EU changes direction on EN ISO 13849–1

Update on EN ISO 13849–1 manda­to­ry imple­men­ta­tion date.

In a post on 15-Sep I report­ed that the Euro­pean Union had decid­ed to delay the manda­to­ry imple­men­ta­tion date of  EN ISO 13849–1 for an addi­tion­al three years. This report was based on infor­ma­tion obtained from an inter­nal source at the Euro­pean Com­mis­sion and has since been reversed by that same source.

Mr. Glyn Gar­side pro­vid­ed the fol­low­ing update to this impor­tant sto­ry:

It has been wide­ly report­ed, but nev­er con­firmed, that the EU com­mis­sion had accept­ed the CEN pro­pos­al to extend the date of ces­sa­tion of pre­sump­tion of con­for­mi­ty of EN 954–1:1996 until the end of 2012. THESE REPORTS HAVE NOW BEEN AUTHORITATIVELY DENIED.

(By the way, this dis­cus­sion of dates of ces­sa­tion of pre­sump­tion of con­for­mi­ty only affects the Euro­pean stan­dards, EN 954–1 and EN ISO 13849–1. Inter­na­tion­al stan­dard ISO 13849–1 is obvi­ous­ly con­trolled by ISO and not by CEN or the EU. The cur­rent edi­tion of ISO 13849–1 is 2006, essen­tial­ly iden­ti­cal to EN ISO 13849–1 : 2008.)

At this point the pos­si­bil­i­ty of an exten­sion of the tran­si­tion from EN 954–1 to EN ISO 13849–1 remains con­tro­ver­sial, con­fused and IMHO uncer­tain. (There’s been approx 3 years tran­si­tion peri­od already.) If I were still a man­u­fac­tur­er, I would not want to wait until Dec 29th to find out if I could still ship my prod­uct using EN 954–1!

The reports of an exten­sion were based on an email sent ear­li­er this month (3rd Sept) by a CEN employ­ee. How­ev­er, the EU Com­mis­sion nev­er con­firmed the report, and on Sep­tem­ber 24th the same CEN employ­ee, Marie Poidevin, has writ­ten,
—————–
> “We have been informed today by the Euro­pean Com­mis­sion […] that con­trary to what was expressed in
> my pre­vi­ous mes­sage sent on the 3rd of Sep­tem­ber, EN 954–1 will not give pre­sump­tion of con­for­mi­ty
>  to the new MD 2006/42/EC until fur­ther notice.
> “Indeed, due to dis­cus­sions fol­low­ing the announce­ment made below, the EC wish­es to gath­er experts’
> views and, there­fore, this issue will be dis­cussed at the next Machin­ery Work­ing group to be held on
> the 7–8th Decem­ber.”
—————–

A relat­ed email from Ian Fras­er (“EC Pol­i­cy Direc­tor for the Machin­ery Direc­tive”), dat­ed 2009-09-18 states,
—————–
“Fol­low­ing the dis­cus­sion at the meet­ing of the Machin­ery Work­ing Group held on 7 and 8
July 2009, we have received a num­ber of ques­tions con­cern­ing the tran­si­tion from stan­dard
EN 954–1 to stan­dard EN ISO 13849–1 on safe­ty-relat­ed parts of con­trol sys­tems.
At the meet­ing of the Machin­ery Work­ing Group, there was gen­er­al agree­ment on two
aspects:
1. Man­u­fac­tur­ers who apply stan­dard EN ISO 13849–1 ben­e­fit from a pre­sump­tion of
con­for­mi­ty, even if the har­monised C-type stan­dard relat­ing to the machin­ery con­cerned still
refers to the cat­e­gories of EN 954–1;
2. Har­monised C-type stan­dards that refer to the cat­e­gories of EN 954–1 con­tin­ue to con­fer a
pre­sump­tion of con­for­mi­ty until they are amend­ed to refer to stan­dard EN ISO 13849–1.
These con­clu­sions will be record­ed in the min­utes of the meet­ing.

Dur­ing the dis­cus­sion, sev­er­al par­tic­i­pants indi­cat­ed that more time was need­ed for the
indus­try, and in par­tic­u­lar for SMEs, to adapt to the new stan­dard. As Chair­man of the
meet­ing, I asked whether it might not be prefer­able to post­pone the date of ces­sa­tion of
pre­sump­tion of con­for­mi­ty for EN 954–1.
In response to this sug­ges­tion, on 30 July 2009, Mr. Steiger wrote to the Com­mis­sion, on
behalf of the CEN Machin­ery Sec­tor, to request that the date of ces­sa­tion of pre­sump­tion of
con­for­mi­ty for EN 954–1 be excep­tion­al­ly post­poned until 31 Decem­ber 2012 […].
The Com­mis­sion will reply to this request from CEN. How­ev­er, giv­en the com­plex­i­ty of the
issues involved, the Com­mis­sion intends to con­sult experts and to seek the opin­ion of the
Machin­ery Work­ing Group to be held on 7 and 8 Decem­ber 2009, before reach­ing a final
deci­sion.
Kind regards,
Ian FRASER
—————

Thanks again to Glyn Gar­side and the EMC-PSTC List Serv­er!

