The approved version of ISO 13849 Fourth Edition

Reading time: 6 minutes - Difficulty: Advanced
While the New Machinery Regulation is approved, there is also some activity when it comes to harmonized standards relating to functional safety in the machine world. The final version of ISO 13849 Fourth Edition has been published: as promised in a previous article, find out here our comments.

What's new in Machine Safety

After the publication of the second edition of IEC 62061 in 2021, the publication of the fourth edition of ISO 13849-1 has come in 2023.

The update of ISO 13849 has been much awaited, since, in our experience, users of PL-ISO 13849 are much more numerous than users of SIL-IEC 62061 (​in the machine world).

Here is a list of the variations, compared to the previous edition of ISO 13849:

  • The entire document has been reorganized to facilitate the design and development of control systems
  • New paragraph on risk analysis recommendations (clause 4)
  • Identification of security functions (updated to clause 5)
  • Combination of multiple subsystems (updated to clause 6)
  • New clause 7 on software security requirements
  • New clause 9 on ergonomic aspects of design
  • Validation (updated in clause 8 and moved to clause 10)
  • New Annex G.5 on Functional Safety Management
  • New Annex L on immunity to electromagnetic interference (EMI)
  • New Annex M with additional information for the specification of safety requirements
  • New Annex N on failure prevention measures for safety software design
  • New Annex O with the safety values of the components or parts of the control systems

What are the significant updates compared to the previous edition

Fulfilment of the safety function through the use of subsystems

As with edition IEC 62061:2021, also in the new ISO 13849-1 it is clearly reported that the subsystems compliant with the SIL world (see IEC 62061 and IEC 61508), can also be used in the PL field.

Whereas previously it was just implied, it is now written in black and white in paragraph 4.6.

In our opinion, therefore, it is increasingly important to seek compliance with IEC 61508, as it allows access to a greater number of markets.

Note that SIL devices can be used in PL scope where the application is in High Demand Mode or Continuous Mode. In addition, devices analyzed according to Route 2h should be excluded.

Safety Requirement Specification

In the new ISO 13849-1 edition, more emphasis is placed on the importance of writing safety specifications.

The new edition tries to reorder the information and give a more exhaustive guide on the contents to be reported. Among the requirements listed, here we indicate those that in our opinion have seen a substantial update, or a new introduction.

  1. Safety functions for maintenance activities: In the previous edition, although good practice, it was not explicitly required to also report assessments related to maintenance in the risk analysis. In the new edition, not only is it required to deal with this phase in the risk analysis, but there could also be new safety functions exclusively related to the maintenance phase.
  1. Minimize the temptation of circumventing safety functions: The new 13849-1 expressly requires that during the design phase of the machine (or its part) all the necessary measures be taken to minimize reasons to circumvent a safety function. Recent research has shown that many injuries occur due to the cancellation of safety functions and/or the circumvention of protections.
  1. Remote access: The new standard also introduces an essential, frequently used aspect, i.e. remote access to the machine. The design of the SRP/CS must allow remote access to a machine only if specific measures have been taken to avoid dangerous situations that may occur due to the undetected presence of people in or near the machine.

The safety software of the SRP/CS must not be modifiable via remote access if it is not possible to validate the safety function locally.

Remote access, and more generally cyber security in the industrial field, will also be accepted by the harmonized standards to the Machinery Directive​, after the Machinery Regulation is seeing a substantial update regarding topics related to ​the technological development of machines​ and ​possible risks caused by​ OT​ and AI​​, data exchange between ​IT and OT​ and exposure to ​cyber attacks​ capable of compromising the functioning of systems, and therefore the safety of people​​.

Electromagnetic immunity

As is known, in applications related to functional safety, the devices involved must have a high level of immunity from electromagnetic disturbances: as far as the emission constraints are concerned, these are not to be evaluated, even if this does not imply the need to comply with the legal requirements according to the applicable directives.

Thus, the fourth edition of ISO 13849 provides a precise scheme according to the target to be achieved, recalling standards such as IEC 61000-6-2 for PLb and IEC 61000-6-7 or IEC 61326-3-1 for larger PLs.

Functional Safety Management

In the new ISO 13849 version, a strong reference is made to the management of functional safety, thus aligning with other relevant regulations such as IEC 62061 and IEC 61508.

The user must activate a security plan that contains the measures to prevent problems regarding incorrect specifications, implementations or modifications.

In particular, the functional safety plan must:

  • identify the relevant activities of the SRP/CS design process (specifications, design, integration analysis, testing, verification, validation) and details on when they should take place
  • identify the roles and resources required for the performance and review of each of these activities
  • identify procedures for the release, configuration, documentation and modification of hardware and software projects
  • establish a validation plan
  • identify relevant activities before making any changes
Systematic capacity for software

The new edition is also self-supporting from a software point of view, as it directly indicates the measures and techniques to be applied during development to avoid systematic failures.

Values of components and safety parts

The new ISO 13849 provides ways to characterize the devices used in security functions, and takes 4 categories into consideration:

  • Type 1 device, which has the highest level of integration. Pre-designed safety systems with integrated diagnostics are typical. This type is rated SIL or PL according to its intended use. The device manufacturer specifies the classification.
  • Type 2 device, not necessarily developed in accordance with safety standards; however, this does not exclude application in accordance with ISO 13849-1.
  • Type 3 device, e. components with a failure mode that depends on the operating cycles. Additional application data (number of operations, number of activations, circuit structure, direct current and CCF consideration) are required for the user to evaluate a safety function. Devices of this type are not necessarily developed in accordance with safety standards; however, this does not exclude application in accordance with ISO 13849-1.
  • Type 4 device, which is nothing other than a special kind of type 1. This type has non-random faults that lead to a dangerous fault, which means that the probability of a dangerous fault occurring in the vicinity of PFH is 0.
Finally, for each type of device, the parameters must be made available in the following way:
Characteristic value Type 1 device Type 2 device Type 3 device Type 4 device
PL x
SIL x
PFH x
Category x x x
HFT x x x
MTTFd x
λd x
MTTF x
MTBF x
B10D x
B10 x
RDF O O
SFF O O
T10D x x x
TM x x x

x = mandatory

O = optional