardous situation considered. The effects of accumulated exposure and combinations of hazards shall also be considered. When considering these effects, risk estimation shall, as far as practicable, be based on appropriate recognized data.
NOTE 1 Accident data can assist in establishing the probability and severity of injury associated with the use of a particular type of machinery with a particular type of risk reduction measure. Zero accident data is no guarantee of the low probability and severity of an injury.
Human factors and ergonomics
Human factors can affect risk and shall be taken into account in the risk estimation, including, for example,
a) the interaction of person(s) with the machinery, including correction of malfunction,
b) interaction between persons,
c) stress-related aspects,
d) ergonomics aspects,
e) the capacity of persons to be aware of risks in a given situation depending on their training, experience and ability,
f) fatigue aspects, and
g) aspects of limited abilities (e.g. due to disability, age).
Training, experience and ability can affect risk; nevertheless, none of these factors shall be used as a substitute for hazard elimination, risk reduction by inherently safe design or safeguarding, wherever these risk reduction measures can be practicably implemented.
Suitability of risk reduction measures
Risk estimation shall take into account the suitability of risk reduction measures and shall
a) identify the circumstances which can result in harm,
b) whenever appropriate, be carried out using quantitative methods to compare alternative risk reduction measures (see ISO/TR 14121-2), and
c) provide information that can assist with the selection of appropriate risk reduction measures.
When estimating risk, those components and systems identified as immediately increasing the risk in case of failure need special attention.
When risk reduction measures include user organization measures, competency requirements, use of personal protective equipment (PPE), skill or training, the relatively low reliability of such risk reduction measures compared with proven technical risk reduction measures shall be taken into account by the designer in the risk estimation.
Possibility of defeating or circumventing risk reduction measures
For the continued safe operation of a machine, it is important that the risk reduction measures allow its easy use and do not hinder its intended use. Otherwise, there is a possibility that risk reduction measures might be bypassed in order for maximum utility of the machine to be achieved.
Risk estimation shall take into account the possibility of defeating or circumventing risk reduction measures. It shall also take into account the incentive to defeat or circumvent risk reduction measures when, for example,
a) the risk reduction measure slows down production or interferes with another activity or preference of the user,
b) the risk reduction measure is difficult to use,
c) persons other than the operator are involved, or
d) the risk reduction measure is not recognized by the user or not accepted as being suitable for its function,
e) the risk reduction measure prevents a task or operation from being performed.
Whether or not a risk reduction measure can be defeated depends on both the type of risk reduction measure, such as an adjustable guard or programmable trip device, and its design details.
Risk reduction measures that use programmable electronic control systems introduce additional possibilities of defeat or circumvention if access to safety-related software is not appropriately restricted by design and monitoring methods. Risk estimation shall identify where safety-related functions are not separated from other machine functions and shall determine the extent to which access is possible. This is particularly important when remote access is required.
Ability to maintain risk reduction measures
Risk estimation shall consider whether the risk reduction measures can be maintained in the condition necessary to provide the required level of protection.
NOTE If the risk reduction measure cannot easily be maintained in correct working order, this can encourage the defeat or circumvention of the risk reduction measure in order to allow continued use of the machinery.
5.4 Risk evaluation
5.4.1 General
After risk estimation has been completed, risk evaluation shall be carried out to determine if risk reduction is required. If risk reduction is required, then appropriate risk reduction measures shall be selected and applied (see Clause 6). As shown in Figure 2, the adequacy of the risk reduction shall be determined after applying each of the three steps of risk reduction specified in Clause 6. As part of this iterative process, the designer shall also check whether additional hazards are introduced or other risks increased when new risk reduction measures are applied. If additional hazards do occur, they shall be added to the list of identified hazards and appropriate risk reduction measures will be required to address them.
5.4.2 Adequate risk reduction
Application of the three-step method specified in 6.1 is essential in achieving adequate risk reduction. As a result of this process, it shall be assumed that the design will result in a machine that can be used with tolerable risk achieved by adequate risk reduction (see Figures 1 and 2).
Following the application of the three-step method, adequate risk reduction is achieved when
— all operating conditions and all intervention procedures have been considered,
— the hazards have been eliminated or risks reduced to a tolerable level,
— any new hazards introduced by the risk reduction measures have been properly addressed,
— users are sufficiently informed and warned about the residual risks (see 6.1, step 3),
— risk reduction measures are compatible with one another,
— sufficient consideration has been given to the consequences that can arise from the use in a non- professional/non-industrial context of a machine designed for professional/industrial use, and
— the risk reduction measures do not adversely affect the operator's working conditions or the usability of the machine.
5.4.3 Comparison of risks
As part of the process of risk evaluation, the risks associated with the machinery or parts of machinery can be compared with those of similar machinery or parts of machinery, provided the following criteria apply:
— the similar machinery is in accordance with the relevant type-C standard(s);
— the intended use, reasonably foreseeable misuse and the way both machines are designed and constructed are comparable;
— the hazards and the elements of risk are comparable;
— the technical specifications are comparable;
— the conditions for use are comparable.
The use of this comparison method does not eliminate the need to follow the risk assessment process as specified in this document for the specific conditions of use. For example, when a band saw used for cutting meat is compared with a band saw used for cutting wood, the risks associated with the different material shall be assessed.
6.0 Risk reduction
6.1 General
The objective of risk reduction can be achieved by the elimination of hazards, or by separately or simultaneously reducing each of the two elements that determine the associated risk:
— severity of harm from the hazard under consideration;
— probability of occurrence of that harm.
All risk reduction measures intended for reaching the objective shall be applied in the following sequence, referred to as the three-step method (see also Figure 2).
Step 1: Inherently safe design
Inherently safe design eliminates hazards or reduces the associated risks by a suitable choice of design features of either the machine itself or interaction between the exposed persons and the machine, or both. See 6.2.
NOTE This stage is the only one at which hazards can be eliminated, thus avoiding the need for additional risk reduction measures such as safeguarding or complementary risk reduction measures.
Step 2: Safeguarding and complementary risk reduction measures
Taking into account the intended use and the reasonably foreseeable misuse, appropriately selected safeguarding and complementary risk reduction measures can be used to reduce risk when it is not practicable to eliminate a hazard, or reduce its associated risk sufficiently, using inherently safe design. See 6.3.
Step 3: Information for use
Where risks remain despite inherently safe design, safeguarding and complementary risk reduction measures, the residual risks shall be described in the information for use. The information for use shall include, but not be limited to, the following:
— operating procedures for the use including maintenance of the machinery consistent with the expected ability of personnel who use the machinery or other persons who can be exposed to the hazards associated with the machinery;
— recommended safe working practices and related training requirements for the use of the machinery;
— sufficient information with warnings of residual risks related to the different phases of the machinery life cycle;
— the description of any recommended personal protective equipment, including detail as to its need as well as to training needed for its use.
Information for use shall not be a substitute for the correct application of inherently safe design, safeguarding or complementary risk reduction measures.
6.1.1 Inherently safe design
6.1.2 General
Inherently safe design is the first and most important step in the risk reduction process. This is because risk reduction measures inherent to the characteristics of the machine are likely to remain effective, whereas experience has shown that even well-designed safeguarding can fail or be defeated and information for use may not be followed.
Inherently safe design is achieved by avoiding hazards or reducing risks by a suitable choice of design features for either the machine itself or interaction between the exposed persons and the machine, or both.
NOTE See 6.3 for safeguarding and complementary risk reduction measures that can be used to achieve the risk reduction objectives in the case where inherently safe design is not sufficient (see 6.1 for the three-step method).
6.1.3 Consideration of geometrical factors and physical aspects
Geometrical factors
Such factors include the following.
a) The form of machinery is designed to maximize direct visibility of the working areas and hazard zones from the operating position — reducing blind spots, for example — so as to take into account the characteristics of human vision, particularly when safe operation requires permanent direct control by the operator, for example:
— the travelling and working area of mobile machines;
— the zone of movement of lifted loads or of the carrier of machinery for lifting persons;
— the area of contact of the tool of a hand-held or hand-guided machine with the material being worked.
The design of the machine shall be such that, from the main operating position, the operator is able to confirm that there are no exposed persons in the hazard zones.
b) The form and the relative location of the mechanical components: for instance, crushing and shearing hazards are avoided by increasing the minimum gap between the moving parts, such that the part of the body under consideration can enter the gap safely, or by reducing the gap so that no part of the body can enter it. For more information see ISO 13854 and ISO 13857.
c) Avoiding sharp edges and corners, protruding parts: in so far as their purpose allows, accessible parts of the machinery shall have no sharp edges, no sharp angles, no rough surfaces, no protruding parts likely to cause injury, and no openings which can “trap” parts of the body or clothing. In particular, sheet metal edges shall be deburred, flanged or trimmed, and open ends of tubes which can cause a “trap” shall be capped.
d) The form of the machine is designed so as to achieve an ergonomic operating position and provide accessible manual controls (actuators).
Physical aspects
Such aspects include the following:
a) limiting the actuating force to a sufficiently low value so that the actuated part does not generate a mechanical hazard;
b) limiting either the mass or velocity of the movable elements, or both, and hence their kinetic energy;
c) limiting the emissions by acting on the characteristics of the source using measures for reducing
1) noise emission at source (see also 6.2.15),
2) the emission of vibration at source, such as redistribution or addition of mass and changes of process parameters (e.g., frequency or amplitude of movements, or both),
3) the emission of hazardous substances, including the use of less hazardous substances or dust-reducing processes (granules instead of powders, milling instead of grinding), and
4) radiation emissions, including, for example,
i) avoiding the use of hazardous radiation sources,
ii) limiting the power of radiation to the lowest level sufficient for the proper functioning of the machine,
iii) designing the source so that the beam is concentrated on the target, increasing the distance between the source and the operator or providing for remote operation of the machinery
NOTE For more information on measures for reducing emission of non-ionizing radiation see EN 12198-1 and EN 12198-3.
6.1.4 Taking into account general technical knowledge of machine design
This general technical knowledge can be derived from technical specifications for design (e.g. international standards, design codes, calculations), which should be used to cover
a) mechanical stresses such as
— stress limitation by implementation of correct calculation, construction and fastening methods as regards, for example, bolted assemblies and welded assemblies,
— stress limitation by overload prevention (e.g. bursting disk, pressure-limiting valves, breakage points, torque-limiting devices),
— avoiding fatigue in elements under variable stresses (notably cyclic stresses), and
— static and dynamic balancing of rotating elements,
b) materials and their properties such as
— resistance to corrosion, ageing, abrasion and wear,
— hardness, ductility, brittleness,
— homogeneity,
— toxicity, and
— flammability, and
c) emission values for
— noise,
— vibration,
— hazardous substances, and
— radiation.
NOTE Emission values for existing machinery or prototypes can be used to determine emission values of similar machines. For more information on noise comparison see ISO 11689.
This makes it possible for the designer to
— estimate the risk associated with the emissions,
— evaluate the effectiveness of the risk reduction measures implemented at the design stage,
— provide potential buyers with quantitative information on emissions in the technical documentation, and
— provide users with quantitative information on emissions in the information for use.
Hazards other than emissions that are described by measurable parameters can be dealt with in a similar manner.
When the reliability of particular components or assemblies is critical for safety (e.g. ropes, chains, lifting accessories for lifting loads or persons), stress limits shall be multiplied by appropriate working coefficients.
6.1.5 Choice of appropriate technology
One or more hazards can be eliminated or risks reduced by the choice of the technology to be used in certain applications such as the following:
a) on machines intended for use in explosive atmospheres, using
— appropriately selected pneumatic or hydraulic control system and machine actuators,
— intrinsically safe electrical equipment (for more information see IEC 60079-11);
b) for particular products to be processed (e.g. by a solvent), by using equipment that ensures the temperature will remain far below the flash point;
c) the use of alternative equipment to avoid high noise levels, such as
— electrical instead of pneumatic equipment,
— in certain conditions, water-cutting instead of mechanical equipment.
6.1.6 Applying principle of positive mechanical action
Positive mechanical action is achieved when a moving mechanical component inevitably moves another component along with it, either by direct contact or via rigid elements. An example of this is positive opening operation of switching devices in an electrical circuit. For more information see IEC 60947-5-1 and ISO 14119.
NOTE Where a mechanical component moves and thus allows a second component to move freely (e.g. by gravity or spring force), there is no positive mechanical action of the first component on the second.
6.1.7 Provisions for stability
Machines shall be designed so that they have sufficient stability to allow them to be used safely in their specified conditions of use. Factors to be taken into account include
— the geometry of the base,
— the weight distribution, including loading,
— the dynamic forces due to movements of parts of the machine, of the machine itself or of elements held by the machine which can result in an overturning moment,
— vibration,
— oscillations of the centre of gravity,
— characteristics of the supporting surface in case of travelling or installation on different sites (e.g. ground conditions, slope), and
— external forces, such as wind pressure and manual forces.
Stability shall be considered in all phases of the machinery life cycle, including handling, travelling, installation, use, dismantling, disabling and scrapping.
Other risk reduction measures for stability relevant to safeguarding are given in 6.3.
6.1.8 Provisions for maintainability
When designing a machine, the following maintainability factors shall be taken into account to enable maintenance of the machine:
— accessibility, taking into account the environment and the human body measurements, including the dimensions of the working clothes and tools used (for more information see ISO 14122 series and ISO 15534 series);
— ease of handling, taking into account human capabilities;
— limitation of the number of special tools and equipment.
6.1.9 Observing ergonomics principles
Ergonomics principles shall be taken into account in designing machinery so as to reduce the psychological or physical stress of, and strain on, the operator. These principles shall be considered when allocating functions to operator and machine (degree of automation) in the basic design.
NOTE 1 Allocation of functions to the machine can improve the performance and reliability of operation and hence reduce the probability of errors at all stages of the machine life cycle.
Note 2 See ISO/TR 22100-3 for guidance on ergonomics.
Account shall be taken of body sizes likely to be found in the intended user population, strengths and postures, movement amplitudes and frequency of cyclic actions. For more information see ISO 10075-1 and ISO 10075-2.
All elements of the operator–machine interface, such as controls, signalling or data display elements, shall be designed to be easily understood so that clear and unambiguous interaction between the operator and the machine is possible. For more information see EN 614-1, EN 13861 and IEC 61310-1.
The designer's attention is particularly drawn to following ergonomics aspects of machine design.
a) Avoid the necessity for stressful postures and movements during the use of the machine (e.g. providing facilities to adjust the machine to suit the various operators).
b) Design machines, especially hand-held and mobile machines, so as to enable them to be operated easily, taking into account human effort, actuation of controls and hand, arm and leg anatomy.
c) Limit as far as possible noise, vibration and thermal effects such as extreme temperatures.
d) Avoid linking the operator's working rhythm to an automatic succession of cycles.
e) Provide local lighting on or in the machine for the illumination of the working area and of adjusting, setting-up and frequent maintenance zones when the design features of either the machine or its guards, or both, render the ambient lighting inadequate. Flicker, dazzling, shadows and stroboscopic effects shall be avoided if they can cause a risk. If the position or the lighting source has to be adjusted, its location shall be such that it does not cause risk to persons making the adjustment.
f) Select, locate and identify manual controls (actuators) so that
— they are clearly visible and identifiable, and appropriately marked where necessary (see 6.4.4),
— they can be safely operated without hesitation or loss of time and without ambiguity (e.g. a standard layout of controls reduces the possibility of error when an operator changes from a machine to another one of similar type having the same pattern of operation),
— their location (for push-buttons) and their movement (for levers and hand wheels) are consistent with their effect (for more information see IEC 61310-3), and
— their operation cannot cause additional risk. For more information see also ISO 9355-3.
Where a control is designed and constructed to perform several different actions — namely, where there is no one-to-one correspondence (e.g. keyboards) — the action to be performed shall be clearly displayed and subject to confirmation where necessary.
Controls shall be so arranged that their layout, travel and resistance to operation are compatible with the action to be performed, taking account of ergonomics principles. Constraints due to the necessary or foreseeable use of personal protective equipment (such as footwear, gloves) shall be taken into account.
g) Select, design and locate indicators, dials and visual display units so that
— they fit within the parameters and characteristics of human perception,
— information displayed can be detected, identified and interpreted conveniently, i.e. long-lasting, distinct, unambiguous and understandable with respect to the operator's requirements and the intended use, and
— the operator is able to perceive them from the operating position.
h) design the human-machine-interface of the machine, addressing the reduction of cognitive workload and psychological stress to the user.
6.1.10 Electrical hazards
Electrical equipment of machinery shall be designed so that
— the users are protected against electric shock,
— the energy source can be reliably disconnected.
NOTE For the design of the electrical equipment of machines, IEC 60204-1 gives general provisions about disconnection and switching of electrical circuits and for protection against electric shock.
6.1.11 Pneumatic and hydraulic hazards
Pneumatic and hydraulic equipment of machinery shall be designed so that
— the maximum rated pressure cannot be exceeded in the circuits,
— no hazard results from pressure fluctuations or increases, or from loss of pressure or vacuum,
— no hazardous fluid jet or sudden hazardous movement of the hose (whiplash) results from leakage or component failures,
— air receivers, air reservoirs or similar vessels (such as in gas-loaded accumulators) comply with the applicable design standard codes or regulations for these elements,
— all elements of the equipment, especially pipes and hoses, are protected against harmful external effects,
— as far as possible, reservoirs and similar vessels (e.g. gas-loaded accumulators) are automatically depressurized when isolating the machine from its power supply (see 6.3.5.4) and, if not possible, means are provided for their isolation, local depressurising and pressure indication (for more information see also ISO 14118:2017, Clause 5), and
— all elements which remain under pressure after isolation of the machine from its power supply are provided with clearly identified exhaust devices, and there is a warning label drawing attention to the necessity of depressurizing those elements before any setting or maintenance activity on the machine.
NOTE For more information on hydraulic and pneumatic fluid power see also ISO 4413 and ISO 4414, respectively.
6.1.12 Limiting exposure to hazards through reliability of equipment
Increased reliability of all component parts of machinery reduces the frequency of incidents requiring intervention, thereby reducing exposure to hazards. This applies to power control elements (operative part, see Annex A) as well as to control systems, and to safety functions as well as to other functions of machinery.
Safety-related components (e.g. certain sensors) of known reliability shall be used.
The elements of guards and of protective devices shall be especially reliable, as their failure can expose persons to hazards, and also because poor reliability would encourage attempts to defeat them.
6.1.13 Limiting exposure to hazards through mechanization or automation of loading (feeding) or unloading (removal) operations
Mechanization and automation of machine loading or unloading operations and, more generally, of handling operations — of workpieces, materials or substances — limits the risk generated by these operations by reducing the exposure of persons to hazards at the operating points.
Automation can be achieved by, for example, robots, handling devices, transfer mechanisms and pneumatic equipment. Mechanization can be achieved by, for example, feeding slides, push-rods and hand-operated indexing tables.
While automatic feeding and removal devices have much to offer in preventing accidents to machine operators, they can create hazards when any faults are being corrected. Care shall be taken to ensure that the use of these devices does not introduce further hazards, such as trapping or crushing, between the devices and parts of the machine or workpieces/materials being processed. Suitable safeguards (see 6.3) shall be provided if this cannot be ensured.