Why Conventional EMC Testing is Insufficient for Functional Safety

At the recent PSES Sym­po­sium, I attend­ed a cou­ple of inter­est­ing work­shops on EMC and Func­tion­al Safe­ty. One was called “Work­shop on EMC & Func­tion­al Safe­ty” pre­sent­ed by Kei­th Arm­strong, Bill Radasky and Jacques Dela­balle. The oth­er was a paper pre­sen­ta­tion called “Why Con­ven­tion­al EMC Test­ing is Insuf­fi­cient for Func­tion­al Safe­ty” pre­sent­ed by Kei­th Arm­strong.

For read­ers who are new to the idea of Func­tion­al Safe­ty, this field deals

At the recent PSES Sym­po­sium, I attend­ed a cou­ple of inter­est­ing work­shops on EMC and Func­tion­al Safe­ty. One was called “Work­shop on EMC & Func­tion­al Safe­ty” pre­sent­ed by Kei­th Arm­strong, Bill Radasky and Jacques Dela­balle. The oth­er was a paper pre­sen­ta­tion called “Why Con­ven­tion­al EMC Test­ing is Insuf­fi­cient for Func­tion­al Safe­ty” pre­sent­ed by Kei­th Arm­strong.

For read­ers who are new to the idea of Func­tion­al Safe­ty, this field deals with the abil­i­ty of a prod­uct or sys­tem to func­tion in it’s intend­ed use envi­ron­ment, or in any fore­see­able use envi­ron­ments, while reli­ably pro­vid­ing the pro­tec­tion required by the users. Here’s the for­mal def­i­n­i­tion tak­en from IEC 61508–4:1998:


3.1.9
func­tion­al safe­ty
part of the over­all safe­ty relat­ing to the EUC and the EUC con­trol sys­tem which depends on the cor­rect func­tion­ing of the E/E/PE safe­ty-relat­ed sys­tems, oth­er tech­nol­o­gy safe­ty-relat­ed sys­tems and exter­nal risk reduc­tion facil­i­ties

3.2.3
equip­ment under con­trol (EUC)
equip­ment, machin­ery, appa­ra­tus or plant used for man­u­fac­tur­ing, process, trans­porta­tion, med­ical or oth­er activ­i­ties

NOTE — The EUC con­trol sys­tem is sep­a­rate and dis­tinct from the EUC.

Table 1: (E/E/PE) elec­tri­cal / elec­tron­ic / pro­gram­ma­ble elec­tron­ic

Reli­a­bil­i­ty require­ments are found in two key stan­dards, ISO 13849 and IEC 61508. These two stan­dards over­lap to some degree, and do not define reli­a­bil­i­ty cat­e­gories in the same way, which fre­quent­ly leads to con­fu­sion. In addi­tion there is a Machin­ery Sec­tor Spe­cif­ic stan­dard based on IEC 61508, called IEC 62061, Safe­ty of machin­ery – Func­tion­al safe­ty of safe­ty-relat­ed elec­tri­cal, elec­tron­ic and pro­gram­ma­ble elec­tron­ic con­trol sys­tems. These three stan­dards make ref­er­ence to EM effects on sys­tems but do not pro­vide guid­ance on how to assess these phe­nom­e­na. This is where IEC TS 61000–1-2 comes into play.

All three experts are mem­bers of IEC TC 77 and are direct­ly engaged in writ­ing the sec­ond edi­tion of IEC TS 61000–1-2 (more info on this at the bot­tom of this post). This IEC Tech­ni­cal Spec­i­fi­ca­tion deals with elec­tro­mag­net­ic (EM) effects on equip­ment that result in func­tion­al safe­ty prob­lems, like fail­ures in guard­ing cir­cuits, or fail­ures in some of the new pro­gram­ma­ble safe­ty sys­tems. This is becom­ing an increas­ing­ly impor­tant issue as pro­gram­ma­ble con­trols migrate into the tra­di­tion­al­ly hard­wired safe­ty world. In fact, Kei­th point­ed out that EM effects are present even in many of our “tried and true” cir­cuits, but the fail­ures have been incor­rect­ly attrib­uted to oth­er phe­nom­e­na because most elec­tri­cal engi­neers have not been used to think­ing about these phe­nom­e­na, espe­cial­ly in 24Vdc relay-based con­trol cir­cuits.

In the work­shop, the pre­sen­ters dis­cussed a typ­i­cal prod­uct life cycle, then went on to explore the typ­i­cal envi­ron­ments that a prod­uct may be exposed to, includ­ing the EM and phys­i­cal envi­ron­ments. They went on to dis­cuss the need for an EMC-relat­ed Risk Assess­ment and then fin­ished up by look­ing at Elec­tro­mag­net­ic Safe­ty Plan­ning. The whole work­shop took the entire sec­ond day of the Sym­po­sium.