Automatic feeding and removal devices with their own control systems and the control system of the associated machine shall be interconnected after thorough study of how all safety functions are performed in all the control and operation modes of the entire equipment.
6.1.14 Limiting exposure to hazards through location of setting and maintenance points outside hazard zones
The need for access to hazard zones shall be minimized by locating maintenance, lubrication and setting points outside these zones.
6.1.15 Hygiene aspects
Machines and equipment used in applications with hygiene and cleanability requirements (e.g. food and pharmaceuticals) shall be designed to allow cleaning and where necessary disinfection.
NOTE Guidance for the hygienic design of machinery can be found in ISO 14159, ISO 21469 and EN 1672-2.
6.1.16 Noise
Machines and equipment shall be designed in such a way, that noise emissions are reduced at the source.
For noise comparison obtained with the same method see ISO 11689.
NOTE For guidance for recommended practice for the design of low-noise machinery and equipment see ISO/TR 11688-1.
6.1.17 Vibration
Machines and equipment shall be designed in such a way, that vibration emissions is are reduced at the source.
NOTE For guidance for recommended practice for the design of low-noise machinery and equipment see EN 1299.
6.2 Safeguarding and complementary risk reduction measures
6.2.1 General
Guards and protective devices shall be used to protect persons whenever inherently safe design does not reasonably make it possible either to eliminate hazards or to sufficiently reduce risks. Complementary risk reduction measures involving additional equipment can be implemented. Examples include emergency stop devices, energy isolation mechanisms, and provisions for rescue or safe access to hazardous areas.
NOTE The different kinds of guards and protective devices are defined in 3.27 and 3.28.
Certain safeguards may be used to avoid exposure to more than one hazard.
EXAMPLE A fixed guard preventing access to a zone where a mechanical hazard is present used to reduce noise levels and collect toxic emissions.
Whole body access can result from the application of guards and protective devices. Measures to protect against hazardous situations where a person can be completely inside a safeguarded space of a machine shall be implemented. For more information see ISO/DIS 12895.2:2025, ISO 13855 and ISO 13857.
6.2.2 Selection and implementation of guards and protective devices
General
This subclause gives guidelines for the selection and the implementation of guards and protective devices (see Figure 5) the primary purpose of which is to protect persons against different types of hazards in accordance with the nature of those hazards and to the need for access to the hazard zone(s).
The exact choice of a safeguard for a particular machine shall be made on the basis of the risk assessment for that machine.
For the selection of adequate safeguarding and complementary risk reduction measures the following aspect should be considered:
— Possibility of defeating or circumventing risk reduction measures (see 5.5.3.6)
— Ability to maintain risk reduction measures (see 5.5.3.7)
In selecting an appropriate safeguard for a particular type of machinery or hazard zone, it shall be kept in mind that a fixed guard is simple and shall be used where the access of an operator into a hazard zone is not required during the intended operation of the machinery.
As the need for frequency of access increases, this inevitably leads to the risk of the guard not being replaced. This requires the use of an alternative risk reduction measure (e.g. movable interlocking guard, sensitive protective equipment).
For more information on selection and implementation of sensitive protective equipment see IEC 62046.
A combination of safeguards can sometimes be required. For example, where, in conjunction with a fixed guard or impeding device, a mechanical loading (feeding) device is used to feed a workpiece into a machine, thereby removing the need for access to the primary hazard zone, a trip device can be required to protect against the drawing-in or shearing hazard between the mechanical loading (feeding) device, when reachable, and the fixed guard.
Consideration shall be given to the enclosure of operating positions or intervention zones to provide protection against several hazards including
a) hazards from falling or ejected objects, using, for example, protection in the form of a falling object protection structure (FOPS),
b) emission hazards (e.g. protection against noise, vibration, radiation, substances hazardous to health,.),
c) hazards due to the environment (e.g. heat, cold, foul weather),
d) hazards due to tipping over or rolling over of mobile machinery, using, for example, protection in the form of roll-over or tip-over protection structures (ROPS and TOPS).
The design of enclosed operating positions, such as cabs and cabins, shall take into account ergonomics principles concerning operator’s visibility, lighting, atmospheric conditions, access, posture.
Additional requirements can apply.
Figure 5 — Guidelines for choosing safeguards against hazards
Selection and implementation of sensitive protective equipment (SPE)
Selection
Due to the great diversity of the technologies on which their detection function is based, all types of sensitive protective equipment (SPE) are far from being equally suitable for safety applications. The following provisions are intended to provide the designer with criteria for selecting, for each application, the most suitable device(s).
Types of SPE include
a) electro-sensitive protective equipment (ESPE), such as light curtains or laser scanners,
NOTE 1 For more information on ESPE see IEC 61496 series.
b) pressure-sensitive protective devices (PSPD), such as pressure-sensitive mats, pressure-sensitive edges and pressure-sensitive wires, and
NOTE 2 For more information on PSPD see ISO 13856 series.
c) safety-related sensors (SRS) and safety-related sensor systems (SRSS).
NOTE 3 For more information on SRS and SRSS see IEC 62998 series.
SPE can be used for tripping purposes or presence sensing, or both, or to re-initiate machine operation — a practice subject to stringent conditions.
NOTE 4 SPE can be unsuitable either for presence sensing or for tripping purposes.
The following characteristics of the machinery, among others, can preclude the sole use of SPE:
— tendency for the machinery to eject materials or component parts;
— necessity to guard against emissions (e.g. noise, radiation, dust);
— erratic or excessive machine stopping time;
— inability of a machine to stop part-way through a cycle.
Implementation
Consideration shall be given to
a) the size, characteristics and positioning of the detection zone (see, e.g. ISO 13855, for more information on the positioning of some types of SPE);
b) the reaction of the device to fault conditions (see e.g. IEC 61496 for more information on electro-sensitive protective equipment);
c) the possibility of circumvention, and
d) effective detection capability and its variation over the course of time (as a result, for example, of its susceptibility to different environmental conditions such as the presence of reflecting surfaces, other artificial light sources and sunlight or impurities in the air).
NOTE 1 ISO 13855 defines the effective detection capability of electro-sensitive protective equipment.
NOTE 2 IEC 62046 specifies requirements for SPE to detect the momentary or continued presence of persons in order to protect those persons from dangerous part(s) of machinery in industrial applications.
SPE shall be integrated in the operative part and associated with the safety-related parts of the control system of the machine so that
— the withdrawal of the part of a person detected does not, by itself, restart the hazardous machine function(s), and therefore the command given by the SPE is maintained by the safety-related parts of the control system until a new command is given,
— restarting the hazardous machine function(s) results from the voluntary actuation by the operator of a control device located at a sufficient distance to prevent actuation from inside the safeguarded space, where this zone can be observed by the operator
NOTE 3 ISO/DIS 12895.2:2025 provides additional guidance for applications with whole body access.
— the machine cannot operate during interruption of the detection function of the SPE, except during muting phases, and
NOTE 4 Muting is the temporary automatic suspension of a safety function(s) by safety-related parts of the control system (for more information see ISO 13849-1 and IEC 62046).
NOTE 5 The muting function is not automatic selection of safety-related detection zones; for more information see IEC 62046 and IEC 61496-3:2018, A.10.1, Note 2.
— the position and the shape of the detection zone prevents, possibly together with fixed guards, a part of a person from entering or being present in the hazard zone without being detected.
For detailed consideration of the fault behaviour of, for example, active opto-electronic protective devices, IEC 61496 should be taken into account.
Additional requirements for active opto-electronic protective devices (AOPDs) when used for cycle initiation
In this exceptional application, the starting of the machine cycle is initiated by the withdrawal of a person or of the detected part of a person from the detection zone of the AOPD, without any additional start command, hence deviating from the general requirement given in the second point of the dashed list in 6.3.2.2.2, above. After switching on the power supply, or when the machine has been stopped by the tripping function of the AOPD, the machine cycle shall be initiated only by voluntary actuation of a start control.
Cycle initiation by AOPD shall be subject to the following conditions:
a) Only AOPD complying with IEC 61496 series shall be used.
b) The requirements for an AOPD used as a tripping and presence-sensing device (for more information see IEC 61496) are satisfied — in particular, location, separation distance (for more information see ISO 13855), effective detection capability, reliability and monitoring of control and braking systems.
c) The cycle time of the machine is short and the facility to re-initiate the machine upon clearing of the detection zone is limited to a period commensurate with a single normal cycle.
d) Entering the detection zone of the AOPD or opening interlocking guards is the only way to enter the hazard zone.
e) If there is more than one AOPD safeguarding the machine, only one of the AOPDs is capable of cycle re-initiation;
f) With regard to the higher risk resulting from automatic cycle initiation, the AOPD and the associated control system comply with a higher safety-related performance than under normal conditions.
NOTE 1 The hazard zone as referred to in d) is any zone where the hazardous function (including ancillary equipment and transmission elements) is initiated by clearing of the detection zone.
NOTE 2 For more information see also IEC 62046.
6.2.3 Requirements for design of guards and protective devices
General requirements
Guards and protective devices shall be designed to be suitable for the intended use, taking into account mechanical and other hazards involved. Guards and protective devices shall be compatible with the working environment of the machine and designed so that they cannot be easily defeated. They shall provide the minimum possible interference with activities during operation and other phases of the machine life cycle, in order to reduce any incentive to defeat them.
NOTE For additional information, see ISO 14120, ISO 13849-1, ISO 13851, ISO 14119, the ISO 13856 series, the IEC 61496 series and IEC 62061.
Guards and protective devices shall
a) be of robust construction,
b) not give rise to any additional hazard,
c) not be easy to bypass or render non-operational,
d) be located at an adequate distance from the hazard zone (for further information see ISO 13855 and ISO 13857),
e) cause minimum obstruction to the view of the production process, and
f) enable essential work to be carried out either for the installation or replacement of tools, or both, and for maintenance by allowing access only to the area where the work is carried out — if possible, without the guard having to be removed or protective device having to be disabled.
For more information regarding openings in the guards, see ISO 13857.
Requirements for guards
Functions of guards
The functions that guards can achieve are
— either prevention of access to the space enclosed by the guard, or
— containment or capture of materials, workpieces, chips, liquids, or both, which can be ejected or dropped by the machine, and reduction of emissions (noise, radiation, hazardous substances such as dust, fumes, gases) that can be generated by the machine.
Additionally, they can need to have particular properties relating to electricity, temperature, fire, explosion, vibration, visibility (for more information see ISO 14120) and operator position ergonomics (e.g. usability, operator's movements, postures, repetitive movements).
Fixed guards
Fixed guards shall be securely held in place either
— permanently (e.g. by welding), or
— by means of fasteners (screws, nuts) making removal/opening impossible without using tools; they should not remain closed without their fasteners (for more information see ISO 14120).
NOTE A fixed guard can be hinged to assist in its opening.
Interlocking guards
Interlocking guards shall be designed and associated with the machine control system so that
— hazardous functions cannot start up while they are within the operator's reach and the operator cannot reach hazards once they have started up,
NOTE This can be achieved by interlocking guards with guard locking when necessary.
— the absence or failure of one of their components either prevents starting of the hazardous functions or stops them, with this is achievable using automatic monitoring (see 6.3.5.13).
For more information see Figure 5 and ISO 14119.
Movable guards
Movable guards protecting persons from hazards
— shall, when open, as far as possible remain fixed to the machinery or other structure (generally by means of hinges or guides),
— may be adjusted only by an intentional action, such as the use of a tool or a key.
Adjustable guards
Adjustable guards may only be used where the hazard zone cannot for operational reasons be completely enclosed.
Manually adjustable guards shall be
— designed so that the adjustment remains fixed during a given operation, and
— readily adjustable without the use of a tool.
Automatically adjustable guards shall be
— designed and constructed so that the gap between the guard and the material is always limited to the minimum that is necessary for the work, and
— as far as practicable designed to prevent the automatic adjustment being defeated.
Interlocking guards with a start function (control guards)
An interlocking guard with a start function may only be used provided that
a) all requirements for interlocking guards are satisfied (see ISO 14119),
b) the cycle time of the machine is short,
c) the maximum opening time of the guard is preset to a low value (e.g. equal to the cycle time) and, when this time is exceeded, the hazardous function(s) cannot be initiated by the closing of the interlocking guard with a start function and resetting is necessary before restarting the machine,
d) the dimensions or shape of the machine do not allow a person, or part of a person, to stay in the hazard zone or between the hazard zone and the guard while the guard is closed.
NOTE For additional information on guards see ISO 14120, and for additional information on whole body access see ISO/DIS 12895.2.
e) all other guards, whether fixed (removable type) or movable, are interlocking guards,
f) the interlocking device associated with the interlocking guard with a start function is designed such that — for example, by duplication of position detectors and use of automatic monitoring (see 6.3.5.13) — its failure cannot lead to an unintended/unexpected start-up, and
g) the guard is securely held open (e.g. by a spring or counterweight) such that it cannot initiate a start while falling by its own weight.
Hazards from guards
Care shall be taken to adequately reduce risk generated by
— the guard construction (e.g. sharp edges or corners, material, noise emission),
— the movements of the guards (e.g. shearing or crushing zones generated by power-operated guards and by heavy guards which are liable to fall, shearing or crushing during the adjustment of adjustable guards).
Technical characteristics of protective devices
Protective devices shall be selected or designed and connected to the control system such that correct implementation of their safety function(s) is ensured.
Protective devices shall comply with the applicable product standard, if available (see e.g. IEC 61496-2 for more information on active optoelectronic protective devices).
Protective devices shall be installed and connected to the control system so that they cannot be easily defeated.
Provisions for alternative types of safeguards
Provisions should be made to facilitate the fitting of alternative types of safeguards on machinery where it is known that the safeguards shall be changed because of the range of work to be carried out.
6.2.4 Safeguarding to reduce emissions
General
If the reduction of emissions by inherently safe design (see 6.2.2.2) is not adequate, the machine shall be provided with additional risk reduction measures (see 6.3.4.2 to 6.3.4.5), for example, limiting the emission of hazardous material or substance by containing, capturing, evacuating, precipitating, filtering.
Noise
Additional risk reduction measures against noise include
— enclosures (see ISO 15667),
— screens fitted to the machine, and
— silencers (see ISO 14163).
For more information on safeguarding to reduce noise emission, noise transmission and noise radiation see ISO/TR 11688-1:1995, 5.4 and 5.5.
Vibration
Additional risk reduction measures against vibration include
— vibration isolators, such as damping devices placed between the source and the exposed person,
— resilient mounting, and
— suspended seats.
For measures for vibration isolation of stationary industrial machinery see EN 1299
For safeguarding to reduce vibration emissions see EN 12786.
Hazardous substances
Additional risk reduction measures against hazardous substances include
— encapsulation of the machine (enclosure with negative pressure),
— local exhaust ventilation with filtration,
— wetting with liquids, and
— special ventilation in the area of the machine (air curtains, cabins for operators).
For safeguarding to reduce emissions of hazardous substances see ISO 14123-1.
Radiation
Additional risk reduction measures against radiation include
— use of filtering and absorption, and
— use of attenuating screens or guards.
For safeguarding to reduce emission of non-ionizing radiation see EN 12198-1 and EN 12198-3.
6.2.5 Design of control systems
General
The correct design of machine control systems should avoid unforeseen and potentially hazardous machine behaviour.
Typical examples of causes of hazardous machine behaviour include:
a) control system
— an unsuitable design or modification (accidental or deliberate) of the control system logic,
— temporary or permanent defects or failure of one or several components of the control system,
— variations or a failure in the power supply of the control system,
— inappropriate selection, design and location of the control devices.
b) software
— systematic software errors,
— signal or data insertion, deletion, repetition, or resequencing at interfaces,
— signal or data corruption,
— loss of automatic monitoring or diagnostics.
c) AI
— unintended self-evolving behaviour of AI (e.g. false negative or, false positive or inconsistent correlations rates exceed an acceptable limit),
— systematic failures at the AI -human-interface.
Typical causes of hazardous machine behaviour can include:
— unexpected start-up (see ISO 14118),
— uncontrolled speed change,
— failure to stop moving parts,
— dropping or ejection of part of the machine or of a workpiece clamped by the machine, and
— machine action resulting from inhibition (defeating or failure) of protective devices.
Typical examples of hazardous events are
— movement beyond limits, restrictions or domains.
— inhibition of protective devices or safety functions.
The design measures of the control system for safety functions shall be chosen so that their safety-related performance provides a sufficient amount of risk reduction. For corresponding design methodologies see ISO 13849-1 and IEC 62061.
NOTE See also Annex D for how this document in combination with ISO 13849-1 can be applied.
Control systems shall be designed to enable persons to interact with the machine safely and easily. This requires one or several of the following solutions:
— systematic analysis of start and stop conditions;
— provision for specific operating modes (e.g. start-up after normal stop, restart after cycle interruption or after emergency stop, removal of the workpieces contained in the machine, operation of a part of the machine in case of a failure of a machine element);
— clear display of the faults;
— measures to prevent accidental generation of unexpected start commands (e.g. shrouded start device) likely to cause dangerous machine behaviour (see ISO 14118:2017, Figure 1);
— maintained stop commands (e.g. interlock) to prevent restarting that can result in hazardous machine behaviour (see ISO 14118:2017, Figure 1).
An assembly of machines may be divided into several zones for either emergency stopping or for stopping as a result of protective devices or for isolation and energy dissipation, or all of them. The different zones shall be clearly defined and it shall be obvious which parts of the machine belong to which zone. Likewise, it shall be obvious which of either control devices (e.g. emergency stop devices, supply disconnecting devices) or protective devices, or both belong to which zone. The interfaces between zones shall be designed such that no function in one zone creates hazards in another zone which has been stopped for an intervention (see ISO 11161).
Control systems shall be designed to limit the movements of either parts of the machinery, the machine itself, or workpieces or loads, or all of them, held by the machinery to the safe design parameters (e.g. range, speed, acceleration, deceleration). Allowance shall be made for dynamic effects (e.g. swinging of loads).
For example:
— the travelling speed of mobile pedestrian-controlled machinery other than remote-controlled shall be compatible with walking speed;
— the range, speed, acceleration and deceleration of movements of the person-carrier and carrying vehicle for lifting persons shall be limited to non-hazardous values, taking into account the total reaction time of the operator and the machine;
— the range of movements of parts of machinery for lifting loads shall be kept within specified limits.
When the machinery contains various elements that can be operated independently, the control system shall be designed to reduce risks arising out of a lack of coordination (e.g. collision prevention system).
Starting of an internal power source or switching on an external power supply
The starting of an internal power source or switching on an external power supply shall not result in a hazardous situation.
For example:
— starting the internal combustion engine shall not lead to movement of a mobile machine;
— connection to mains electricity supply shall not result in the starting of working parts of a machine. For more information see IEC 60204-1:2021, 7.5 (see also Annexes A and B).
Starting or stopping of a mechanism
The primary action for starting or accelerating the movement of a mechanism should be performed by the application or an increase of voltage or fluid pressure, or — if binary logic elements are considered — by passage from state 0 to state 1 (where state 1 represents the highest energy state).
The primary action for stopping or slowing down should be performed by removal or reduction of voltage or fluid pressure, or — if binary logic elements are considered — by passage from state 1 to state 0 (where state 1 represents the highest energy state).
In certain applications, where this principle cannot be followed, other measures should be applied to achieve the same level of confidence for the stopping or slowing down.
Restart after power interruption
If a hazard can be generated, the spontaneous restart of a machine when it is re-energized after power interruption shall be prevented (e.g. by use of a self-maintained relay, contactor or valve).
Interruption of power supply
Machinery shall be designed to prevent hazardous situations resulting from interruption or excessive fluctuation of the power supply. At least the following requirements shall be met:
— the stopping function of the machinery shall be maintained;
— all devices whose permanent operation is required for safety shall operate in an effective way to maintain safety (e.g. locking, clamping devices, cooling or heating devices, power-assisted steering of self-propelled mobile machinery);
— either parts of machinery or workpieces or loads held by machinery, or all of them, which are liable to move as a result of potential energy shall be restrained or allowed to be safely lowered, e.g. from outside the hazard zone.
Failure of the power supply or communication network connection
The interruption, the re‐establishment after an interruption or the fluctuation in whatever manner of the power supply or communication network connection to the machinery shall not lead to hazardous situations.
Safety functions implemented by programmable electronic control systems
General
Where a programmable electronic control system is used to implement safety functions at machinery, it is necessary to consider its performance requirements in relation to the requirements for the safety functions. The design of the programmable electronic control system shall be such that the probability of random hardware failures and the likelihood of systematic failures that can adversely affect the performance of the safety-related control function(s) is sufficiently low. Where a programmable electronic control system performs a monitoring function, the system behaviour on detection of a fault shall be considered.
The programmable electronic control system shall be designed and verified to ensure that the specified performance for each safety function has been achieved. The programmable electronic control system shall be validated. Validation shows that all parts interact correctly to perform the safety function and that unintended functions do not occur.
NOTE Both, ISO 13849-1 and IEC 62061, specific to machinery safety, provide guidance applicable to programmable electronic control systems.
Safety-related hardware aspects
The hardware (including, e.g. sensors, actuators and logic solvers) shall be either selected or designed and installed, or both, to meet both the functional and performance requirements of the safety function(s) to be performed, in particular, by means of
— architectural constraints (the configuration of the system, its ability to tolerate faults, its behaviour on detection of a fault, cybersecurity, etc.),
— either selection or design of equipment and devices, or both, with an appropriate low probability of dangerous random hardware failure, and
— the incorporation of measures and techniques within the hardware so as to avoid systematic failures and control systematic faults.
Safety-related software aspects
The safety-related software, including embedded software and application software, shall be designed to satisfy the performance specification for the safety functions. For more information see also ISO 13849-1, IEC 62061 or IEC 61508-3.
The following aspects shall be considered:
a) if safety-related application software should not be reprogrammable by the user;
b) whether protection against unauthorized safety-related software changes should be focused on possible impact on the integrity of safety function(s), e.g. due to
— changes of safety-related parameters,
— or any corruption of data or information of a network, control system, and information system.
Measures to protect against unauthorized safety-related software changes shall be implemented.
Note See also 6.3.5.15.
c) where required the control system shall allow updating of safety-relevant parts of the software and data.
Minimizing probability of failure of safety functions
General
Safety of machinery is not only dependent on the reliability of the control systems but also on the reliability of all parts of the machine.
The continued operation of the safety functions is essential for the safe use of the machine. This can be achieved by the measures given in 6.3.5.8.2 to 6.3.5.8.4.
Use of reliable components
“Reliable components” means components which are capable of withstanding all disturbances and stresses associated with the usage of the equipment in the conditions of intended use (including the environmental conditions), for the period of time or the number of operations fixed for the use, with a low probability of failures generating a hazardous malfunctioning of the machine. Components shall be selected taking into account all factors mentioned above (see also 6.2.11).
NOTE 1 “Reliable components” is not a synonym for “well-tried components” (see ISO 13849-1:2023, 6.1.11).
NOTE 2 Environmental conditions for consideration include impact, vibration, cold, heat, moisture, dust, either corrosive or abrasive substances, or both, static electricity and magnetic and electric fields. Disturbances which can be generated by those conditions include insulation failures and temporary or permanent failures in the function of control system components.
Use of “oriented failure mode” components
“Oriented failure mode” components or systems are those in which the predominant failure mode is known in advance and which can be used so that the effect of such a failure on the machine function can be predicted.
NOTE In some cases, it will be necessary to take additional measures to limit the negative effects of such a failure.
The use of such components should always be considered, particularly in cases where redundancy (see 6.3.5.8.4) is not employed.
Duplication (or redundancy) of components or subsystems
In the design of safety-related parts of the machine, duplication (or redundancy) of components may be used so that, if one component fails, another component or components continue to perform the respective function(s), thereby ensuring that the safety function remains available.
In order to allow the proper action to be initiated, component failure shall be detected by automatic monitoring (see 6.3.5.13) or in some circumstances by regular inspection, provided that the inspection interval is shorter than the expected lifetime of the components.
Diversity of either design or technology, or both, can be used to avoid common cause failures (e.g. from electromagnetic disturbance) or common mode failures.
Selection of control and operating modes
If machinery has been designed and built to allow for its use in several control or operating modes requiring either different risk reduction measures or work procedures, or both, (e.g. to allow for adjustment, setting, maintenance, inspection), it shall be fitted with a mode selector which can be locked in each position. Each position of the selector shall be clearly identifiable and shall exclusively allow one control or operating mode.
The selector may be replaced by another selection means which restricts the use of certain functions of the machinery to certain categories of operators (e.g. access codes for certain numerically controlled functions).
NOTE Adequate risk reduction measures associated with each of the operating modes and intervention procedures reduce the possibility of operators being induced to use hazardous intervention techniques.
Principles relating to manual control
The following principles apply:
a) Manual control devices shall be designed and located in accordance with the relevant ergonomics principles given in 6.2.8, item f).
b) A stop control device shall be placed near each start control device. Where the start/stop function is performed by means of a hold-to-run control, a separate stop control device shall be provided when a risk can result from the hold-to-run control device failing to deliver a stop command when released.
c) Manual controls, including safety-related manual controls (e.g. command devices for reset or start) shall be located at a sufficient distance to prevent actuation from inside the hazard zone, except for certain controls where, of necessity, they are located within a hazard zone, such as emergency stop or teach pendant.
NOTE: See ISO 13855 or ISO 13857, or both, for reaching distances.
d) Whenever possible, control devices and operating positions shall be located so that the operator is able to observe the working area or hazard zone.
1) The driver of a ride-on mobile machine shall be able to actuate all control devices required to operate the machine from the driving position, except for functions which can be controlled more safely from other positions.
2) On machinery intended for lifting persons, controls for lifting and lowering and, if appropriate, for moving the carrier shall generally be located in the carrier. If safe operation requires controls to be situated outside the carrier, the operator in the carrier shall be provided with the means of preventing hazardous movements.
e) If it is possible to start the same hazardous machine parts by means of several controls, the control circuit shall be so arranged that only one control is effective at a given time. This applies especially to machines which can be manually controlled by means of, among others, a portable control unit (such as a teach pendant), with which the operator can enter hazard zones.
f) Control actuators shall be designed or guarded so that their effect, where a risk is involved, cannot occur without intentional operation.
NOTE: For more information see ISO 447.
g) For machine functions whose safe operation depends on permanent, direct control by the operator, measures shall be implemented to ensure the presence of the operator at the operating position (e.g. by the design and location of control devices).
h) For cableless control, an automatic stop shall be performed when correct control signals are not received, including loss of communication
NOTE: For more information see IEC 60204-1.
Remote control
If a machine is capable of being remotely controlled, the requirements of ISO 13849-1:2023, 5.2.4 shall apply.
If a machine can be remotely controlled, the following shall be fulfilled:
a) a manual command from the local control is required to activate the remote control function;
Where this is not feasible, other risk reduction measures shall be used to ensure that activation of remote control does not result in a hazardous situation.
b) all functions that can cause a hazard are possible only from the selected single-point-of-control;
c) when local control is selected, remote control cannot override the local control;
d) provide a means of indicating when the machine is in remote control;
e) provide risk reduction measures to either prevent access to hazards or detect access, or both, and initiate a safe state;
f) when whole body access is possible the requirements of ISO/DIS 12895.2 apply;
g) provide instructions for use to describe the procedure for remote control and the measures to be taken;
h) all safety functions initiated at the machine, for example emergency stop, have precedence over all functions initiated using remote control;
i) wireless (cableless) remote control systems conform to the requirements of IEC 60204-2021, 9.2.4.
NOTE 1 Remote vision systems (e.g. video monitoring or CCTV) used as a risk reduction measure to monitor machine operations is a safety function. See also ISO 13849-1.
NOTE 2 Risk reduction measures for remote control can be different from those which are active for other modes. See 6.7.
NOTE 3 For cybersecurity issues of unauthorized remote-control access see 6.3.5.15.
Automatic timeout should be considered for remote control connections.
Remote software updates
Remote software updates can cause hazardous situations (e.g. by interruption of the remote software update). Examples of hazardous situations include but are not limited to
a) software updates which change the intended state of a risk reduction measure (e.g. the expected state of the interlock for automatic mode is changed from locked to unlocked),
b) the possibility to defeat a risk reduction measure from the remote location.
Remote software updates shall not lead to a hazardous situation.
NOTE For cybersecurity issues regarding remote software updates see 6.3.5.15.
The design of the machine shall allow remote software updates when specific measures are in place to prevent hazardous situations that can arise due to the undetected presence of persons being inside or near the machine.
Remote software updates that can impact safety shall be validated.
To prevent hazardous situations during remote software updates, the following shall be fulfilled:
— remote software updates shall only be possible when appropriate risk reduction measures are functional;
— loss of connection during the remote software update shall not cause (a) hazardous situation(s);
— remote software updates to safety-related parameters shall not be possible without confirming the acceptability of the update and that the update(s) does not create any hazardous situation;
— any machines, equipment and sub-assemblies that are not needed for remote software updates shall be in a safe state.
Personnel affected by the remote software updates shall be informed before updates are initiated.
The information for use shall be updated to reflect changes from remote software updates and the measures to be taken.
Control mode for setting, teaching, process changeover, fault-finding, cleaning or maintenance
Where, for setting, teaching, process changeover, fault-finding, cleaning or maintenance of machinery,
— a guard shall either be displaced or removed, or
— a protective device shall be disabled, or both,
— and where it is necessary for the purpose of these operations for the machinery or part of the machinery to be put into operation,
the safety of the operator shall be achieved using a specific control mode which simultaneously
a) disables all other control modes,
b) permits operation of the hazardous machine parts only by continuous actuation of a control device (e.g., enabling control device, two-hand control device, hold-to-run control device),
c) permits operation of the hazardous machine parts only in reduced risk conditions (e.g. reduced speed, reduced power, reduced force or step-by-step operation using a limited movement control device), portable control unit (remote controller or teach pendant) and
d) prevents any operation of hazardous functions by voluntary or involuntary action on the machine's sensors.
NOTE For some special machinery other risk reduction measures can be appropriate.
This control mode shall be associated with one or more of the following measures:
— restriction of access to the hazard zone as far as possible;
— emergency stop control within immediate reach of the operator;
— either portable control unit (teach pendant) or local controls (allowing sight of the controlled machine parts), or both. For more information see IEC 60204-1.
Applying measures to achieve electromagnetic compatibility (EMC)
The control system shall function under foreseeable electromagnetic conditions. For more information on achieving electromagnetic compatibility see IEC 60204-1 and IEC 61000-6.
Use of automatic monitoring
Automatic monitoring is intended to ensure that a safety function or functions implemented by a risk reduction measure do not fail to be performed if the ability of a component or an element to perform its function is diminished, or if the process conditions are changed such that hazards are generated.
Automatic monitoring either detects a fault immediately or carries out periodic checks so that a fault is detected before the next demand upon the safety function. In either case, the safety function can be initiated immediately or delayed until a specific event occurs (e.g. the beginning of the machine cycle).
The safety function may be, for example,
— the stopping of the hazardous process,
— preventing the restart of this process after the first stop following the failure, or
— the triggering of an alarm.
Provision of diagnostic systems to aid fault-finding
Diagnostic systems to aid fault-finding should be included in the control system so that there is no need to disable any risk reduction measure.
NOTE Such systems not only improve availability and maintainability of machinery, they also reduce the exposure of maintenance staff to hazards.
Cybersecurity and protection against corruption
Risk reduction measures to support cybersecurity and protection against corruption shall be implemented.
Measures shall be applied as layers of protection e.g.,
— means to prevent unauthorized access to hardware, software, application software and related configuration data,
— control of remote access.
— preventing accidental or unintended changes,
— network isolation (air gapping),
— locking access to ports,
NOTE For information and requirements about cybersecurity see ISO/IEC 24392.
6.2.6 Complementary risk reduction measures
General
Complementary risk reduction measures can have to be implemented as required by the intended use and the reasonably foreseeable misuse of the machine. Such measures include, but are not limited to, those dealt with in 6.3.6.2 to 6.3.6.6.
Components and elements to achieve emergency stop function
If, following a risk assessment, a machine needs to be fitted with components and elements to achieve an emergency stop function for enabling actual or impending emergency situations to be averted, the following requirements apply:
— the actuators shall be clearly identifiable, clearly visible and readily accessible;
— the hazardous process shall be stopped as quickly as possible without creating additional hazards, but if this is not possible or the risk cannot be reduced, it should be questioned whether implementation of an emergency stop function is the best solution;
— the emergency stop control shall trigger or permit the triggering of certain safeguards or movements where necessary.
NOTE For more detailed provisions see ISO 13850.
Once active operation of the emergency stop device that has initiated an emergency stop command has ceased this command shall be sustained until it is reset. This reset shall be possible only at the location where the emergency stop command has been initiated. The reset of the device shall not restart the machinery, but shall only permit restarting.
Measures for the escape and rescue of trapped persons
Measures for the escape and rescue of trapped persons may consist, among others, of
— sufficiently dimensioned escape and rescue routes and shelters in installations generating operator-trapping hazards,
— arrangements for moving some elements by hand, after an emergency stop,
— arrangements for reversing the movement of some elements,
— anchorage points for descender devices,
— means of communication to enable trapped operators to call for help.
Measures for isolation and energy dissipation
Machines shall be equipped with the technical means to achieve isolation from power supply(ies) and dissipation of stored energy by means of the following actions:
a) isolating (disconnecting, separating) the machine (or defined parts of the machine) from all power supplies;
b) locking (or otherwise securing) all the isolating units in the isolating position;
c) dissipating or, if this is not possible or practicable, restraining (containing) any stored energy which can give rise to a hazard;
d) confirming, by means of safe working procedures, that the actions taken in accordance with a), b) and c) above have produced the desired effect.
For more information see ISO 14118:2017, Clause 5, and IEC 60204-1:2021, 5.5 and 5.6.
Provisions for easy and safe handling of machines and their heavy component parts
Machines and their component parts which cannot be moved or transported by hand shall be provided or be capable of being provided with suitable attachment devices for transport by means of lifting gear.
These attachments may be, among others,
— standardized lifting appliances with slings, hooks, eyebolts, or tapped holes for appliance fixing,
— appliances for automatic grabbing with a lifting hook when attachment is not possible from the ground,
— fork locating features for machines to be transported by a lift truck,
— lifting and stowing gear and appliances integrated into the machine.
Parts of machinery which can be removed manually in operation shall be provided with means for their safe removal and replacement.
See also 6.4.4 c), item 3).
Measures for safe access to machinery
Machinery shall be so designed as to enable operation and all routine tasks relating to either setting or maintenance, or both, to be carried out as far as possible by a person remaining at ground level.
Where this is not possible, machines shall have built-in platforms, stairs or other facilities to provide safe access for those tasks; however, care should be taken to ensure that such platforms or stairs do not give access to hazard zones of machinery.
The walking areas shall be made from materials which remain as slip resistant as practicable under working conditions and, depending on the height from the ground, shall be provided with suitable guard-rails (for more information see ISO 14122-3).
In large automated installations, particular attention shall be given to safe means of access, such as walkways, conveyor bridges or crossover points.
Means of access to parts of machinery located at height shall be provided with collective means of protection against falls (e.g. either guard-rails for stairways, stepladders and platforms or safety cages for ladders, or both). As necessary, anchorage points for personal protective equipment against falls from height shall also be provided.
Openings shall, whenever possible, open towards a safe position. They shall be designed to prevent hazards due to unintended opening.
The necessary aids for access shall be provided (e.g. steps, handholds). Control devices shall be designed and located to prevent their being used as aids for access.
When machinery for lifting either goods or persons, or both, includes landings at fixed levels, these shall be equipped with interlocking guards for preventing falls when the platform is not present at a level. Movement of the lifting platform shall be prevented while the guards are open.
For more information on detailed provisions see the ISO 14122 series.
6.2.7 Risk reduction measures for stability
If stability cannot be achieved by inherently safe design such as weight distribution (see 6.2.6), it shall be maintained by safeguarding such as the use of
— anchorage bolts;
— locking devices;
— movement limiters or mechanical stops;
— acceleration or deceleration limiters;
— load limiters;
— alarms warning of the approach to stability or tipping limits.
6.2.8 Other protective devices
When a machine requires continuous control by the operator (e.g. mobile machines, cranes) and an error of the operator can generate a hazardous situation, this machine shall be equipped with the necessary devices to enable the operation to remain within specified limits, in particular:
— when the operator has insufficient visibility of the hazard zone;
— when the operator lacks knowledge of the actual value of a safety-related parameter (e.g. a distance, a speed, the mass of a load, the angle of a slope);
— when hazards may result from operations other than those controlled by the operator.
The necessary devices include, for example:
a) devices for limiting parameters of movement (distance, angle, velocity, acceleration);
b) overloading and moment limiting devices;
c) devices to prevent collisions or interference with other machines;
d) devices for preventing hazards to pedestrian operators of mobile machinery or other pedestrians;
e) torque limiting devices, breakage points to prevent excessive stress of components and assemblies;
f) devices for limiting pressure, temperature;
g) devices for monitoring emissions;
h) devices to prevent operation in the absence of the operator at the control position;
i) devices to prevent lifting operations unless stabilizers are in place;
j) devices to limit inclination of the machine on a slope;
k) devices to ensure that components are in a safe position before travelling.
Automatic risk reduction measures triggered by such devices which take operation of the machinery out of the control of the operator (e.g. automatic stop of hazardous movement) should be preceded or accompanied by a warning signal to enable the operator to take appropriate action (see 6.4.3).
6.3 Information for use
6.3.1 General requirements
6.4.1.1 Drafting information for use is an integral part of the design of a machine (see Figure 2). Information for use consists of communication links, such as texts, words, signs, signals, symbols or diagrams, used separately or in combination to convey product and application information to the user. Information for use is intended for either professional or non-professional users, or both.