A key point in the work­shop is that con­ven­tion­al EMC test­ing can­not prac­ti­cal­ly prove that sys­tems are safe. This is due to the struc­ture of the EMC tests that are nor­mal­ly under­tak­en, includ­ing the use of fixed mod­u­la­tion fre­quen­cies dur­ing immu­ni­ty test­ing, fail­ure to assess inter­mod­u­la­tion effects and many oth­er issues. In addi­tion, EMC test­ing does not and can­not test for aging effects on per­for­mance, wear & tear and oth­er use-relat­ed con­di­tions. The pre­sen­ters dis­cussed a num­ber of ways that these prob­lems could be addressed and ways that test­ing could be extend­ed in selec­tive ways to attack pre­dict­ed vul­ner­a­bil­i­ties. EMC test­ing does not con­sid­er the reli­a­bil­i­ty require­ments of the test­ed prod­uct (i.e. IEC 61508–1 SIL-3 or SIL-4).

On the fol­low­ing morn­ing, Kei­th Arm­strong pre­sent­ed his paper. In this paper, Mr. Arm­strong went into con­sid­er­able detail on the short­com­ings of con­ven­tion­al EMC test­ing when it comes to Func­tion­al Safe­ty. He sug­gest­ed some approach­es that could be used by man­u­fac­tur­ers to address these issues in safe­ty crit­i­cal appli­ca­tions.

The work­shop pre­sen­ta­tions and Mr. Armstong’s paper can be pur­chased through IEEE Xplore for those that did not attend the Sym­po­sium.

The IET has pub­lished a new book, avail­able for free from their web site, enti­tled Elec­tro­mag­net­ic Com­pat­i­bil­i­ty for Func­tion­al Safe­ty. This guide will be reviewed in a future post, so keep read­ing!

Kei­th Arm­strong, Bill Radasky and Jacques Dela­balle are mem­bers of IEC Tech­ni­cal Com­mit­tee 77, writ­ing IEC TS 61000–1-2 Ed 2.0, ELECTROMAGNETIC COMPATIBILITY (EMC) — PART 1–2: GENERALMETHODOLOGY FOR THE ACHIEVEMENT OF THE FUNCTIONAL SAFETY OF ELECTRICAL AND ELECTRONIC EQUIPMENT WITH REGARD TO ELECTROMAGNETIC PHENOMENA. Edi­tion 2 of this stan­dard should be pub­lished by Mar-2009 accord­ing to the IEC.

Kei­th Arm­strong is Prin­ci­pal Con­sul­tant at Cher­ry Clough Con­sul­tants in Broc­ton, UK.

Bill Radasky works with Metat­e­ch Cor­po­ra­tion from his office in Gole­ta, Cal­i­for­nia.

Jacques Dela­balle works for Schnei­der Elec­tric Indus­tries SAS in Greno­ble, France.

2008 IEEE PSES Symposium On Product Compliance Engineering

What a great Sym­po­sium! Dr. June Ander­sen kicked it off with a great keynote, and the rest of the ses­sions were excel­lent!

Last week I was at the 2008 PSES Sym­po­sium in Austin Texas.

This was one of the most suc­cess­ful Sym­posia held by the PSES, with 180 in atten­dance and 15 exhibitors in the hall. Atten­dees came from as far as Argenti­na, the UK and Israel!

Dr. June Ander­sen gave a great keynote address on Mon­day morn­ing, show­ing the group how IBM man­ages world­wide com­pli­ance in more than 180 dif­fer­ent mar­kets. Dr. Andersen’s back­ground is impres­sive, and a bit intim­i­dat­ing. I found her to be a warm, friend­ly and inter­est­ing per­son when we shared break­fast togeth­er before the con­fer­ece opened. Dr. Andersen’s pre­sen­ta­tion will be made avail­able through the PSES web site to mem­bers, so if you would like a copy and you’re not a mem­ber, now is a great time to join!

Kei­th Arm­strong of Cher­ry Clough Con­sul­tants, along with his col­leagues Jacques Dela­balle and Bill Radasky pre­sent­ed an inter­est­ing one-day work­shop on EMC and Func­tion­al Safe­ty, dis­cussing the effects of EMC on the safe­ty relat­ed parts of con­trol sys­tems. On Wednes­day, Kei­th com­plet­ed the series with a short pre­sen­ta­tion on the short­com­ings of con­ven­tion­al EMC test­ing in reveal­ing safe­ty-relat­ed design prob­lems. Def­i­nite­ly a worth­while series! Arm­stron, Dela­balle and Radasky are plan­ning a new work­shop for next-year’s Sym­po­sium in Toron­to that will car­ry on from this year, so if you are inter­est­ed in this area, plan to attend!

There were sev­er­al ses­sions on bat­ter­ies and the on-going work that the bat­tery com­pa­nies and the main bat­tery con­sumers are under­tak­ing to resolve the design and man­u­fac­tur­ing prob­lems that led to the note­book and cell phone fires in the past year. These ses­sions were packed and well reviewed by every­one I spoke with.

There were lots of oth­er pre­sen­ta­tions that I didn’t get a chance to attend — with 40 pre­sen­ta­tions and only one me, it was impos­si­ble to get to every one.

If you missed this year’s Sym­po­sium, start plannng for next year’s in Toron­to — it’s going to be great!