When drafting user information, considerable care shall be taken to provide adequate information quality.
NOTE 1 See ISO 20607 for more information on drafting safety-relevant parts of an instruction handbook.
NOTE 2 See also IEC/IEEE 82079-1 for more information on structuring and presentation of information for use.
6.4.1.2 Information shall be provided to the user about the intended use of the machine, taking into account, notably, all its operating modes.
The information shall contain all directions required to ensure safe and correct use of the machine. With this in view, it shall inform and warn the user about residual risk.
The information shall indicate, as appropriate,
— the need for training,
— the need for personal protective equipment, and
— the possible need for additional guards or protective devices (see Figure 3, Footnote d).
It shall include uses of the machine that can reasonably be expected from its designation and description and shall also warn about the risk which would result from using the machine in other ways than the ones described in the information, especially considering its reasonably foreseeable misuse.
6.4.1.3 Information for use shall cover, separately or in combination, transport, assembly and installation, commissioning, use of the machine (setting, teaching/programming or process changeover, operation, cleaning, fault-finding and maintenance) and, if necessary, dismantling, disabling and scrapping.
6.3.2 Location and nature of information for use
Depending on the risk, the time when the information is needed by the user and the machine design, it shall be decided whether the information — or parts thereof — are to be given
a) in/on the machine itself (see 6.4.3 and 6.4.4),
b) in accompanying documents or electronic forms (in particular, instruction handbook, see 6.4.5),
c) on the packaging,
d) by other means such as signals and warnings outside the machine.
Standardized phrases shall be considered where important messages such as warnings are given.
6.3.3 Signals and warning devices
Visual signals such as flashing lights, and audible signals such as sirens may be used to warn of an impending hazardous event such as machine start-up. Such signals may also be used to warn the operator before the triggering of automatic risk reduction measures.
It is essential that these signals
a) be emitted before the occurrence of the hazardous event,
b) be unambiguous,
c) be clearly perceived and differentiated from all other signals used, and
d) be clearly recognized by the operator and other persons.
NOTE 1 See also ISO 7731 for more information on visual and audible alarms.
The information for use shall prescribe regular checking of warning devices. The warning devices shall be designed and located such that checking is easy.
The attention of designers is drawn to the possibility of “sensorial saturation”, which can either result from too many visual or acoustic signals, or both, and which can also lead to defeating the warning devices.
NOTE 2 Consultation of the user on this subject is often necessary.
6.3.4 Markings, signs (pictograms) and written warnings
Machinery shall bear all markings which are necessary
a) for its unambiguous identification, including at least:
1) the name and address of the manufacturer;
2) the designation of the model, series or type;
3) the batch or serial number or other element allowing its identification;
4) the year of manufacturing.
b) in order to indicate its compliance with mandatory requirements, comprising
1) marking, and
2) written indications, such as the authorized representative of the manufacturer, and intended use in potentially explosive atmospheres;
3) the version of the safety-related software installed and the values of the safety-related parameters.
c) for its safe use, for example,
1) maximum speed of rotating parts,
2) maximum diameter of tools,
3) mass (in kilograms) of either the machine itself or of removable parts, or both,
4) maximum working load,
5) necessity of wearing personal protective equipment,
6) guard adjustment data, and
7) frequency of inspection.
Where practical, information printed directly on the machine should be permanent and remain legible throughout the expected life of the machine.
Signs or written warnings indicating only “Danger” shall not be used.
Markings, signs and written warnings shall be readily understandable and unambiguous, especially as regards the part of the function(s) of the machine to which they are related. Readily understandable signs (pictograms) should be used in preference to written warnings.
Written warnings shall be drawn up in the language(s) of the country in which the machine will be used for the first time and, on request, in the language(s) understood by operators.
NOTE In some countries the use of specific language(s) is covered by legal requirements.
Markings shall comply with recognized standards. Examples for symbols, pictograms and colours are given, in particular, in ISO 7000 and ISO 7010 respectively.
See IEC 60204-1 for information regarding marking of electrical equipment.
See ISO 4413 and ISO 4414 for information on hydraulic and pneumatic equipment, respectively.
6.3.5 Accompanying documents (in particular — instruction handbook)
Contents
The instruction handbook or other written instructions (e.g. on the packaging) shall meet the requirements of ISO 20607, and shall contain, among others, the following:
a) information relating to transport, handling and storage of the machine, such as
1) storage conditions for the machine,
2) dimensions, mass value(s), position of the centre(s) of gravity,
3) indications for handling (e.g. drawings indicating application points for lifting equipment);
b) information relating to installation and commissioning of the machine, such as
1) fixing/anchoring and dampening of noise and vibration requirements,
2) assembly and mounting conditions,
3) space needed for use and maintenance,
4) permissible environmental conditions (e.g. temperature, moisture, vibration, electromagnetic radiation),
5) instructions for connecting the machine to power supply (particularly on protection against electrical overloading),
6) advice on waste removal/disposal,
7) if necessary, recommendations related to risk reduction measures which have to be implemented by the user — for example, additional safeguards (see Figure 3, Footnote d), safety distances, safety signs and signals;
c) information relating to the machine itself, such as
1) detailed description of the machine, its fittings and either its guards or protective devices, or both,
2) the comprehensive range of applications for which the machine is intended, including prohibited usages, if any, taking into account variations of the original machine if appropriate,
3) diagrams (especially schematic representation of safety functions),
4) data on noise and vibration generated by the machine, and on radiation, gases, vapours and dust emitted by it, with reference to the measuring methods (including measurement uncertainties) used,
5) technical documentation of electrical equipment (see IEC 60204-1),
6) documents attesting that the machine complies with mandatory requirements;
d) information relating to the use of the machine, such as that related to or describing
1) intended use,
2) manual controls (actuators),
3) setting and adjustment,
4) modes and means for stopping (especially emergency stop),
5) risks which cannot be eliminated by the risk reduction measures implemented by the designer,
6) particular risks which can be generated by certain applications, by the use of certain fittings, and about specific safeguards necessary for such applications,
7) prohibited use resulting from reasonably foreseeable misuse,
8) fault identification and location, for repair and for restarting after an intervention,
9) personal protective equipment needed to be used and the training that is required,
10) meaning and purpose of signals and warning devices.
e) information for maintenance, such as
1) the nature and frequency of inspections for safety functions, and procedure for testing the safety functions,
2) specification of the spare parts to be used when these can affect the health and safety of operators,
3) instructions relating to maintenance operations which require a definite technical knowledge or particular skills and hence need to be carried out exclusively by skilled persons (e.g. maintenance staff, specialists),
4) instructions relating to maintenance actions (e.g. replacement of parts) which do not require specific skills and hence may be carried out by users (e.g. operators),
5) drawings and diagrams enabling maintenance personnel to carry out their task rationally (especially fault-finding tasks);
f) information relating to dismantling, disabling and scrapping;
g) information for emergency situations, such as
1) the operating method to be followed in the event of accident or breakdown,
2) the type of fire-fighting equipment to be used,
3) a warning of possible emission or leakage of hazardous substance(s) and, if possible, an indication of means for fighting their effects;
h) maintenance instructions provided for skilled persons [item e) 3) above] and maintenance instructions provided for unskilled persons [item e) 4) above], that need to appear clearly separated from each other;
i) where applicable, measures that have been taken to minimize the cybersecurity threats.
Instruction handbook
The instruction handbook shall meet the following requirements:
a) The type face and font shall ensure the best possible legibility. Safety warnings or cautions, or both, should be either emphasized by the use of colours, symbols or large print, or all of them.
b) The information for use shall be given in a language(s) as determined by the country in which the machine will be used for the first time. If more than one language is to be used, each should be readily distinguished from another, and the translated text and relevant illustration should be kept together.
NOTE In some countries the use of specific language(s) is covered by legal requirements.
c) Whenever helpful to the understanding, text should be supported by illustrations. These illustrations should be supplemented with written details enabling, for example, manual controls (actuators) to be located and identified. They should not be separated from the accompanying text and should follow sequential operations.
d) Consideration should be given to presenting information in tabular form where this will aid understanding. Tables should be adjacent to the relevant text.
e) The use of colours should be considered, particularly in relation to components requiring quick identification.
f) When information for use is lengthy, either a table of contents or an index, or both, should be provided.
g) Safety-relevant instructions which involve immediate action shall be provided in a form readily available to the operator.
Drafting and editing information for use
The following applies to the drafting and editing of information for use.
a) Relationship to model: the information shall clearly relate to the specific model of machine and, if necessary, other appropriate identification (e.g. by serial number).
b) Communication principles: when information for use is being prepared, the communication process “see – think – use” should be followed in order to achieve the maximum effect and should follow sequential operations. The questions, “How?” and “Why?” should be anticipated and the answers provided.
c) Information for use shall be as simple and as brief as possible, and should be expressed in consistent terms and units with a clear explanation of unusual technical terms.
d) When it is foreseen that a machine will be put to non-professional use, the instructions should be written in a form that is readily understood by the non-professional user. If personal protective equipment is required for the safe use of the machine, clear advice should be given, for example, on the packaging as well as on the machine, so that this information is prominently displayed at the point of sale.
e) Durability and availability of electronical or physical documents: documents giving instructions for use should be produced in durable form (i.e. they should be able to survive frequent handling by the user). It can be useful to mark them “keep for future reference”.
Further details are specified in ISO 20607.
7.0 Documentation of risk assessment and risk reduction
The documentation shall demonstrate the procedure that has been followed and the results that have been achieved. This includes, when relevant, documentation of
a) the machinery for which the risk assessment has been made (e.g. specifications, limits, intended use);
b) any relevant assumptions that have been made (e.g. loads, strengths, safety factors);
c) the hazards and hazardous situations identified and the hazardous events considered in the risk assessment;
d) the information on which risk assessment was based (see 5.2):
1) the data used and the sources (e.g. accident histories, experience gained from risk reduction applied to similar machinery);
2) the uncertainty associated with the data used and its impact on the risk assessment;
e) the risk reduction objectives to be achieved by risk reduction measures;
f) the risk reduction measures implemented to eliminate identified hazards or to reduce risk;
g) residual risks associated with the machinery;
h) the result of the risk assessment (see Figure 2);
i) any forms completed during the risk assessment.
Standards or other specifications used to select risk reduction measures referred to in f) above should be referenced.
NOTE No requirement is given in this document to deliver the risk assessment documentation together with the machine. See ISO/TR 14121-2 for information on documentation.
See Figure A.1.
Figure A.1 — Schematic representation of a machine
This annex gives, in separate tables, examples of hazards (see Tables B.1 and B.2), hazardous situations (see Table B.3), and hazardous events (see Table B.4), in order to clarify these concepts and assist the persons performing risk assessment in the process of hazard identification (see 5.4).
The lists of hazards, hazardous situations and hazardous events given by this annex are not exhaustive, nor are they prioritized. Therefore, the designer should also identify and document any other hazard, hazardous situation or hazardous event existing in the machine.
In Table B.1, hazards have been grouped in accordance with their type (e.g. mechanical hazards, electrical hazards). In order to offer more detailed information on the type of hazards, there are two additional columns that correspond to the origin of the hazard and its potential consequences.
The use of one or more of the columns presented in Table B.1 depends on the degree of detail needed for describing an identified hazard. In some cases, it is enough to use only one of the columns, particularly when hazards are in the same hazard zone and can be grouped together in terms of risk reduction measures. Which column is used depends on whether the origin of the hazard or nature of the consequences is most useful when choosing an appropriate risk reduction measure. However, all hazards should be documented even if the risk associated with them appears to have been sufficiently reduced by a risk reduction measure suggested for reducing the risk associated with another hazard. Otherwise, the undocumented hazard, the risk from which has been sufficiently reduced by the mitigation of another hazard, can be neglected.
Where, for describing a hazard, more than one of the columns presented in Table B.1 is used, these should not be read line by line. Appropriate words should be selected and combined to describe the hazard in the most convenient way. For example:
— crushing due to moving elements;
— crushing due to a lack of stability of the machine or part of the machine;
— electrical shock or electrocution due to electrical equipment parts which become live under fault conditions;
— permanent hearing loss due to prolonged exposure to noise caused by stamping of parts;
— respiratory disease due to inhalation of toxic substances;
— musculoskeletal disorder due to bad postures and repetitive activity;
— burn due to contact with material at high temperature;
— dermatitis due to skin contact (dermal exposure) to toxic substances.
No. | Type or group | Examples of hazards | Subclause of this document | |||
|---|---|---|---|---|---|---|
Origina | Potential consequencesb | |||||
1 | Mechanical hazards | — | acceleration, deceleration; | — | being run over; | 6.2.2.1 |
— | angular parts; | — | being thrown; | 6.2.2.2 | ||
— | approach of a moving element to a fixed part; | — | crushing; | 6.2.3 a) | ||
— | cutting parts; | — | cutting or severing; | 6.2.3 b) | ||
— | elastic elements; | — | drawing-in or trapping; | 6.2.6 | ||
— | falling objects; | — | entanglement; | 6.2.10 | ||
— | gravity; | — | friction or abrasion | 6.3.1 | ||
— | height from the ground; | — | impact; | 6.3.2 | ||
— | high pressure; | — | injection; | 6.3.3 | ||
— | instability; | — | shearing; | 6.3.6.2 | ||
— | kinetic energy; | — | slipping, tripping and falling; | 6.3.6.4 | ||
— | lack of mechanical strength | — | stabbing or puncture; | 6.3.6.5 | ||
— | machinery mobility; | — | suffocation. | 6.3.6.6 | ||
— | moving or rotating elements; |
| 6.4.1 | |||
— | rough, slippery surface; | 6.4.4 | ||||
— | sharp edges; | 6.4.5 | ||||
— | stored energy; | |||||
— | vacuum. | |||||
2 | Electrical hazards | — | arc; | — | burn; | 6.2.9 |
— | electromagnetic phenomena including those related to permanent magnets; | — | chemical effects; | 6.3.2 | ||
— | effects on medical implants; | 6.3.3.2 | ||||
— | electrostatic phenomena; | — | electrocution; | 6.3.6.4 | ||
— | live parts; | — | falling, being thrown; | 6.4.4 | ||
— | not enough distance to live parts under high voltage; | — | fire; | 6.4.5 | ||
— | overload; | — | projection of molten particles; | |||
— | parts which have become live under fault conditions; | — | shock. | |||
— | short-circuit; |
| ||||
— | thermal radiation. | |||||
3 | Thermal hazards | — | explosion; | — | burn; | 6.2.4 b) |
— | flame; | — | dehydration; | 6.2.8 c) | ||
— | objects or materials with a high or low temperature; | — | discomfort; | 6.3.3.2.1 | ||
— | frostbite; | 6.3.4 | ||||
— | radiation from heat sources. | — | injuries by the radiation of heat sources; |
| ||
— | scald |
| ||||
4 | Noise hazards | — | cavitation phenomena; | — | discomfort; | 6.2.2.2 |
— | exhausting system; | — | loss of awareness; | 6.2.3 c) | ||
— | gas leaking at high speed; | — | loss of balance; | 6.2.4 c) | ||
— | manufacturing process (stamping, cutting, etc.); | — | permanent hearing loss; | 6.2.8 c) | ||
— | moving parts; | — | stress; | 6.3.1 | ||
— | scraping surfaces; | — | tinnitus; | 6.3.2 b) | ||
— | unbalanced rotating parts; | — | tiredness; | 6.3.3.2.1 | ||
— | whistling pneumatics; | — | any other | 6.3.4 | ||
— | worn parts. | 6.4.3 | ||||
6.4.5.1 b) | ||||||
6.4.5.1 c) | ||||||
5 | Vibration hazards | — | cavitation phenomena; | — | discomfort; | 6.2.2.2 |
— | misalignment of moving parts; | — | low-back morbidity; | 6.2.3 c) | ||
— | mobile equipment; | — | neurological disorder; | 6.2.8 c) | ||
— | scraping surfaces; | — | osteo-articular disorder; | 6.3.3.2.1 | ||
— | unbalanced rotating parts; | — | trauma of the spine; | 6.3.4 | ||
— | vibrating equipment; | — | vascular disorder. | 6.4.5.1 c) | ||
— | worn parts. | |||||
6 | Radiation hazards | — | ionizing radiation source; | — | burn; | 6.2.2.2 |
— | low frequency electromagnetic radiation; | — | damage to eyes and skin; | 6.2.3 c) | ||
— | effects on reproductive capability; | 6.3.3.2.1 | ||||
— | optical radiation (infrared, visible and ultraviolet), including laser; | — | mutation; | 6.3.4 | ||
— | headache, insomnia, etc. | 6.4.5.1 c) | ||||
— | radio frequency electromagnetic radiation. | |||||
7 | Material/ substance hazards | — | aerosol; | — | breathing difficulties, suffocation; | 6.2.2.2 |
— | biological and microbiological (viral or bacterial) agent; | — | cancer; | 6.2.3 b) | ||
— | combustible; | — | corrosion; | 6.2.3 c) | ||
— | dust; | — | effects on reproductive |
| ||
— | explosive; | capability; | 6.2.4 a) | |||
— | fibre; | — | explosion; | 6.2.4 b) | ||
— | flammable; | — | fire; | 6.3.1 | ||
— | fluid; | — | infection; | 6.3.3.2.1 | ||
— | fume; | — | mutation; | 6.3.4 | ||
— | gas; | — | poisoning; | 6.4.5.1 c) | ||
— | mist; | — | sensitization. | 6.4.5.1 g) | ||
— | oxidizer. | |||||
8 | Ergonomics hazards | — | access; | — | discomfort; | 6.2.2.1 |
— | design or location of indicators and visual displays units; | — | fatigue; | 6.2.7 | ||
— | — | musculoskeletal disorder; | 6.2.8 | |||
— | design, location or identification of control devices; | — | stress; | 6.3.2 | ||
— | any other (e.g. mechanical, electrical) as a consequence of a human error. | 6.3.3.2.1 | ||||
— | effort; | 6.3.5.10 | ||||
— | flicker, dazzling, shadow, stroboscopic effect; | |||||
— | local lighting; | |||||
— | mental overload/underload; | |||||
— | posture; | |||||
— | repetitive activity; | |||||
— | visibility. | |||||
9 | Hazards associated with the environment in which the machine is used | — | dust and fog; | — | burn; | 6.2.6 |
— | electromagnetic disturbance; | — | slight disease; | 6.3.2 | ||
— | lightning; | — | slipping, falling; | 6.3.5.12 | ||
— | moisture; | — | suffocation; | 6.4.5.1 b) | ||
— | pollution; | — | any other as a consequence of the effect caused by the sources of the hazards on the machine or parts of the machine. | |||
— | snow; | |||||
— | temperature; | |||||
— | water; | |||||
— | wind; | |||||
— | lack of oxygen. | |||||
10 | Combination of hazards | — | for example, repetitive activity + effort + high environmental temperature | — | for example, dehydration, loss of awareness, heat stroke | — |
a A single origin of a hazard can have several potential consequences. b For each type of hazard or group of hazards, some potential consequences can be related to several origins of hazard. | ||||||
Table B.2 is a subset of Table B.1 and contains some examples of typical hazards. Each origin has been related to potential significant consequences. The order of potential consequences is not associated with any priority.
Hazard | Hazard | ||
|---|---|---|---|
| Origin cutting parts Potential consequences |
| Origin falling objects Potential consequences |
— cutting — severing | — crushing — impact | ||
| Origin moving elements Potential consequences |
| Origin moving elements Potential consequences |
— crushing — impact — shearing | — drawing-in — friction, abrasion — impact | ||
| Origin gravity, stability Potential consequences |
| Origin approach of a moving Potential consequences |
— crushing — trapping | — crushing — impact | ||
| Origin rotating or moving Potential consequences |
| Origin moving elements Potential consequences |
— severing — entanglement | — crushing — friction, abrasion — impact — severing | ||
| Origin live electrical parts Potential consequences |
| Origin objects or materials with a high or low temperature Potential consequences |
— electric shock — burn — puncture — scald | — burn | ||
| Origin vibrating equipment Potential consequences |
| Origin noisy manufacturing process Potential consequences |
— osteo-articular disorder — vascular disorder | — fatigue — hearing impairment — loss of awareness — stress | ||
| Origin laser beam Potential consequences |
| Origin dust (emissions) Potential consequences |
— burn — damage to eyes and skin | — breathing difficulties — explosion — loss of sight | ||
| Origin posture Potential consequences |
| Origin fumes Potential consequences |
— discomfort — fatigue — musculoskeletal disorder | — breathing difficulties — irritation — poisoning | ||
| Origin location of control devices Potential consequences |
| Origin gravity (bulk material solidified) Potential consequences |
— any as a consequence of human error — stress | — collapse, falling — crushing — slumping/sagging — suffocation — wedging/jamming | ||
Hazardous situations are those circumstances in which a person is exposed to at least one hazard. The exposure of a person is often the consequence of performing a task on the machine.
Some examples of hazardous situations are
a) work near moving parts,
b) exposure to ejection of parts,
c) work underneath a load,
d) work near objects or materials at extreme temperatures, and
e) exposure of the worker to hazards generated by noise.
In practice, hazardous situations are often described in terms of tasks or operation of tasks (e.g. manual loading or unloading of work pieces in a press (or both), troubleshooting under voltage).
When describing a hazardous situation it should be ensured that the analysed situation is clearly defined with the information available (task performed, hazard, hazardous zone).
Table B.3 includes a list of tasks which can result in a hazardous situation in the case of exposure to one or more of the hazards presented in Table B.1.
Phases of machine lifecycle | Examples of tasks |
|---|---|
Transport | — Lifting — Loading — Packing — Transportation — Unloading — Unpacking |
Assembly and installation | — Adjustments of the machine and its components — Assembly of the machine — Connecting to disposal system (e.g. exhaust system, waste water installation) — Connecting to power supply (e.g. electric power supply, compressed air) — Demonstration — Feeding, filling, loading of ancillary fluids (e.g. lubricant, grease, glue) — Fencing — Fixing, anchoring — Preparations for the installation (e.g. foundations, vibration isolators) — Running the machine without load — Testing — Trials with load or maximum load |
Setting | — Adjustment and setting of protective devices and other components — Adjustment and setting or verification of functional parameters of the machine (e.g. speed, pressure, force, travelling limits) — Clamping/fastening the workpiece — Feeding, filling, loading of raw material — Functional test, trials — Mounting or changing tools, tool-setting — Programming validation — Validation of the final product |
Operation | — Clamping/fastening the workpiece — Control/inspection — Driving the machine — Feeding, filling, loading of raw material — Manual loading/unloading — Minor adjustments and setting of functional parameters of the machine (e.g. speed, pressure, force, travel limits) — Minor interventions during operation (e.g. removing waste material, eliminating jams, local cleaning) — Operating manual controls — Restarting the machine after stopping/interruption — Supervision — Validation of the final product |
Cleaning/Maintenance | — Adjustments — Cleaning, disinfection — Dismantling/removal of parts, components, devices of the machine — Housekeeping — Isolation and energy dissipation — Lubrication — Replacement of tools — Replacement of worn parts — Resetting — Restoring fluid levels — Validation of parts, components, devices of the machine |
Fault-finding/ Troubleshooting | — Adjustments — Dismantling/removal of parts, components, devices of the machine — Fault-finding — Isolation and energy dissipation — Recovering from control and protective devices failure — Recovering from jam — Repairing — Replacement of parts, components, devices of the machine — Rescue of trapped persons — Resetting — Validation of parts, components, devices of the machine |
Dismantling/Disabling | — Disconnection and energy dissipation — Dismantling — Lifting — Loading — Packing — Transportation — Unloading |
NOTE These tasks can be applied to the machine or parts of it. | |
Table B.4 gives examples of hazardous events that can occur in or around the machinery.
A hazardous event can have different causes. For example, contact with moving parts due to an unexpected start-up can be caused by an unintentional actuation of a control device or by a fault in the control system.
Every cause can in turn be the result of another event or combination of events (chain of events).
Origin related to | Hazardous event | Subclause of this document |
|---|---|---|
either shape or superficial finishing of accessible parts of the machine, or both | — contact with rough surfaces — contact with sharp edges and corners, protruding parts | 6.2.2.1 |
Moving parts of the machine | — contact with moving parts — contact with rotating open ends | 6.2.2, 6.2.12, 6.2.13 6.3.1 to 6.3.3 6.3.5.2 to 6.3.5.4 6.4.3 to 6.4.5 |
either kinetic energy or potential energy (gravity) of the machine, parts of the machine, tools and materials used, processed, handled, or both | — falling or ejection of objects | 6.2.3, 6.2.5, 6.2.10 6.3.2, 6.3.3, 6.3.5 6.3.6.2, 6.3.6.4, 6.3.6.5 6.4.4, 6.4.5 |
either stability of the machine or parts of the machine, or both | — loss of stability | 6.2.3 a) and b) 6.2.6 6.3.2, 6.3.3 6.4.3 to 6.4.5 |
Mechanical strength of parts of the machine, tools, etc. | — break-up during operation | 6.2.3 a) and b) 6.2.11, 6.3.2, 6.3.3, 6.3.5 6.4.4, 6.4.5 |
Pneumatic, hydraulic equipment | — displacement of moving elements — projection of high-pressure fluids — uncontrolled movements | 6.2.3 a) and b) 6.2.10, 6.2.11 6.3.3.1 to 6.3.3.3 6.3.6.4 6.4.4 6.4.5 |
Electrical equipment | — direct contact — disruptive discharge — electric arc — fire — indirect contact — short-circuit | 6.2.4 a) 6.2.9 6.3.2, 6.3.3 6.3.5.8 6.3.6.4 6.4.4 6.4.5 |
Control system | — dropping or ejection of a moving part of the machine or of a workpiece clamped by the machine — failure to stop moving parts — machine action resulting from inhibition (defeating or failure) of protective devices — uncontrolled movements (including speed change) — unintended/unexpected start-up — other hazardous events due to failure(s) or poor design of the control system | 6.2.5, 6.2.11 6.3.2, 6.3.3, 6.3.5 6.3.6.2 to 6.3.6.4 6.4.3 to 6.4.5 |
Materials and substances or physical factors (temperature, noise, vibration, radiation and environment) | — contact with objects with high or low temperature — emission of a substance that can be hazardous — emission of a level of noise that can be hazardous — emission of a level of noise that can interfere with a speech communication or with acoustic signals — emission of a level of vibration that can be hazardous — emission of radiation fields that can be hazardous — harsh environmental conditions | 6.2.2.2 6.2.3 c) 6.2.4 6.2.8 6.3.1 6.3.3.2 6.3.4 6.4.3 to 6.4.5 |
either workstation or work process design, or both | — excessive effort — human errors/misbehaviour (either unintentional or deliberately induced by the design, or both) — loss of direct visibility of the working area — painful and tiring postures — repetitive handling at high frequency | 6.2.2.1 6.2.7, 6.2.8 6.3.5.10 6.3.6.5, 6.3.6.6 6.4.3 to 6.4.5 |
(informative)
Using the system of type-A, type-B and type-C standards to design a machine to achieve tolerable risk by adequate risk reduction
This Annex provides assistance to the designer/manufacturer of machinery and related components as to how the system of existing type-A, type-B and type-C machinery safety standards should be applied in order to design a machine to achieve tolerable risk by adequate risk reduction. In particular, this Annex focuses on the role of type-C-standards in this process.
NOTE This Annex content was previously published as ISO/TR 22100-1.
The content provided by type-C standards is clearly establishing the following:
a) the scope (limits of the machinery);
b) the significant hazard(s);
c) the requirements prescribing risk reduction;
d) the means of verifying the risk reduction measures.
It is a basic principle that type-C standards contain sufficient added value to the requirements of existing type-A and type-B standards. Added value normally consists of a description of specific risk reduction measure(s) dealing with the significant hazard, hazardous situation, or hazardous event. However, this can also include reference to type-B standards or to other reference standards.
Because of the large variety of machinery, it might happen that type-C standards deviate from one or more technical requirements dealt with by a type-B standard. In those cases, the existing machine specific type‑C standard takes precedence over the type-B standard.
The system of type-A, type-B and type-C standards is intended to provide one means for designers and manufacturers to develop machinery that can be used to achieve tolerable risk by adequate risk reduction. Figure C.1 shows the recommended steps for the practical use of ISO 12100 and existing type-B and type-C standards within this system.
Figure C.1 — Recommended steps for the practical use of ISO 12100 and existing type-B and type-C standards within this system
The process of risk assessment is facilitated by the application of type-C standards, since these standards for machinery identify the significant hazards that are generally associated with the category of machinery concerned and specify risk reduction measures to deal with them. It is assumed that a type-C standard is the result of a risk assessment process carried out by a team of technical experts familiar with the machine in question. However, the application of type-C standards does not dispense the machinery manufacturer from the obligation to carry out a risk assessment in accordance with this document.
Therefore, a manufacturer who applies the requirements of a type-C standard should ensure that the type‑C standard is appropriate to the particular machinery concerned and covers all of the risks it presents. If the machinery concerned presents hazards that are not covered by a type-C-standard, a full risk assessment in accordance with this document is required for those hazards and appropriate risk reduction measures should be taken to deal with them.
Furthermore, where type-C standards specify several alternative requirements without defining criteria for choice between them, the choice of the appropriate requirement for the machinery concerned should be based on a specific risk assessment.
Step 1 — Search for a type-C standard
Machine designers and manufacturers should search for an applicable type-C standard because it provides the most relevant guidance regarding safety of machinery for a particular machine.
Step 2 — Check the scope
If an appropriate type-C standard exists for the machine in question, the designer/manufacturer needs to check carefully if the scope of this type-C standard is fully covering the actual machine in question regarding the limits of the machine (see 5.3).
Step 3 — Check significant hazards in accordance with the type-C standard If the outcome of step 2 shows that an applicable type-C standard exists for the machine in question, the designer/manufacturer needs to check carefully that this type-C standard is covering all significant hazards to be associated with the actual machine in question and its application (see 5.4).
In addition, the designer has to check carefully that the risk reduction measures specified in the type-C standard are appropriate for the application to the particular machine in question.
Step 4A — Application of type-C standard If steps 2 and 3 are fulfilled, the risk reduction measures contained in the type-C standard should be applied (see Clause 6). The application of the risk reduction measures specified in the type-C standard is assumed to achieve tolerable risk for the particular machine in question by adequate risk reduction.
NOTE Through this process (Step 1 to Step 4A), the risk estimation (see 5.4), the risk evaluation (see 5.6) as well as the iterative risk reduction (see clause 6) are covered. Therefore, for those significant hazards covered by the typeC standard, individual risk estimation, risk evaluation as well as iterative risk reduction by the designer/manufacturer is not necessary.
Next, go to step 5.
Step 4B — Application of type-C standard plus determination of any machine parts outside the scope of the type-C standard and identification of related additional hazards, hazardous situation(s) or hazardous event(s).
In case one or both of step 2 and step 3 are not fulfilled, the designer/manufacturer should either determine which parts of the machine in question or which significant hazard(s), hazardous situation(s), or hazardous event(s), or all of them, need to be considered in addition to the chosen (appropriate) type-C standard. For those parts of the machine in question or significant hazard(s), hazardous situation(s), or hazardous event(s) not covered by the chosen (appropriate) type-C standard, the principle process of risk assessment and risk reduction (see Figure 2) should be applied. This should be done with the help of relevant type-B standards.
Next, go to step 5.
Step 4C — For machines not covered by an applicable type-C standard, the principle process of risk assessment and risk reduction (see Figure 1) should be applied. Appropriate type-B standards can be used to perform this process.
For the risk assessment process as such practical guidance and examples of methods to be applied are given in ISO/TR 14121-2.
Further, type-B1 standards (e.g. ISO 13732-1) are helpful to evaluate hazardous situations.
When the significant hazard(s), hazardous situation(s), or hazardous event(s) are identified as a result of the risk assessment, appropriate type-B1 and type-B2 standards can be used to specify effective measures for risk reduction.
In addition, the designer/manufacturer may specify other risk reduction measures independent from existing safety standards.
As a result of this process, it has to be assumed that the particular machine in question results in a design of the machine that can be used with tolerable risk achieved by adequate risk reduction.
Next, go to step 5.
Step 5 — Documentation
Detailed documentation of how step 1 to step 4 have been applied should show that the particular machine in question is designed to achieve tolerable risk by adequate risk reduction.
The use of this document in combination with ISO 13849‑1 has shown that readers have experienced difficulty in understanding how these two documents work together. This Annex has been prepared to guide readers in how the standards are to be used to achieve tolerable risk for a machine in general and for the safety-related parts of the control system, in particular.
This Annex describes the general relationship between this document and ISO 13849‑1 used to reduce risks. It focuses on the use of safety-related parts of control systems in relation to risk assessment and the risk reduction process.
NOTE 1 The explanations about the relationship to this document are relevant for ISO 13849‑1 but can be applied in a similar manner to IEC 62061.
NOTE 2 This Annex content was previously published as ISO/TR 22100-2.
As shown in Figure D.1 this document is the type-A standard specifying the general principles for safety of machinery and applies to all machinery. ISO 13849-1 is a type-B standard addressing a particular aspect and can be used across a wide range of machinery.
Figure D.1 — General structure of the system of machinery safety standards
Figure D.2 shows the risk assessment and risk reduction process in accordance with this document and contains additional information regarding its interrelation with ISO 13849-1.
As shown in Figure D.2, ISO 13849-1 is relevant for cases where a risk assessment in accordance with this document has indicated a risk reduction measure (e.g. interlocking guard) that relies on a safety-related control system. In those cases the safety-related control system has to perform a safety function. The application of ISO 13849-1 is restricted to those cases only.
In the risk assessment and risk reduction process of this document (iterative three-step method), the hazards related to a machine shall be identified and the risk estimated. As shown in Figure 2, risk estimation initially occurs prior to risk reduction. The initial risk is estimated using one of various risk scoring systems or methods (see ISO/TR 14121-2). It should be noted that the method given in ISO 13849-1 is primarily intended to be used for safety functions carried out by safety-related control systems. For example, a resulting category or performance level makes no sense for a slipping hazard or falling hazard.
When a control system with safety functions is selected as a risk reduction measure (such as a guard door interlock) in accordance with this document, then ISO 13849-1 should be used to design and evaluate the safety-related parts of the control system. Only the part of the control system that is safety-related falls under the scope of ISO 13849-1. Not all aspects of the control system perform safety functions such as some proximity sensors, parts counters, or monitoring devices. There is no need to apply ISO 13849-1 to non-safety-related parts of the control system.
Key
| Interrelation with ISO 13849-1 in case risk reduction measures are connected with the control |
a | The first time the question is asked, it is answered by the result of the initial risk assessment. |
Figure D.2 — Schematic representation of risk assessment and risk reduction process in accordance with Figure 2 of this document
For the correct application of ISO 13849-1 basic input information resulting from the application of the overall risk assessment and risk reduction process for the particular machine design is necessary. Based on this input information the safety-related parts of the control system can be appropriately designed in accordance with ISO 13849-1. Information resulting from a detailed design of safety-related parts of the control system relevant for its integration into the machine design has then to be considered in the overall risk assessment and risk reduction process in accordance with this document. Figure D.3 illustrates this interrelation.
Figure D.3 — Interrelation between this document and ISO 13849-1
The following input information to ISO 13849-1 from the application of the overall risk assessment and risk reduction process in accordance with this document for the particular machine is necessary for the correct application of ISO 13849-1:
a) the limits of the machine in accordance with 5.3, including
1) use limits,
2) space limits,
3) time limits,
4) other limits (e.g. environmental conditions).
b) the risk associated with a particular hazardous situation in accordance with 5.5.2 which depends on the following elements:
1) severity of harm;
2) probability of occurrence of that harm, which is a function of
i) exposure of person(s) to the hazard,
ii) occurrence of a hazardous event,
iii) technical and human possibilities to avoid or limit the harm.
These elements of risk should consider all risk reduction measures (inherently safe design, safeguarding) already taken in the iterative process in accordance with this document. In cases where no risk reduction measures (inherently safe design, safeguarding) were taken so far, the elements of risk are identical with those obtained in the first step of the iterative process in accordance with this document.
NOTE 1 The occurrence of a hazardous event can be caused by technical or human factors. For further explanation see ISO 13849-1:2023, A.3.3.
NOTE 2 The occurrence of a hazardous event and the technical and human possibilities to avoid or limit the harm are included in parameter P of ISO 13849-1:2023, Annex A.
In cases where for the overall risk assessment and risk reduction process in accordance with this document a scale for the elements of risk is used, the output from the risk assessment tool used should be mapped appropriately to the Performance Level scale given in ISO 13849-1. All necessary input information for the selection of the required Performance Level PLr (elements of risk values for the considered hazardous situation) are available from the overall risk assessment and risk reduction process in accordance with this document. Therefore, a separate risk assessment for the application of ISO 13849-1 is not necessary.
The graph given in ISO 13849-1:2023, Figure A.1 is used only to select the PLr for safety functions and is not intended to be used as a risk estimation method for the overall machine in accordance with this document.
NOTE 3 Some type-C standards already determine values for PLr for particular safety functions.
c) Specifications for the intended performance of the related risk reduction, such as
1) general prescription of the intended function of the risk reduction measure (relevant functional requirements),
2) specific safety-related characteristics for the risk reduction (e.g. reaction time, operating modes),
3) prescription of the environmental conditions relevant for the risk reduction (e.g. space limitation, temperature, humidity, vibration),
4) prescription of either other machine or process specific conditions, or both (e.g. designated safety-related components [sensor, control actuator]).
The following output information from ISO 13849-1 resulting from the detailed design of safety-related control system is an input to this document to finalize the overall risk assessment and risk reduction process:
a) the result of the verification and validation in accordance with ISO 13849-1 and ISO 13849-2 used to demonstrate that the intended risk reduction is achieved by the risk reduction measures chosen;
b) technical documentation for integration/assembly of the technical solution into the machine design in accordance with ISO 13849-1:2023, Clause 12;
c) information for use (relevant information to be given from the machine designer to the machine user to ensure the correct use of the safety-related part of the control system and interrelated risk reduction measures) in accordance with ISO 13849-1:2023, Clause 13.
English | French | German | Clause/subclause/Annex of this document |
|---|---|---|---|
A | |||
access code | code d'accès | Zugangscode | 6.3.5.9 |
access (means of) | moyens d'accès | Zugänge | 6.3.6.6 |
access to a hazard zone (to a danger zone) | accès à une zone dangereuse | Zugang zu einem Gefährdungsbereich | 3.29; 5.5.2.3.1; 6.2.13; 6.3.1; 6.3.2; 6.3.5.6 |
accessibility | accessibilité | Zugänglichkeit | 6.2.7 |
active optoelectronic protective device | dispositif de protection opto- électronique actif | aktive optoelektronische Schutzeinrichtung | 3.28.6; 6.3.3.3 |
actuator (machine) | actionneur | Antriebselement | 6.2.4; Annex A |
actuator/manual control | organe de service | Stellteil | 3.28.3; 6.2.2.1; 6.2.8 f); 6.3.5.7.2; 6.3.5.10 f); 6.3.6.2; 6.4.5.1 d); 6.4.5.2 d); D.3.2 |
adequate risk reduction | réduction adéquate du risque | entsprechende Risikominderung | Scope; Clause 4; Figure 1; 5.6.2; 6.3.5.9; Clause C.1; Clause C.4;5.6.1; 5.6.2 |
adjustable guard | protecteur réglable | einstellbare trennende Schutzeinrichtung | 3.27.3; 5.5.3.6; Figure 5; 6.3.3.2.5 |
angular part | pièce de forme aiguë | spitzes Teil | Table B.1 |
application point | point de préhension | Anschlagpunkt | 6.4.5.1 a) |
artificial intelligence | intelligence artificielle | künstliche Intelligenz | Scope; 5.3.2 f); 5.4 b) |
assembly | montage | Montage | 3.1; 5.4; 6.3.5.1; 6.4.1.3; 6.4.5.1 b); Table B.3; D.3.3; Table B.3 |
assembly of machines | ensemble de machines | Maschinenanlage | 3.1; 6.3.5.1 |
automatic monitoring | autosurveillance | Selbstüberwachung/ automatische Überwachung | 6.3.3.2.3, 6.3.3.2.5; 6.3.5.1; 6.3.5.8.4; 6.3.5.13 |
B | |||
barrier | barrière | Sperre | 3.27; 3.29 |
burn | brûlure | Verbrennung | Clause B.2; Table B.1; Table B.2 |
C | |||
centre of gravity | centre de gravité | Masse-schwerpunkt | 6.2.6 |
chip | copeau | Span | 6.3.3.2.1 |
cleaning | nettoyage | Reinigung | 5.4; 5.5.3.2; 6.2.14; 6.3.5.11; 6.4.1.3; Table B.3 |
colour | couleur | Farbe | 6.4.4 c); 6.4.5.2 a); 6.4.5.2 e) |
commissioning | mise en service | in Betrieb nehmen | 5.4; 6.4.1.3; 6.4.5.1 b); Table B.3 |
common cause failures | défaillances de cause commune | Ausfälle aufgrund gemeinsamer Ursache | 3.34; 3.35; 6.3.5.8.4 |
common mode failures | défaillances de mode commun | gleichartige Ausfälle | 3.34;3.35; 6.3.5.8.4 |
comparison of risks | comparaison des risques | Risikovergleich | 5.5.2.3.2; 5.6.3 |
complementary risk reduction measure | mesure de réduction du risque complémentaires | ergänzende Risikominderungs-maßnahme | 3.18; Figure 2; Figure 3; 6.1; 6.3; 6.3.1; 6.3.2; 6.3.6 |
construction | construction | Herstellung | 3.27; 6.2.3 a); 6.3.3.1 a); 6.3.3.2.6; 6.4.4 b) |
containment | retention | Kapselung/ Fernhaltung (von Stoffen, usw.) | 6.3.3.2.1 |
control device | appareil de commande | Steuerungseinrichtung | 3.28.3; 3.28.4; 3.28.9; 6.3.5.1; 6.3.5.10 a),b),d),g); 6.3.5.11 b),c); 6.3.3.6; Tables B.1, B.2 and B.4 |
control mode | commande (mode de) | Steuerungsart | 6.3.5.11 |
control system | commande (système de) | Steuerungssystem/ Steuerung | 3.27.4; 3.27.5; 3.28.5; 3.28.9; 3.31; 3.40; 6.2.4; 6.3.3.2.3; 6.3.3.3; 6.3.5; 6.3.5.1; 6.3.5.7; 6.3.5.7.1; 6.3.5.7.2; 6.3.5.7.3; 6.3.5.8.1; 6.3.5.8.2; 6.3.5.14; 6.2.11; 6.2.12, Annex A; Clause B.4; Table B.4; Table B.4; Clause D.1; Clause D.2; Clause D.2; D.3.1, D.3.3, D.3.3 c) |
crushing hazard | risque d'écrasement | Gefährdung durch Quetschen | 3.6 |
cutting parts | éléments coupants | schneidende Teile | Annex B; Table B.1; Table B.2 |
cybersecurity | cybersécurité | Cybersicherheit | Scope; 3.40; Clause 4, Note1; 5.3.2 e); 5.4 b); 6.3.5.7.2; 6.3.5.15 |
D | |||
damage to health | atteinte à la santé | Gesundheits-schädigung | 3.5; 5.2.1 c); 5.5.2 a); 5.5.2.3.2 c); 5.5.3.2 |
danger | danger | Gefahr | 6.2.12; 6.4.4 |
danger zone | zone dangereuse | Gefährdungsbereich (Gefahrbereich) | 3.10; 3.28.5; 3.29; 5.5.2.3.1 c); 6.2.2.1; 6.2.13; 6.3.2; 6.3.3.1 d); 6.3.5.10 c),e); 6.3.5.11; 6.3.6.6 |
defeating | neutralisation (d'un dispositif de protection) | Umgehen (einer Schutzeinrichtung) | 5.5.3.6; 6.3.2; 6.3.5.1; Table B.4 |
defeating | neutralisation | Umgehen (einer Warneinrichtung) | 6.4.3 |
depressurizing | mise à la pression atmosphérique | Druckentlastung | 6.2.10 |
design (of a machine) | conception (d'une machine) | Konstruktion (einer Maschine) | 3.20; 3.21; 3.32; Clause 4; 5.2.15.2.2; 5.4 c);5.5.3.4; 5.5.3.6; 5.6.2; 5.6.3; 6.1; 6.2.1; 6.2.2.1 a), d); 6.2.2; 6.2.3; 6.2.7 ;6.2.8 ;6.2.9; 6.2.10; 6.2.13; 6.3.1; 6.3.2; 6.3.3.1; 6.3.3.2.3; 6.3.3.2.4; 6.3.3.2.5; 6.3.3.3; 6.3.5.1; 6.3.5.5; 6.3.5.7.1; 6.3.5.7.2; 6.3.5.7.3; 6.3.5.8.4; 6.3.5.9; 6.3.5.10 a),f),g); 6.3.6.1; 6.3.6.6; 6.4.1.1; 6.4.2; 6.4.3; Table B.1; Table B.4, Clause C.1, C.4.2.2, Clause D.2; D.3.1; D.3.2; D.3.3 |
design error | erreur de conception | Konstruktionsfehler | 5.4 b) |
designer | concepteur | Konstrukteur/ | Scope, Note 4; 3.7; 3.12; 3.24; Clause 4; Figure 3; 5.4; 5.5.3.5; 5.6.1; 6.2.8; 6.3.4; 6.4.3; 6.4.5.1 d); Clauses B.1, C.1 and C.4; C.4.2.2 |
diagnostic system | diagnostic (système de) | Diagnosesystem | 6.3.5.14 |
direct contact | contact direct | direktes Berühren | 6.2.5; Table B.4 |
disabling | mise hors service | außer Betrieb nehmen | 5.4; 6.2.1.3; 6.2.6; 6.4.5.1 f); Table B.3 |
dismantling (of a machine) | démontage (d'une machine) | Demontage (einer Maschine) | Clause 4; 5.4; 6.2.6; 6.4.1.3; 6.4.5.1 f); Table B.3 |
display | affichage | Anzeige | 6.2.8; 6.3.5.1; Annex A; Table B.1 |
disturbance(s) | perturbation(s) | Störung(en) | 5.4 b); 6.3.5.8.2; 6.3.5.8.4; Table B.1 |
door | porte | Tür | 3.27; Clause D.4 |
drawing-in/trapping hazard | risque d'entraînement/ d'emprisonnement | Gefährdung durch Einziehen/Fangen | 6.3.2; 6.3.6.3; Table B.1; Table B.2 |
dust | poussière | Staub | 5.2.1 c); 5.3.5 c); 6.2.2.2 c); 6.3.3.2.1; 6.3.5.8.2; 6.4.5.1 c); Table B.1; Table B.2 |
E | |||
edge (sharp) | arête vive | scharfe Kante | 6.2.2.1 c); 6.3.3.2.6; Table B.1; Table B.4 |
electric shock | choc électrique | elektrischer Schlag | 3.6; 6.2.9; Table B.2 |
electrical equipment | équipement électrique | elektrische Ausrüstung | 6.2.4 a); 6.2.9; 6.4.3; 6.4.5.1 c); Table B.2; Table B.4 |
electrical hazard | risque électrique | elektrische Gefährdung | 3.6; 6.2.9; Table B.1 |
electrical overloading | surcharge (électrique) | Überlastung (elektrische) | 6.4.5.1 b) |
electromagnetic compatibility | compatibilité électromagnétique | elektromagnetische Verträglichkeit | 6.3.5.12 |
electrostatic phenomena | phénomènes électrostatique | elektrostatische Vorgänge | Table B.1 |
emergency situation | situation d'urgence | Notfall | 3.37; 6.3.6.2; 6.4.5.1 g) |
emergency stop (function) | arrêt d'urgence (fonction) | Stillsetzen im Notfall (Funktion zum) | 3.38; 6.3.5.1; 6.3.5.10; 6.3.6.2; 6.3.6.3; 6.4.5.1 d) |
emergency stop control | commande d'arrêt d'urgence | Stellteil zum Stillsetzen im Notfall | 6.3.5.1; 6.3.5.11; 6.3.6.2 |
emergency stop device | arrêt d'urgence (dispositif d') | Einrichtung zum Stillsetzen im Notfall | 6.3.1; 6.3.5.1; 6.3.6.2; 6.3.4 |
emission value | valeur d'émission | Emissionswert | 3.39; 6.2.3 c) |
emissions | émissions | Emissionen | 3.39; 5.2.1 c); 6.2.2.2 c); 6.3.1; 6.3.3.2.1; 6.3.4; Table B.2 |
enabling control device | validation (dispositif de) | Zustimmungs-einrichtung | 3.28.2; 6.3.5.11 b) |
entanglement hazard | risque de happement | Gefährdung durch Erfassen | Table B.1; Table B.2 |
environment | environnement | Umwelt/Umgebung | 5.3.1; 5.4; 6.2.7; 6.3.2 c); Table B.1; Table B.4 |
environmental conditions | conditions liées à l'environnement | Umgebungseinflüsse | 5.3.5; 6.3.2.5.2; 6.4.5.1 b); Table B.1; Table B.4; D.3.2 |
ergonomics hazards | risque ergonomique | Gefährdung durch Vernachlässigung ergonomischer Grundsätze | Table B.1.8 |
ergonomics principle | ergonomique (principe) | ergonomischer Grundsatz | 6.2.8; 6.3.2; 6.3.5.10 |
error (human) | erreur (humaine) | Fehlverhalten (menschliches) | 6.2.8 f); Table B.1; Table B.2; Table B.4 |
escape and rescue (of a person) | dégagement et sauvetage (d'une personne) | Befreiung und Rettung (einer Person) | 6.3.6.3 |
explosive atmosphere | atmosphère explosible | explosionsgefährdete Atmosphäre | 6.2.4; 6.4.4 b) |
exposure to hazard | exposition à un phénomène dangereux | Gefährdungsexposition/ Aussetzung einer Gefährdung | 3.10; 5.5.2.1; 5.5.2.3.1; 5.5.3; 6.3.5.14; 6.3.1; Annex B |
exposure to hazards (limiting) | exposition à un phénomène dangereux (limitation de l'exposition à un) | Gefährdungsexposition (Begrenzen der) | 6.2.11; 6.2.12; 6.2.13 |
exposure value | valeur d'exposition | Immissionswert | 3.39 |
F | |||
failure | défaillance | Ausfall | 3.30 to 3.32; 3.33; |
falling hazard | risque de chute (de personne) | Sturzgefährdung | 6.3.2 a); Table B.1; Table B.2; Table B.4; D.2 |
fault | défaut | Fehler | 3.32; 3.33; 3.35; 6.2.12; 6.3.5.1; 6.3.5.7.1; 6.3.5.7.2; 6.3.5.13; Clause B.2; Clause B.4; Table B.1 |
fault-finding | défauts (recherche de) | Fehlersuche | 5.4 a); 5.5.3.2; 6.3.5.11; 6.3.5.14; 6.4.1.3; 6.4.5.1 d); 6.4.5.1 e); Table B.3 |
fixed guard | protecteur fixe | feststehende trennende Schutzeinrichtung | 3.27; 3.27.1; 6.3.1; 6.3.2; 6.3.3.2.2 |
friction/abrasion hazard | risque de frottement/d'abrasion | Gefährdung durch Reibung/Abrieb | Table B.1; Table B.2 |
G | |||
guard | protecteur | trennende Schutzeinrichtung | 3.20; 3.26; 3.27; |
guard locking device | dispositif de blocage du protecteur | Zuhalteeinrichtung | 3.27.5 |
H | |||
handling | manutention | Handhabung | 6.2.6; 6.2.7; 6.2.12; 6.3.6.5; 6.4.5.1 a); 6.4.5.3 e); Table B.4 |
harm | dommage | Schaden | 3.5; 3.6; 3.8; 3.9; 3.11; 3.13; 5.2.1; 5.5.2.1 a),b); 5.5.2.2; 5.5.2.3; 5.5.2.3.1; 5.5.2.3.2; 5.5.2.4; 5.5.3.5; 6.1; Clause D.1; D.3.2 |
hazard | phénomène dangereux | Gefährdung | 3.6; 3.7 to 3.9; 3.14; 3.18; 3.20; 3.21; 3.38; Clause 4; 5.1; 5.3.2 d); 5.4; 5.5.2.1; 5.5.2.2; 5.5.2.3.1; 5.5.2.4; 5.5.3.1; 5.5.3.2 to 5.5.3.4; 5.6.1 to 5.6.3; 6.1; 6.2.1; 6.2.2.1; 6.2.2.2; 6.2.4; 6.2.11 to 6.2.13; 6.3.1; 6.3.2; Figure 5; 6.3.3.1; 6.3.3.2.6; 6.3.5.1; 6.3.5.4; 6.3.6.2 to 6.3.6.4; 6.3.6.6; Clause 7c),f); Clause B.1, Clause B.2; Table B.1; Table B.2; Clause C.2, C.4.2.1; D.3.2 |
hazard combination | risques (combinaison de) | Gefährdungs-kombination | 5.5.3.3; Table B.1.10 |
hazard identification | identification des phénomènes dangereux | Identifizierung der Gefährdungen | 5.1; 5.4; 5.5.1 |
hazard zone | zone dangereuse | Gefährdungsbereich (Gefahrbereich) | 3.10; 3.29; 5.5.2.3.1; 6.3.2; 6.3.3.2.4; 6.3.3.2.5 d); 6.3.5.1; 6.4.3; Clause 7 c); Clause B.1; Clause B.2 |
hazardous event | événement dangereux | Gefährdungsereignis | 3.8; Clause 4; 5.4; 5.5.2.1; 5.5.2.2; 5.5.2.3.2; 6.3.5.1; 6.4.3; Clause 7 c); Clause B.1; Clause B.4; Table B.4; Clause C.2, C.4.2.2, D.3.2 |
hazardous malfunctioning | dysfonctionnement dangereux | Gefährdung durch Fehlfunktion(en) | 6.3.5.8.2 |
hazardous situation | situation dangereuse | Gefährdungssituation/ gefährdende Situation | 3.9; 3.31; 3.37; 3.40; Clause 4; 5.2.2; 5.4; 5.5.1; 5.5.2.1; 5.5.2.4; 5.5.5.3; 6.3.5.2; 6.3.5.5; 6.3.5.6; Clause 7 c); Clause B.1; Clause B.3; Clause C.2, C.4.2.2; D.3.2 |
hazardous substances | substances dangereuses | Gefahrstoffe/ gefährliche Stoffe | 3.39; 6.2.2.2 c); 6.2.3 c); 6.3.3.2.1; 6.3.4.4; 6.4.5.1 g) |
heat | chaleur | Hitze | 6.3.2 c); 6.3.5.8.2; Table B.1.3 |
heat source | chaleur (source de) | Wärmequelle | Table B.1.3 |
high pressure fluid ejection hazard | risque d'éjection de fluide sous haute pression | Gefährdung durch Herausspritzen von Flüssigkeiten unter hohem Druck | Table B.4 |
hold-to-run control device | commande nécessitant une action maintenue | Steuerungseinrichtung mit selbsttätiger Rückstellung (Tippschalter) | 3.28.3; 6.3.5.10 b) |
human behaviour | comportement humain | menschliches Verhalten | 3.24; Clause 4 |
hydraulic equipment | équipement hydraulique | hydraulische Ausrüstung | 6.2.10; Table B.4 |
hydraulic hazard | risque hydraulique | hydraulische Gefährdung | 6.2.10 |
hygiene aspects | aspects hygiéniques | Hygieneaspekte | 6.2.14 |
I | |||
impact (as hazard) | choc (as phénomène dangereux) | Stoß (als Gefährdung) | 6.3.5.8.2; Table B.1; Table B.2 |
impeding device | dispositif dissuasif/déflecteur | abweisende Schutzeinrichtung (Barriere) | 3.29, 6.3.2 |
index (of the instruction handbook) | index (de la notice d'instructions) | Stichwortverzeichnis (in der Betriebs-anleitung) | 6.4.5.2 f) |
indirect contact | contact indirect | indirekte Berührung | Table B.4 |
information for use | informations pour l'utilisation | Benutzerinformation | 3.22; 3.23; Figure 2; 5.2.1 a); 6.1; 6.2.1; 6.3.4; 6.3.6.1; 6.4; 6.4.1.1; 6.4.1.3; 6.4.2; 6.4.3; 6.4.5.2 b),f); 6.4.5.3, b), c); D.3.3 c) |
inherently safe design | mesure de prévention intrinsèque | inhärent sichere Konstruktion | 3.20; 3.21; 5.5.3.4; 6.1; 6.2; 6.2.1; 6.3.1; 6.3.6.1; D.3.2 b) |
inspection | inspection | Inspektion | 6.2.11.10; 6.2.12.4; 6.3.5.8.4; 6.3.5.9; 6.4.4 c); 6.4.5.1 e); Table B.3 |
inspection | inspections | Inspektion | 6.4.4 c) |
installation | installation (de la machine) | Installation (der Maschine)/ Aufbau/Einbau (der Maschine) | Figure 3, footnote d; 5.4; 6.2.6; 6.3.3.1 f); 6.3.6.3; 6.3.6.6; 6.4.1.3; 6.4.5.1 b); Table B.3; |
instruction handbook | notice d'instructions | Betriebsanleitung | 6.4.1.1; 6.4.2 b); 6.4.5; 6.4.5.1; 6.4.5.2 |
instructions | instructions | Anweisungen | 6.4.5.1 b),e),h); 6.4.5.2 g); 6.4.5.3 d),e) |
insulation failure | isolement (défaut d') | Versagen der Isolierung | 6.3.5.8.2 |
intended use | utilisation normale (d'une machine) | bestimmungsgemäße Verwendung | Introduction; 3.3; 3.6; 3.23; Figure 3, footnotes b, d; 5.3.2; 5.3.4; 5.5.3.6; 5.6.3; 6.1; 6.2.8, g); 6.3.5.8.2; 6.3.6.1; 6.4.1.2; 6.4.4 b); 6.4.5.1 d); Clause 7 a) |
interlocking device (interlock) | verrouillage (dispositif de) | Verriegelungs-einrichtung (Verriegelung) | 3.27; 3.27.4; 3.27.5; 3.28.1; 6.3.3.2.5 f) |
interlocking guard | protecteur avec dispositif de verrouillage | verriegelte trennende Schutzeinrichtung | 3.27.4; 6.3.3.2.3; Clause D.2 |
interlocking guard with a start function (control guard) | protecteur commandant la mise en marche | trennende Schutzeinrichtung mit Startfunktion | 3.27.6; 6.3.3.2.6 |
interlocking guard with guard locking | protecteur avec dispositif d'interverrouillage | verriegelte trennende Schutzeinrichtung mit Zuhaltung | 3.27.5; 6.3.3.2.3 |
isolation and energy dissipation | consignation | Energietrennung und-ableitung | 6.3.5.1; 6.3.6.4; Table B.3 |
L | |||
language | langue | Sprache | 6.4.4; 6.4.5.2 |
language(of the instruction handbook) | langue (de la notice d'instructions) | Sprache (der Betriebsanleitung) | 6.4.5.2 b) |
life limit of a machine | durée de vie d'une machine | Lebensdauer einer Maschine | 5.3.4 |
lifting equipment | levage (équipement de) | Hebevorrichtung | 6.4.5.1 a) |
lifting gear | levage (appareil de) | Hebezeug | Table B.1 |
lighting | éclairage | Beleuchtung | 6.2.8 e); 6.3.2; Table B.1 |
limit | limite | Grenze | 3.14; 3.28.5; 3.28.7; 3.28.9; Clause 4; 5.1; 5.3; 5.3.1 to 5.3.5; 5.4; 5.5.2.1; 5.5.2.4 d); 6.2.3; 6.2.8 c); 6.2.12; 6.3.5.1; 6.5.3.8; 6.3.5.11; Clause 7 a); Table B.3; Clause C2, C.4.2.2; D.3.2 |
limited movement control device | commande de marche par à coups (dispositif de) | Schrittschaltung | 3.28.9; 6.3.5.11 c) |
limiting device | limiteur (dispositif) | Begrenzungs-einrichtung | 3.28.7; 6.2.3 a) |
live part (of electrical equipment) | partie active (de l'équipement électrique) | spannungsführendes Teil (der elektrischen Ausrüstung) | Table B.1.2 |
load | charge | Last | 3.28.7; 5.4; 6.2.2.1; 6.2.3; 6.3.5.1; 6.3.5.5;6.4.4; Clause 7; Clause B.3 c); Table B.3 |
loading (feeding)/unloading (removal) operations | opérations de chargement (alimentation)/déchargement (évacuation) | Be-/Entladearbeit (Beschickungs- und Entnahmearbeiten) | 6.2.12; Table B.3 |
lubrication | graissage | Schmierung | 6.2.13; Table B.3 |
M | |||
machine–power supply interface | interface “machine-sources d'énergie” | Schnittstelle “Maschine- Energieversorgung” | 5.3.3 |
machinery | machine | Maschine | 3.1 |
maintainability | maintenabilité | Wartungsfreundlich-keit (einer Maschine) | 3.3; 6.2.7; 6.3.5.14 |
maintenance | maintenance | Instandhaltung | 3.32; 5.3.2 c); 5.3.3 b); 5.4 a); 5.5.2.3.1 a); .5.3.2; 6.2.7; 6.2.8 e); 6.2.10; 6.2.13; 6.3.3.1 f); 6.3.5.9; 6.3.5.11; 6.3.5.14; 6.3.6.6; 6.4.1.3; 6.4.5.1 b); 6.4.5.1 e); 6.4.5.1 h); Table B.3 |
maintenance point | maintenance (point de) | Wartungsstelle | 6.2.13 |
maintenance staff | maintenance (personnel de) | Instandhaltungs-personal | 6.3.5.14; 6.4.5.1 e) |
malfunction (malfunctioning) | dysfonctionnement | Fehlfunktion | 3.36; 3.37; 5.2 c); 5.3.2 a); 5.4 b), c); 5.5.2.3.1; 5.5.3.4 a); 6.3.5.8.2 |
manual control (function) | commande manuelle (fonction) | Handsteuerung | 3.28.3; 6.2.2.1 d); 6.2.8 f); 6.3.5.10, a), c); 6.4.5.1 d); 6.4.5.2 c); Table B.3 |
marking | marquage | Kennzeichnung | 6.4.4 |
material | matériau | Werkstoff/Material | 5.2 c); 5.3.5; 5.4 b); 5.5.2.3.1;5.6.3; 6.2.2.1 a); 6.2.3 b);6.2.12; 6.3.3.2.1; 6.3.3.2.4 6.3.3.2.6;6.3.6.6; Annex B |
material/substance hazards | risques des matériaux et des substances | Gefährdung durch Materialien und Substanzen | Table B.1.7 |
maximum speed of rotating parts | fréquence maximale de rotation des parties tournantes | maximale Drehzahl rotierender Teile | 6.4.4 c) |
measuring methods | méthodes de mesurage | Messverfahren | 6.4.5.1 c) 4) |
mechanical hazard | risque mécanique | mechanische Gefährdung | 6.2.2.2; 6.3.1; Table B.1 |
mechanical restraint device | dispositif de retenue mécanique | durch Formschluss wirkende Schutzeinrichtung | 3.28.8 |
mode selector | sélecteur de mode | Betriebsartenschalter | 6.3.5.9 |
moisture | humidité | Feuchtigkeit | 6.3.5.8.2; 6.4.5.1 b); Table B.1.9 |
movable elements/parts | éléments mobiles | bewegliche Elemente/Teile | 6.2.2.2 b); 6.4.4 c) |
movable guard | protecteur mobile | bewegliche trennende Schutzeinrichtung | 3.27; 3.27.2; 3.27.3; 6.3.3.2.4 |
N | |||
noise | bruit | Lärm/Geräusch | 3.6; 3.39; 5.2.1 c); 5.4; 6.2.2.2 c); 6.2.3 c); 6.2.4 c); 6.2.8 c); 6.2.15; 6.3.1; 6.3.2 b); 6.3.1; 6.3.2. b); 6.3.3.2.1; 6.3.3.2.6; 6.3.4.2; 6.4.5.1 b); 6.4.5.1 c); Table B.1.4; Clause B.3 e); Table B.4 |
noise hazard | risque par le bruit | Lärmgefährdung | Table B.1.4 |
normal operation | fonctionnement normal | normaler Betrieb | 3.37 |
O | |||
operating modes | modes de fonctionnement | Betriebsarten | 5.3.2 a); 6.3.5.1;6.3.5.9; 6.4.1.2 D.3.2 |
operation | fonctionnement | Betrieb | 3.27.4; 3.28.1; 3.37; 3.40; 5.3.3 b); 5.4, a); 5.5.3.2; 5.5.3.6; 6.2.2.1; 6.2.2.2; 6.2.5; 6.2.8, f); 6.2.12; 6.3.2; 6.3.3.1; 6.3.3.2.4; 6.3.5.1; 6.3.5.5; 6.3.5.8.1; 6.3.5.10, d), f), g); 6.3.5.11, b), c), d); 6.3.6.2; 6.3.6.5; 6.3.6.6; 6.4.1.3; 6.4.5.2 c); 6.4.5.3 b); Clause B.3; Table B.3; Table B.4 |
operative part | partie opérative | Betriebsteil | 6.2.11 |
operator | opérateur | Bediener (Bedienperson)/ Bedienperson (Bediener) | 3.31; 5.2.1 d); 5.3.2 c), d); 5.4 a), c); 5.5.3.1; 5.5.3.6; 5.6.2; 6.2.2.1 a); 6.2.2.2 c); 6.2.8, a), d), f), g); 6.2.12; 6.3.2; 6.3.3.2.1; 6.3.3.2.3; 6.3.5.1; 6.3.5.9; 6.3.5.10 d), e), g); 6.3.5.11; 6.3.6.3; 6.4.3 d); 6.4.4; 6.4.5.1 e); 6.4.5.2 g); |
operator–machine interface | interface “opérateur– machine” | Schnittstelle “Bedienperson– Maschine” oder “Mensch– Maschine” | 5.3.3; 6.2.8; Figure A.1 |
oriented failure mode component | composant à défaillance orientée | Bauteil mit definiertem Ausfallverhalten | 6.3.5.8.3 |
overloading (electrical) | surcharge (électrique) | Überlast (elektrische) | 6.4.5.1 b) |
overloading (mechanical) | surcharge mécanique | Überlastung (mechanische) | 6.4.5.1 |
overspeed | survitesse | Überdrehzahl | 6.4.3 |
P | |||
packaging | emballage | Verpackung | 6.4.2; 6.4.5.1; 6.4.5.3 d) |
pictogram | pictogramme | Piktogramm | 6.4.4 |
platform | plate-forme | Bühne/Arbeitsbühne | 6.3.6.6 |
pneumatic equipment | équipement pneumatique | pneumatische Ausrüstung | 6.2.4, 6.2.10; Table B.4 |
pneumatic hazard | risque de pneumatique | pneumatische Gefährdung | 6.2.10 |
portable control unit (teach pendant) | dispositif de commande portatif (pendant d'apprentissage) | tragbare Steuerungseinheit/ tragbares Steuerungs-gerät (Schwenk-armschalt-tafel) | 6.3.5.10 e); 6.3.5.11 c) |
positive mechanical action | action mécanique positive | mechanisch zwangsläufige Wirkung | 6.2.5 |
power control element | préactionneur | Leistungssteuerungs-element | 3.31; Figure A.1 |
power supply | alimentation en énergie (source d') | Energieversorgung/ Energiequelle | 3.31; 5.3.3 d); 5.4 b); 6.2.10; 6.3.5.1; 6.3.5.2; 6.3.5.5; 6.3.5.6; 6.3.6.4; 6.4.5.1 b); Table B.3 |
power transmission element | élément de transmission | Energieübertragungs-element | Figure A.1 |
presence-sensing | détection de présence | Anwesenheitsmeldung | 3.28.5 |
prevention of access | accès (prévention de l') | Verhindern des Zugangs | 6.3.3.2.1 |
process changeover | processus de fabrication (changement de) | Umrüsten | 5.5.3.2; 6.3.5.11; 6.4.1.3; Table B.3 |
programmable electronic control system | système de commande électronique programmable | programmierbares elektronisches Steuerungssystem | 5.5.3.6; 6.3.5.7.1 |
prohibited usage/application | utilisation proscrite | verbotene Anwendung | 6.4.5.1 c) |
protective device | dispositif de protection | nichttrennende Schutzeinrichtung | 3.20; 3.26; 3.28; 3.28.6; 6.2.11.; 6.3.1; 6.3.2; 6.3.3; 6.3.3.1;6.3.3.3; 6.3.5.11; 6.3.6.1; 6.4.1.2; 6.4.5.1 c); Table B.3; Table B.4 |
protruding part | pièce saillante | vorstehendes Teil | 6.2.2.1 c); Table B.4 |
R | |||
radiation (see also: emissions) | rayonnement(s) (voir aussi: émissions) | Strahlung (siehe auch: Emissionen) | 3.28.6; 3.39; 6.2.2.2; 6.2.3; 6.3.2.1; 6.3.2 b); 6.3.3.2.1; 6.3.4.5; 6.4.5.1 b, c); Table B.1; Table B.4 |
radiation hazard | risque par les rayonnements | Strahlungsgefährdung | Table B.1.6 |
range of applications | utilisations prévues | Anwendungsbereich | 6.4.5.1 c) |
reasonably foreseeable misuse | mauvais usage raisonnablement prévisible | vernünftigerweise vorhersehbare Fehlanwendung | 3.24; Clause 4; 5.3.2; 5.3.4; 5.4; 5.6.3; 6.1; 6.3.6.1; 6.4.1.2; 6.4.5.1 |
reduced speed | vitesse réduite | verminderte Geschwindigkeit | 6.3.5.11 c) |
redundancy | redondance | Redundanz | 3.34; 3.35; 6.3.5.8.3; 6.3.5.8.4 |
reliability | fiabilité | Zuverlässigkeit | 3.2; 5.5.2.3.2 a); 5.5.3.5; 6.2.3; 6.2.8; 6.2.11; 6.3.5.8.1 |
reliability (of a machine) | fiabilité (d'une machine) | Zuverlässigkeit (einer Maschine) | 3.2 |
remote access | accès à distance | Fernzugriff | 3.41; 5.5.3.6; 6.3.5.17 |
remote control | télécommande | Fernsteuerung | 3.42; 6.3.5.11; 6.3.5.13 |
remote programming | programmation à distance | Fernprogrammierung | 3.43 |
residual risk | risque résiduel | Restrisiko | 3.12; Clause 4; 5.6.2; 6.1; 6.4.1.2; Clause 7 g) |
restart/restarting | remise en marche | Wiederanlauf | 5.4 a); 6.3.3.2.5 c); 6.3.5.1; 6.3.5.4; 6.3.5.13; 6.3.6.2; 6.4.5.1 d); Table B.3; |
restriction of access | accès (restriction de l') | Zugangsbeschränkung | 6.3.5.11 |
risk | risque | Risiko | 3.11; numerous occurrences in most clauses |
risk analysis | analyse du risque | Risikoanalyse | 3.14; 3.15; 3.16; 5.1 |
risk assessment | appréciation du risque | Risikobeurteilung | 3.7; 3.16; 3.39; Clause 4; Clause 5; 5.1; 5.2; 5.3.1; 5.4 5.5.2.2; 5.6.3; 6.3.2; 6.3.6.2; Clause 7 a), c), d), h), i); Annex B; C.4.2.1; C.4.2.2; Clause D.1; Clause D.2; Figure D.2; D.3.1; D.3.2; D.3.3 |
risk estimation | estimation du risque | Risikoeinschätzung | 3.13; 5.1; 5.5; 5.5.1; 5.5.3; 5.6.1; C.4.2.2; Clause D.2; D.3.2 |
risk evaluation | évaluation du risque | Risikobewertung | 3.15; 3.16; 5.1; 5.6; 5.6.1; 5.6.3; C.4.2.1 |
risk reduction | réduction du risque | Risikominderung | 3.7; 3.12; 3.15; 3.17; 3.18; 3.19; 3.20; 3.21; 3.22; 3.28.4; Figure 1; Figure 2; 5.1; 5.5.3.2 to 5.5.3.7; 5.6.1; 5.6.2; Clause 6 (numerous occurences); Clause 7; Annex B; Annex C; Clause D.2; D.3.1; D.3.2; D.3.3; |
risk reduction measure | mesure de réduction du risque | Risikominderungs-maßnahme | 3.12; 3.18; 3.19; 3.20; 3.21; 3.22; 3.28.4; Clause 4; 5.5.3.2 to 5.5.3.4; 5.5.3.5 b); 5.5.3.6, a), b), c), d), e); 5.5.3.7; 5.6.1; 5.6.2 6.1; 6.2.1; 6.2.6; 6.3; 6.3.1; 6.3.2; 6.3.4; 6.3.5.9; 6.3.5.11; 6.3.5.13; 6.3.5.14; 6.3.5.15; 6.3.6; 6.3.6.1; 6.4.3; 6.4.5.1 b),d);Clause 7, e), f); Clause B.2; Clause C.2; C.4.2.1; C.4.2.2; Clause D.2; D.3.2; D.3.3 |
S | |||
safeguard | moyen de protection | Schutzeinrichtung | Introduction; 3.21; 3.26; 3.28; 6.2.12; 6.3.1; 6.3.2; Figure 5; 6.3.3.4; 6.3.6.2; 6.4.5.1 b),d) |
safeguarding | protection | technische Schutzmaßnahme | 3.21;3.31; 5.5.3.4; 6.1; 6.2.1; 6.2.6; 6.3;6.3.2; 6.3.4; 6.3.6.1; D.3.2 |
safety function (safety-related function) | fonction de sécurité (fonction de sécurité directe) | Sicherheitsfunktion (sicherheitsrelevante) | 3.30; 6.2.11; 6.2.12; 6.3.3.3; 6.3.5.1; 6.3.5.7.1; 6.3.5.7.2; 6.3.5.7.3; 6.5.3.8.4; 6.3.5.13; 6.4.5.1 c), e); Clause D.2; D.3.2 |
safety-related component | composant relatif à la sécurité | sicherheitsrelevantes Bauteil | 6.2.11 |
scald | brûlure (par un liquide chaud) | Verbrühung | Table B.1.3; Table B.2 |
scrapping (of a machine) | mise au rebut (d'une machine) | Entsorgung (einer Maschine) | 5.4; 6.2.6; 6.4.1.3; 6.4.5.1 f) |
sensitive protective equipment | équipement de protection sensible | sensitive Schutzeinrichtung | 3.28.5; 6.3.2 |
sensor | capteur | Sensor/Messfühler | 3.31; 6.2.11; 6.3.5.7.2; 6.3.5.11 d); Table A.1; Clause D.2; D.3.2 c) |
setting | réglage | Einrichten/Einstellen | 5.4 a); 5.5.3.2; 6.2.10; 6.2.13; 6.3.3.2.5; 6.3.6.6; 6.4.1.3; 6.4.5.1 d); Table B.3 |
setting (control mode for) | réglage (mode de commande pour le) | Steuerungsart zum Einstellen | 6.3.5.11 |
setting point | réglage (point de) | Einricht-/Einstellungspunkt | 6.2.13 |
severing hazard | risque de sectionnement | Gefährdung durch Abschneiden | Table B.1; Table B.2 |
shearing hazard | risque de cisaillement | Gefährdung durch Scheren | 6.2.2.1 b); 6.3.2; 6.3.3.2.6; Table B.1; Table B.2 |
signal | signal | Signal | 3.22; 3.28.5; 6.3.5.1; 6.3.5.10 h); 6.4.4.1; 6.4.2 d); 6.4.3 c); 6.4.5.1 c),d); |
significant hazard | phénomène dangereux significatif | signifikante Gefährdung | 3.7; Clause C.2; C.4.2.1 |
siren | Sirène | Sirene | 6.4.3 |
slipping hazard | risque de glissade | Gefährdung durch Ausrutschen | Table B.1; Table B.2; Clause D.2 |
software | logiciel | Software | 3.40; 5.4 b); 5.5.3.6; 6.3.5.1; 6.3.5.7.3 |
software (access to the) | logiciel (accès au) | Software (Zugriff auf die) | 5.5.3.6; 6.3.5.15 |
space limit | limite dans l'espace | räumliche Grenze | 3.28.7; 5.3.3; D.3.2 |
speed | vitesse | Geschwindigkeit | 3.28.7; 6.3.5.1; 6.3.5.11; 6.4.4 c); Table B.1, Table B.2; Table B.4 |
stabbing/puncture hazard | risque de perforation/piqûre | Gefährdung durch Durchstich/Einstich | Table B.1 |
stability | stabilité | Standfestigkeit/ Standsicherheit | 6.2.6; Clause B.2; Table B.2; Table B.4 |
stairs | escaliers | Treppen | 6.3.6.6 |
static electricity | électricité statique | statische Elektrizität | 6.3.5.8.2 |
stopping | mise à l'arrêt | Stillsetzen | 5.4; 6.3.5.1; 6.3.5.3; 6.3.5.5; 6.3.5.13; 6.4.5.1 d); Table B.3 |
storage (of a machine) | stockage (d'une machine) | Lagerung (einer Maschine) | 6.4.5.1 a) |
stress (environmental) | contrainte d'environnement | Umweltbeanspruchung | 6.2.12.2 |
stress (human) | stress | Stress | 5.5.3.4; 6.2.8; Table B.1; Table B.2 |
stress (mechanical) | contrainte mécanique | mechanische Beanspruchung | 6.2.3 a); 6.3.2.7; 6.3.5.8.2 |
symbol | symbole | Symbol | 3.22; 6.4.1.1; 6.4.4 |
symbol (in the instruction handbook) | symbole (dans la notice d'instructions) | Symbol (in der Betriebsanleitung) | 6.4.5.2 a) |
T | |||
task | tâche | Aufgabe | 3.25; 5.4 a), c); 5.5.3.2; 5.5.3.6 e); 6.3.2.4; 6.3.6.6; 6.4.5.1 e); Clause B.3; Table B.3 |
teach pendant (portable control unit) | pendant d'apprentissage (dispositif de commande portatif) | Schwenkarmschalttafel (tragbare Steuereinheit/ tragbares Steuergerät) | 6.3.5.10 c),e); 6.3.5.11 c) |
teaching (programming) | apprentissage (programmation) | Teachen/Programmieren | 5.4 a); 5.5.3.2; 6.3.5.11; 6.4.1.3; Table B.3 |
thermal hazard | risque thermique | thermische Gefährdung | Table B.1.3 |
tolerable risk | risque tolerable | tolerierbares Risiko | 3.19; Clause 4; 5.6.2; Clause C.1; C.4.1; Clause D.1 |
training | formation | Ausbildung | Introduction; Figure 3; 5.3.2 c); 5.5.3.4; 5.5.3.5; 6.1; 6.4.1.2; 6.4.5.1 d) |
transport | transport | Transport | 5.4; 6.3.6.5; 6.4.1.3; 6.4.5.1 a); Table B.3 |
trip device | dispositif sensible | Schutzeinrichtung mit Annäherungsreaktion | 5.5.3.6; 6.3.2 |
tripping hazard | risque de perte d'équilibre/de trébuchement | Gefährdung durch Stolpern | Table B.1 |
tripping (function) | détection de franchissement d'une limite | Annäherungsreaktion | 3.28.5 |
two-hand control device | commande bimanuelle (dispositif de) | Zweihandschaltung | 3.28.4; 6.3.5.11 b) |
U | |||
unexpected start-up | mise en marche inattendue | unerwarteter Anlauf | 3.6; 3.31; 6.3.3.2.5 f); 6.3.5.1; Clause B.4; Table B.4 |
unintended start-up | mise en marche intempestive | unbeabsichtigter Anlauf | 3.6; 3.31; 6.3.3.2.5 f); Table B.4 |
unloading (removal)/loading (feeding) operations | opérations de déchargement (évacuation)/charge-ment (alimentation) | Ent-/Beladearbeit (Entnahme- und Beschickungsarbeiten) | 6.2.12; Annex B |
usability (of a machine) | commodité d'emploi (d'une machine) | Benutzerfreundlichkeit (einer Maschine) | 3.4; Clause 4; 5.6.2; 6.3.3.2.1 |
use (of a machine) | utilisation (d'une machine) | Verwendung (einer Maschine) | Clause 4; 5.2 a); 5.3.2; 5.4 and numerous occurrences |
use limit | limite de l'utilisation | Verwendungsgrenze | 5.3.2; D.3.2 |
V | |||
valve | distributeur | Ventil | 6.2.3; 6.3.5.4 |
vapour, gas (see also: emissions) | vapeur, gaz (voir aussi: émissions) | Dampf, Gas (siehe auch: Emissionen) | 6.3.3.2.1; 6.4.5.1 c); Table B.1 |
vibration (see also: emissions) | vibrations (voir aussi: émissions) | Vibration(en)/Schwingungen (siehe auch: Emissionen) | 3.39; 5.2; 5.4; 6.2.2.2; 6.2.3; 6.2.6; 6.2.8 c); 6.2.12.2; 6.2.16; 6.3.2; 6.3.3.2.1; 6.3.4.3; 6.3.5.8.2; 6.4.5.1; Annex B; D.3.2 |
vibration hazard | phénomène dangereuse engendrés par les vibrations | Gefährdung durch Vibration | Table B.1.5 |
W | |||
walking area | surface de circulation | Gangbereich | 6.3.5.6 |
walkways | voie de circulation | Fußgängerwege/ | 6.3.5.6 |
working part | élément de travail | Arbeitsteil | 6.3.5.2; Figure A.1 |
written warning | avertissement écrit | schriftlicher Warnhinweis | 6.4.4 |
Underlined cross-references are defined terms in Clause 3. Cross-references indicated in bold face are to prominent provisions of this document. | |||
Annex ZA
(informative)
Relationship between this European Standard and the essential requirements of Directive 2006/42/EC aimed to be covered
NOTE Annex ZA is not included in the final ISO publication.
This European Standard has been prepared under a Commission’s standardization request “M/396 Mandate to CEN and CENELEC for Standardisation in the field of machinery" to provide one voluntary means of conforming to essential requirements of Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery, and amending Directive 95/16/EC (recast).
This standard specifies basic concepts, terminology and design principles applicable to all categories of machinery. Application of this standard alone, although providing an essential framework for the correct application of the Machinery Directive, is not sufficient to ensure conformity with the relevant essential health and safety requirements of the Machinery Directive and therefore does not give a full presumption of conformity.
Annex ZB
(informative)
Relationship between this European Standard and the essential requirements of Regulation (EU) 2023/1230 aimed to be covered
NOTE Annex ZB is not included in the final ISO publication.
This European Standard has been prepared under a Commission’s standardization request C(2025)129 final Commission Implementing Decision of 20 January 2025 to the European Committee for Standardization and to the European Committee for Electrotechnical Standardization as regards machinery in support of Regulation (EU) 2023/1230 of the European Parliament and of the Council (M/605) to provide one voluntary means of conforming to essential requirements of Regulation (EU) 2023/1230 of the European Parliament and of the Council of 14 June 2023 on machinery (OJ L 165, 29.6.2023).
This standard specifies basic concepts, terminology and design principles applicable to all categories of machinery. Application of this standard alone, although providing an essential framework for the correct application of the Machinery Regulation, is not sufficient to ensure conformity with the relevant essential health and safety requirements of the Regulation and therefore does not give a full presumption of conformity.
Annex ZC
(informative)
Relation of this document to the Machinery Directive 2006/42/EC
NOTE Annex ZC is not included in the final ISO publication.
ZC.1 General
The primary purpose of the EN ISO 12100 document is to provide designers with an overall framework and guidance for decisions during the development of machinery to enable them to design machines that are adequately safe for their intended use. It also provides specifications how to choose the appropriate machinery safety standard(s) representing the state of the art and to apply it/them correctly in order to achieve at a given time tolerable risk by adequate risk reduction for an actual machine. In this document, the term tolerable risk should be read as residual risk as defined in 3.12 to be compliant with European Union (EU) legislation.
Compared to the international level (where no common legal framework for machinery safety exists) at the European Union (EU) machinery safety standards are developed by CEN and CENELEC within the legal framework of the New Approach (New Legislative Framework)[1] to provide presumption of conformity with relevant Essential Requirements of the EU Machinery Directive 2006/42/EC[2].
Those standards are harmonized and provide presumption of conformity to 2006/42/EC when cited in the Official Journal of the EU[3].
ZC.2 Choice of protection against risks arising from moving transmission parts
To provide presumption of conformity with relevant Essential Requirements of the EU Machinery Directive 2006/42/EC:
Risks related to moving transmission parts should be addressed only by:
— either fixed guards, or
— interlocking movable guards.
ZC.3 Special relevance of this document for harmonized standards (type-C) providing presumption of conformity
The methodology as specified in Annex C of this document provides detailed guidance for the machine manufacturer how to choose and evaluate harmonised standards (type-C) in order to achieve presumption of conformity with Essential Requirements of 2006/42/EC for his actual machine in accordance with the following statement given in §111 of the Guide to the application of the Machinery Directive 2006/42/EC:
"Application of the specifications of a C-type standard confers a presumption of conformity with the essential health and safety requirements of the Machinery Directive covered by the standard provided the manufacturer has determined in his risk assessment that the scope and the significant hazards covered by the standard correspond with his actual machinery.”
Annex ZD
(informative)
Relation of this document to the Regulation (EU) 2023/1230
NOTE Annex ZD is not included in the final ISO publication.
ZD.1 General
The primary purpose of the EN ISO document is to provide designers with an overall framework and guidance for decisions during the development of machinery to enable them to design machines that are adequately safe for their intended use. It also provides specifications how to choose the appropriate machinery safety standard(s) representing the state of the art and to apply it/them correctly in order to achieve at a given time tolerable risk by adequate risk reduction for an actual machine. In this document, the term tolerable risk should be read as residual risk as defined in 3.12 to be compliant with European Union (EU) legislation.
Compared to the international level (where no common legal framework for machinery safety exists) at the European Union (EU) machinery safety standards are developed by CEN and CENELEC within the legal framework of the New Approach (New Legislative Framework)[4] to provide presumption of conformity with relevant Essential Requirements of the Machinery Regulation (EU) 2023/1230[5].
Those standards are harmonized and provide presumption of conformity to (EU) 2023/1230 when cited in the Official Journal of the EU[6].
ZD.2 Choice of protection against risks arising from moving transmission parts
To provide presumption of conformity with relevant Essential Requirements of the Machinery Regulation (EU) 2023/1230:
Risks related to moving transmission parts should be addressed only by:
— either fixed guards, or
— interlocking movable guards.
ZD.3 Special relevance of this document for harmonized standards (type-C) providing presumption of conformity
The methodology as specified in Annex C of this document provides detailed guidance for the machine manufacturer how to choose and evaluate harmonised standards (type-C) in order to achieve presumption of conformity with Essential Requirements of (EU) 2023/1230 for his actual machine in accordance with the following statement given in §111 of the Guide to the application of the Machinery Directive 2006/42/EC / Machinery Regulation (EU) 2023/1230:
"Application of the specifications of a C-type standard confers a presumption of conformity with the essential health and safety requirements of the Machinery Directive covered by the standard provided the manufacturer has determined in his risk assessment that the scope and the significant hazards covered by the standard correspond with his actual machinery.”
[1] ISO/IEC Guide 51:2014, Safety aspects — Guidelines for their inclusion in standards
[2] ISO 447, Machine tools — Direction of operation of controls
[3] ISO 4413, Hydraulic fluid power — General rules and safety requirements for systems and their components
[4] ISO 4414, Pneumatic fluid power — General rules and safety requirements for systems and their components
[5] ISO/IEC/TR 5469, Artificial intelligence — Functional safety and AI systems
[6] ISO 7000, Graphical symbols for use on equipment — Registered symbols
[7] ISO 7010, Graphical symbols — Safety colours and safety signs — Registered safety signs
[8] ISO 9355‑1, Ergonomic requirements for the design of displays and control actuators — Part 1: Human interactions with displays and control actuators
[9] ISO 9355‑3, Ergonomic requirements for the design of displays and control actuators — Part 3: Control actuators
[10] ISO 10075‑1, Ergonomic principles related to mental workload — Part 1: General issues and concepts, terms and definitions
[11] ISO 10075‑2, Ergonomic principles related to mental workload — Part 2: Design principles
[12] ISO/TR 11688‑1, Acoustics — Recommended practice for the design of low-noise machinery and equipment — Part 1: Planning
[13] ISO 11689, Acoustics — Procedure for the comparison of noise-emission data for machinery and equipment
[14] ISO/DIS 12895‑2:2025, Safety of machinery — Identification of whole body access and prevention of associated risk(s)
[15] ISO 13732‑1, Ergonomics of the thermal environment — Methods for the assessment of human responses to contact with surfaces — Part 1: Hot surfaces
[16] ISO 13849‑2, Safety of machinery — Safety-related parts of control systems — Part 2: Validation
[17] ISO 13850, Safety of machinery — Emergency stop function — Principles for design
[18] ISO 13851, Safety of machinery — Two-hand control devices — Principles for design and selection
[19] ISO 13854, Safety of machinery — Minimum gaps to avoid crushing of parts of the human body
[20] ISO 13855, Safety of machinery — Positioning of safeguards with respect to the approach of the human body
[21] ISO 13856 (all parts), Safety of machinery — Pressure-sensitive protective devices
[22] ISO 13857, Safety of machinery — Safety distances to prevent hazard zones being reached by upper and lower limbs
[23] ISO 14118:2017, Safety of machinery — Prevention of unexpected start-up
[24] ISO 14119, Safety of machinery — Interlocking devices associated with guards — Principles for design and selection
[25] ISO 14120:2015, Safety of machinery — Guards — General requirements for the design and construction of fixed and movable guards
[26] ISO 14122 (all parts), Safety of machinery — Permanent means of access to machinery
[27] ISO 14122‑3, Safety of machinery — Permanent means of access to machinery — Part 3: Stairs, stepladders and guard-rails
[28] ISO 14123‑1, Safety of machinery — Reduction of risks to health resulting from hazardous substances emitted by machinery — Part 1: Principles and specifications for machinery manufacturers
[29] ISO 14159, Safety of machinery — Hygiene requirements for the design of machinery
[30] ISO 14163, Acoustics — Guidelines for noise control by silencers
[31] ISO 15667, Acoustics — Guidelines for noise control by enclosures and cabins
[32] ISO 21469, Safety of machinery — Lubricants with incidental product contact — Hygiene requirements
[33] ISO/TR 22100‑3, Safety of machinery — Relationship with ISO 12100 — Part 3: Implementation of ergonomic principles in safety standards
[34] ISO/TR 22100‑4, Safety of machinery — Relationship with ISO 12100 — Part 4: Guidance to machinery manufacturers for consideration of related IT-security (cyber security) aspects
[35] ISO/TR 22100‑5, Safety of machinery — Relationship with ISO 12100 — Part 5: Implications of artificial intelligence machine learning
[36] ISO/IEC 24392, Cybersecurity — Security reference model for industrial internet platform (SRM- IIP)
[37] IEC 60050‑192:2015, International Electrotechnical Vocabulary — Part 192: Dependability
[38] IEC 60079‑11, Explosive atmospheres — Part 11: Equipment protection by intrinsic safety “i”
[39] IEC 60947‑5-1, Low-voltage switchgear and controlgear — Part 5-1: Control circuit devices and switching elements — Electromechanical control circuit devices
[40] IEC 61000‑6, Electromagnetic compatibility (EMC) — Part 6: Generic standards
[41] IEC 61310‑1, Safety of machinery — Indication, marking and actuation — Part 1: Requirements for visual, acoustic and tactile signals
[42] IEC 61310‑3, Safety of machinery — Indication, marking and actuation — Part 3: Requirements for the location and operation of actuators
[43] IEC 61496 (all parts), Safety of machinery — Electro-sensitive protective equipment
[44] IEC 61496‑2, Safety of machinery — Electro-sensitive protective equipment – Part 2: Particular requirements for equipment using active opto-electronic protective devices (AOPDs)
[45] IEC 61496‑3:2018, Safety of machinery — Electro-sensitive protective equipment — Part 3: Particular requirements for active opto-electronic protective devices responsive to diffuse Reflection (AOPDDR)
[46] IEC 61508‑3, Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 3: Software requirements
[47] IEC 62046, Safety of machinery — Application of protective equipment to detect the presence of persons
[48] IEC 62061, Safety of machinery — Functional safety of safety-related electrical, electronic and programmable electronic control systems
[49] IEC 62998 (all parts), Safety of machinery — Safety-related sensors used for the protection of persons
[50] IEC/IEEE 82079‑1, Preparation of information for use (instructions for use) of products — Part 1: Principles and general requirements
[51] EN 614‑1, Safety of machinery — Ergonomic design principles — Part 1: Terminology and general principles
[52] EN 1299, Mechanical vibration and shock — Vibration isolation of machines — Information for the application of source isolation
[53] EN 1672‑2, Food processing machinery — Basic concepts — Part 2: Hygiene and cleanability requirements
[54] EN 12198‑1, Safety of machinery — Assessment and reduction of risks arising from radiation emitted by machinery — Part 1: General principles
[55] EN 12198‑3, Safety of machinery — Assessment and reduction of risks arising from radiation emitted by machinery — Part 3: Reduction of radiation by attenuation or screening
[56] EN 12786, Safety of machinery — Requirements for the drafting of the vibration clauses of safety standards
[57] EN 13861, Safety of machinery — Guidance for the application of ergonomics standards in the design of machinery
Not referenced documents
[58] inter noise 2021 “Sell and Buy Quiet – the extended concept to reduce noise (at work and at home)”, Washington D.C., https://www.researchgate.net/publication/354501161_Sell_and_Buy_Quiet_-_the_extended_concept_to_reduce_noise_at_work_and_at_home
Further information to the New Approach (New Legislative Framework) are provided in the Blue Guide: https://ec.europa.eu/docsroom/documents/38022 ↑
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32006L0042 ↑
Example for a citation of Harmonized Standards to 2006/42/EC see:
https://eur-lex.europa.eu/eli/dec_impl/2023/1586/oj ↑Further information to the New Approach (New Legislative Framework) are provided in the Blue Guide: https://ec.europa.eu/docsroom/documents/38022 ↑
https://eur-lex.europa.eu/eli/reg/2023/1230/oj?eliuri=eli%3Areg%3A2023%3A1230%3Aoj&locale=en ↑
Example for a citation of Harmonized Standards to (EU) 2023/1230 see: ((not yet available)) ↑
